Solve : Cannot access internet; laptop infected...?

1.	Solve : Cannot access internet; laptop infected...?
Answer» Well, that is good news. I just want to make sure that your computer is clean. Please run these scans and post the LOGS. SUPERAntiSpyware If you already have SUPERAntiSpyware be sure to check for updates before scanning! Download SuperAntispyware Free Edition (SAS) * Double-click the icon on your desktop to run the installer. * When asked to Update the program definitions, click Yes * If you encounter any problems while downloading the updates, manually download and unzip them from here * Next click the Preferences button. •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts * Click the Scanning Control tab. * Under Scanner Options make sure only the FOLLOWING are checked: •Close browsers before scanning •Scan for tracking cookies •Terminate memory threats before quarantining •Please leave the others unchecked •Click the Close button to leave the control center screen. * On the main screen click Scan your computer * On the left check the box for the drive you are scanning. * On the right choose Perform Complete Scan * Click Next to start the scan. Please be patient while it scans your computer. * After the scan is complete a summary box will appear. Click OK * Make sure everything in the white box has a check next to it, then click Next * It will quarantine what it found and if it asks if you want to reboot, click Yes •To retrieve the removal information please do the following: •After reboot, double-click the SUPERAntiSpyware icon on your desktop. •Click Preferences. Click the Statistics/Logs tab. •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. •It will open in your default text editor (preferably Notepad). •Save the notepad file to your desktop by clicking (in notepad) File > Save As... * Save the log somewhere you can easily find it. (normally the desktop) * Click close and close again to exit the program. *Copy and Paste the log in your post. ************************************* Please download Malwarebytes Anti-Malware from here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. ************************************ Download Security Check by screen317** from one of the following links and save it to your desktop. Link 1 Link 2 * Unzip SecurityCheck.zip and a folder named Security Check should appear. * Open the Security Check folder and double-click Security Check.bat * Follow the on-screen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt * Post the contents of that document in your next reply. Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.Okay, SD, following are the logs for SuperAntiSpyware, Malware Bytes, and Security Check: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/29/2010 at 09:33 AM Application Version : 4.43.1000 Core Rules Database Version : 5601 Trace Rules Database Version: 3413 Scan type : Complete Scan Total Scan Time : 02:24:45 Memory items scanned : 746 Memory threats detected : 0 Registry items scanned : 7722 Registry threats detected : 0 File items scanned : 149764 File threats detected : 36 Adware.Tracking Cookie .doubleclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .specificmedia.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .specificclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .specificclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .specificclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .specificclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] ad.yieldmanager.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .invitemedia.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .liveperson.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] sales.liveperson.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .liveperson.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .atdmt.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .invitemedia.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .atdmt.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] ad.yieldmanager.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .invitemedia.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .at.atwola.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ] cdn.eyewonder.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ] ia.media-imdb.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ] C:\Users\Trace\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt C:\Users\Trace\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt C:\Users\Trace\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt And next: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4716 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 9/29/2010 12:17:22 PM mbam-log-2010-09-29 (12-17-22).txt Scan type: Full scan (C:\\|D:\\|E:\\|) Objects scanned: 260921 Time elapsed: 1 hour(s), 30 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And next: Results of screen317's Security Check version 0.99.5 Windows Vista Service Pack 2 (UAC is enabled) Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java(TM) 6 Update 21 Adobe Reader 9.3.4 ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSASCui.exe Windows Defender MSASCui.exe Alwil Software Avast5 AvastSvc.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` What do you think, SD? Am I fixed? Let me know. -TracePlease download ComboFix from BleepingComputer.com Alternate link: GeeksToGo.com *Rename ComboFix.exe to commy.exe* before you save it to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install. When finished, it shall PRODUCE a log for you. Please include the contents of C:\ComboFix.txt** in your next reply. If you have problems with ComboFix usage, see How to use ComboFixI too was having the same problem and was getting nowhere fast in getting this fixed. I have an Aspire 3690 running MSXPMCE that worked fine when hard-wired but would not when using wireless. I think some one mentioned registry errors and winsock issues. I believe they are correct since my laptop is now working via wireless. Today, I did the following to correct the prroblem: First, I downloaded the Norton Internet security removal tool and removed Norton (latest version). This was to see if Norton was causing the issue. After removal, I tried connecting via wireless but no go. Second, I connected via hard-wire and downloaded the Winsockfix program and ran it on the laptop. It ran maybe for 3 seconds. Third, I disconnected the hard-wire connection to go wireless and it worked. Everything worked like it should. Fourth, I reinstalled the Norton Internet security to see if it would affect the wireless but it did not. The wireless connection is still working fine. Prior to this I also ran Registry Mechanic by PCTools which did fix over 300 registry errors but the wireless still would not work. Maybe it is a problem with the winsock file registry? I think you guys will know better about this than me though. Without you guys I'd be still messing around without a clue. Great job and many kudos.Hey, SD. My log from Combofix follows: ComboFix 10-10-01.01 - Trace 10/01/2010 19:39:39.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1195 [GMT -6:00] Running from: c:\users\Trace\Desktop\Commy.exe SP: SUPERAntiSpyware disabled (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 ))))))))))))))))))))))))))))))) . 2010-10-02 01:50 . 2010-10-02 01:50--------d-----w-c:\users\Public\AppData\Local\temp 2010-10-02 01:50 . 2010-10-02 01:50--------d-----w-c:\users\Default\AppData\Local\temp 2010-10-02 01:02 . 2010-10-02 01:12--------d-----w-C:\Commy11548C 2010-10-01 16:33 . 2010-10-01 16:46--------d-----w-C:\Commy 2010-09-29 12:49 . 2010-09-29 12:49--------d-----w-c:\program files\Common Files\Macrovision Shared 2010-09-29 12:48 . 2008-04-07 11:3822872----a-r-c:\windows\system32\AdobePDFUI.dll 2010-09-29 06:08 . 2010-06-22 13:302048----a-w-c:\windows\system32\tzres.dll 2010-09-28 02:17 . 2010-09-28 02:17--------d-----w-c:\program files\iPod 2010-09-28 02:17 . 2010-09-28 02:18--------d-----w-c:\program files\iTunes 2010-09-28 02:15 . 2010-09-28 02:16--------d-----w-c:\program files\QuickTime 2010-09-28 02:15 . 2010-09-28 02:15--------d-----w-c:\program files\Apple Software Update 2010-09-28 02:13 . 2010-09-28 02:13--------d-----w-c:\program files\Bonjour 2010-09-28 02:13 . 2010-09-28 02:17--------d-----w-c:\program files\Common Files\Apple 2010-09-25 14:12 . 2010-09-25 14:12--------d-----w-c:\program files\Feedback Tool 2010-09-24 18:22 . 2010-10-02 01:50--------d-----w-c:\users\Trace\AppData\Local\temp 2010-09-24 08:51 . 2010-09-24 08:5173000----a-w-c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe 2010-09-22 23:49 . 2010-09-22 23:49388096----a-r-c:\users\Trace\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-22 23:49 . 2010-09-22 23:49--------d-----w-c:\program files\Trend Micro 2010-09-22 23:33 . 2010-09-22 23:33--------d-----w-c:\program files\Common Files\Java 2010-09-22 22:52 . 2010-09-22 22:52--------d-----w-c:\users\Trace\AppData\Roaming\Malwarebytes 2010-09-22 22:52 . 2010-04-29 21:3938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-22 22:52 . 2010-09-22 22:52--------d-----w-c:\programdata\Malwarebytes 2010-09-22 22:52 . 2010-09-22 22:52--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2010-09-22 22:52 . 2010-04-29 21:3920952----a-w-c:\windows\system32\drivers\mbam.sys 2010-09-22 20:05 . 2010-09-29 13:0663488----a-w-c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-09-22 20:05 . 2010-09-22 20:0552224----a-w-c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-09-22 20:05 . 2010-09-29 13:06117760----a-w-c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-09-22 20:04 . 2010-09-22 20:04--------d-----w-c:\programdata\SUPERAntiSpyware.com 2010-09-22 20:04 . 2010-09-22 20:04--------d-----w-c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com 2010-09-22 20:04 . 2010-09-22 20:05--------d-----w-c:\program files\SUPERAntiSpyware 2010-09-22 20:00 . 2010-09-22 20:00--------d-----w-c:\program files\CCleaner 2010-09-22 15:07 . 2010-09-07 14:4717744----a-w-c:\windows\system32\drivers\aswFsBlk.sys 2010-09-22 15:07 . 2010-09-07 14:52165584----a-w-c:\windows\system32\drivers\aswSP.sys 2010-09-22 15:07 . 2010-09-07 14:4723376----a-w-c:\windows\system32\drivers\aswRdr.sys 2010-09-22 15:07 . 2010-09-07 14:5246672----a-w-c:\windows\system32\drivers\aswTdi.sys 2010-09-22 15:07 . 2010-09-07 14:4750768----a-w-c:\windows\system32\drivers\aswMonFlt.sys 2010-09-22 15:06 . 2010-09-07 15:1238848----a-w-c:\windows\avastSS.scr 2010-09-22 15:06 . 2010-09-07 15:11167592----a-w-c:\windows\system32\aswBoot.exe 2010-09-22 15:06 . 2010-09-22 15:06--------d-----w-c:\programdata\Alwil Software 2010-09-22 15:06 . 2010-09-22 15:06--------d-----w-c:\program files\Alwil Software 2010-09-20 19:58 . 2010-09-20 19:58--------d-----w-c:\users\Trace\MSYNC 2010-09-15 17:51 . 2010-04-16 16:46502272----a-w-c:\windows\system32\usp10.dll 2010-09-15 17:50 . 2010-08-17 14:11128000----a-w-c:\windows\system32\spoolsv.exe 2010-09-15 17:50 . 2010-04-05 17:02317952----a-w-c:\windows\system32\MP4SDECD.DLL 2010-09-15 17:49 . 2010-05-27 20:08739328----a-w-c:\windows\system32\inetcomm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-29 15:43 . 2007-12-18 03:54112376----a-w-c:\users\Trace\AppData\Local\GDIPFONTCACHEV1.DAT 2010-09-29 12:49 . 2008-03-22 02:37--------d-----w-c:\program files\Common Files\Adobe 2010-09-29 12:49 . 2006-11-02 10:2551200----a-w-c:\windows\Inf\infpub.dat 2010-09-29 12:49 . 2006-11-02 10:25143360----a-w-c:\windows\Inf\infstrng.dat 2010-09-29 12:49 . 2006-11-02 10:25143360----a-w-c:\windows\Inf\infstor.dat 2010-09-28 00:46 . 2007-04-10 10:02--------d-----w-c:\programdata\Symantec 2010-09-24 20:54 . 2008-02-26 01:551356----a-w-c:\users\Trace\AppData\Local\d3d9caps.dat 2010-09-24 20:16 . 2008-07-28 18:04--------d-----w-c:\programdata\Microsoft Help 2010-09-22 23:25 . 2010-06-27 16:49423656----a-w-c:\windows\system32\deployJava1.dll 2010-09-22 23:25 . 2008-02-13 20:23--------d-----w-c:\program files\Java 2010-09-21 23:21 . 2009-03-15 22:31--------d-----w-c:\programdata\Spybot - Search & Destroy 2010-09-21 23:15 . 2007-04-10 09:04--------d--h--w-c:\program files\InstallShield Installation Information 2010-09-21 22:50 . 2009-03-15 22:34--------d-----w-c:\programdata\Lavasoft 2010-09-21 22:10 . 2008-01-29 23:10--------d-----w-c:\program files\Google 2010-09-16 09:01 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail 2010-07-28 00:44 . 2010-07-28 00:4491424----a-w-c:\windows\system32\dnssd.dll 2010-07-28 00:44 . 2010-07-28 00:4475040----a-w-c:\windows\system32\jdns_sd.dll 2010-07-28 00:44 . 2010-07-28 00:44197920----a-w-c:\windows\system32\dnssdX.dll 2010-07-28 00:44 . 2010-07-28 00:44107808----a-w-c:\windows\system32\dns-sd.exe 2003-08-01 21:54 . 2009-09-06 18:2325852----a-w-c:\program files\TURNBB__.TTF . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Google Update"="c:\users\Trace\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-28 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-01-06 717296] S1 aswSP;aswSP; S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688] S2 aswFsBlk;aswFsBlk; S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmtREG_MULTI_SZ hpqcxs08 LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048087957-2194321304-3991422104-1000Core.job - c:\users\Trace\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 02:01] 2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048087957-2194321304-3991422104-1000UA.job - c:\users\Trace\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 02:01] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-01 19:50 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (EVERYONE) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-10-01 19:52:29 ComboFix-quarantined-files.txt 2010-10-02 01:52 ComboFix2.txt 2010-10-02 01:12 ComboFix3.txt 2010-10-01 16:46 ComboFix4.txt 2010-09-24 20:44 ComboFix5.txt 2010-10-02 01:38 Pre-Run: 15,775,641,600 bytes free Post-Run: 15,740,796,928 bytes free - - End Of File - - C403EDB12089BB9E312013C59EAF5EE0 Let me know what to do next. Thanks! -TraceOnly a couple more scans to go. Please download 7-Zip and install it. If you already have it, no need to reinstall. Then, download RootkitUnhooker and save the setup to your Desktop. Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU*" Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish. Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.) It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin. Once inside the interface, do not fix anything. Click on the Report tab. Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK. It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled. When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

Answer»

Well, that is good news. I just want to make sure that your computer is clean. Please run these scans and post the LOGS.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the FOLLOWING are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************
Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.Okay, SD, following are the logs for SuperAntiSpyware, Malware Bytes, and Security Check:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/29/2010 at 09:33 AM

Application Version : 4.43.1000

Core Rules Database Version : 5601
Trace Rules Database Version: 3413

Scan type : Complete Scan
Total Scan Time : 02:24:45

Memory items scanned : 746
Memory threats detected : 0
Registry items scanned : 7722
Registry threats detected : 0
File items scanned : 149764
File threats detected : 36

Adware.Tracking Cookie
.doubleclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificmedia.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
sales.liveperson.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
cdn.eyewonder.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
ia.media-imdb.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
C:\Users\Trace\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Trace\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Trace\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt

And next:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4716

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

9/29/2010 12:17:22 PM
mbam-log-2010-09-29 (12-17-22).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 260921
Time elapsed: 1 hour(s), 30 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And next:

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Reader 9.3.4
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

What do you think, SD? Am I fixed?

Let me know.

-TracePlease download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall PRODUCE a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFixI too was having the same problem and was getting nowhere fast in getting this fixed. I have an Aspire 3690 running MSXPMCE that worked fine when hard-wired but would not when using wireless. I think some one mentioned registry errors and winsock issues. I believe they are correct since my laptop is now working via wireless. Today, I did the following to correct the prroblem:

First, I downloaded the Norton Internet security removal tool and removed Norton (latest version). This was to see if Norton was causing the issue. After removal, I tried connecting via wireless but no go.

Second, I connected via hard-wire and downloaded the Winsockfix program and ran it on the laptop. It ran maybe for 3 seconds.

Third, I disconnected the hard-wire connection to go wireless and it worked. Everything worked like it should.

Fourth, I reinstalled the Norton Internet security to see if it would affect the wireless but it did not. The wireless connection is still working fine.

Prior to this I also ran Registry Mechanic by PCTools which did fix over 300 registry errors but the wireless still would not work. Maybe it is a problem with the winsock file registry? I think you guys will know better about this than me though. Without you guys I'd be still messing around without a clue.

Great job and many kudos.Hey, SD.

My log from Combofix follows:

ComboFix 10-10-01.01 - Trace 10/01/2010 19:39:39.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1195 [GMT -6:00]
Running from: c:\users\Trace\Desktop\Commy.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.

2010-10-02 01:50 . 2010-10-02 01:50--------d-----w-c:\users\Public\AppData\Local\temp
2010-10-02 01:50 . 2010-10-02 01:50--------d-----w-c:\users\Default\AppData\Local\temp
2010-10-02 01:02 . 2010-10-02 01:12--------d-----w-C:\Commy11548C
2010-10-01 16:33 . 2010-10-01 16:46--------d-----w-C:\Commy
2010-09-29 12:49 . 2010-09-29 12:49--------d-----w-c:\program files\Common Files\Macrovision Shared
2010-09-29 12:48 . 2008-04-07 11:3822872----a-r-c:\windows\system32\AdobePDFUI.dll
2010-09-29 06:08 . 2010-06-22 13:302048----a-w-c:\windows\system32\tzres.dll
2010-09-28 02:17 . 2010-09-28 02:17--------d-----w-c:\program files\iPod
2010-09-28 02:17 . 2010-09-28 02:18--------d-----w-c:\program files\iTunes
2010-09-28 02:15 . 2010-09-28 02:16--------d-----w-c:\program files\QuickTime
2010-09-28 02:15 . 2010-09-28 02:15--------d-----w-c:\program files\Apple Software Update
2010-09-28 02:13 . 2010-09-28 02:13--------d-----w-c:\program files\Bonjour
2010-09-28 02:13 . 2010-09-28 02:17--------d-----w-c:\program files\Common Files\Apple
2010-09-25 14:12 . 2010-09-25 14:12--------d-----w-c:\program files\Feedback Tool
2010-09-24 18:22 . 2010-10-02 01:50--------d-----w-c:\users\Trace\AppData\Local\temp
2010-09-24 08:51 . 2010-09-24 08:5173000----a-w-c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-22 23:49 . 2010-09-22 23:49388096----a-r-c:\users\Trace\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-22 23:49 . 2010-09-22 23:49--------d-----w-c:\program files\Trend Micro
2010-09-22 23:33 . 2010-09-22 23:33--------d-----w-c:\program files\Common Files\Java
2010-09-22 22:52 . 2010-09-22 22:52--------d-----w-c:\users\Trace\AppData\Roaming\Malwarebytes
2010-09-22 22:52 . 2010-04-29 21:3938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 22:52 . 2010-09-22 22:52--------d-----w-c:\programdata\Malwarebytes
2010-09-22 22:52 . 2010-09-22 22:52--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2010-09-22 22:52 . 2010-04-29 21:3920952----a-w-c:\windows\system32\drivers\mbam.sys
2010-09-22 20:05 . 2010-09-29 13:0663488----a-w-c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-22 20:05 . 2010-09-22 20:0552224----a-w-c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-22 20:05 . 2010-09-29 13:06117760----a-w-c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-22 20:04 . 2010-09-22 20:04--------d-----w-c:\programdata\SUPERAntiSpyware.com
2010-09-22 20:04 . 2010-09-22 20:04--------d-----w-c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com
2010-09-22 20:04 . 2010-09-22 20:05--------d-----w-c:\program files\SUPERAntiSpyware
2010-09-22 20:00 . 2010-09-22 20:00--------d-----w-c:\program files\CCleaner
2010-09-22 15:07 . 2010-09-07 14:4717744----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2010-09-22 15:07 . 2010-09-07 14:52165584----a-w-c:\windows\system32\drivers\aswSP.sys
2010-09-22 15:07 . 2010-09-07 14:4723376----a-w-c:\windows\system32\drivers\aswRdr.sys
2010-09-22 15:07 . 2010-09-07 14:5246672----a-w-c:\windows\system32\drivers\aswTdi.sys
2010-09-22 15:07 . 2010-09-07 14:4750768----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2010-09-22 15:06 . 2010-09-07 15:1238848----a-w-c:\windows\avastSS.scr
2010-09-22 15:06 . 2010-09-07 15:11167592----a-w-c:\windows\system32\aswBoot.exe
2010-09-22 15:06 . 2010-09-22 15:06--------d-----w-c:\programdata\Alwil Software
2010-09-22 15:06 . 2010-09-22 15:06--------d-----w-c:\program files\Alwil Software
2010-09-20 19:58 . 2010-09-20 19:58--------d-----w-c:\users\Trace\MSYNC
2010-09-15 17:51 . 2010-04-16 16:46502272----a-w-c:\windows\system32\usp10.dll
2010-09-15 17:50 . 2010-08-17 14:11128000----a-w-c:\windows\system32\spoolsv.exe
2010-09-15 17:50 . 2010-04-05 17:02317952----a-w-c:\windows\system32\MP4SDECD.DLL
2010-09-15 17:49 . 2010-05-27 20:08739328----a-w-c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 15:43 . 2007-12-18 03:54112376----a-w-c:\users\Trace\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-29 12:49 . 2008-03-22 02:37--------d-----w-c:\program files\Common Files\Adobe
2010-09-29 12:49 . 2006-11-02 10:2551200----a-w-c:\windows\Inf\infpub.dat
2010-09-29 12:49 . 2006-11-02 10:25143360----a-w-c:\windows\Inf\infstrng.dat
2010-09-29 12:49 . 2006-11-02 10:25143360----a-w-c:\windows\Inf\infstor.dat
2010-09-28 00:46 . 2007-04-10 10:02--------d-----w-c:\programdata\Symantec
2010-09-24 20:54 . 2008-02-26 01:551356----a-w-c:\users\Trace\AppData\Local\d3d9caps.dat
2010-09-24 20:16 . 2008-07-28 18:04--------d-----w-c:\programdata\Microsoft Help
2010-09-22 23:25 . 2010-06-27 16:49423656----a-w-c:\windows\system32\deployJava1.dll
2010-09-22 23:25 . 2008-02-13 20:23--------d-----w-c:\program files\Java
2010-09-21 23:21 . 2009-03-15 22:31--------d-----w-c:\programdata\Spybot - Search & Destroy
2010-09-21 23:15 . 2007-04-10 09:04--------d--h--w-c:\program files\InstallShield Installation Information
2010-09-21 22:50 . 2009-03-15 22:34--------d-----w-c:\programdata\Lavasoft
2010-09-21 22:10 . 2008-01-29 23:10--------d-----w-c:\program files\Google
2010-09-16 09:01 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail
2010-07-28 00:44 . 2010-07-28 00:4491424----a-w-c:\windows\system32\dnssd.dll
2010-07-28 00:44 . 2010-07-28 00:4475040----a-w-c:\windows\system32\jdns_sd.dll
2010-07-28 00:44 . 2010-07-28 00:44197920----a-w-c:\windows\system32\dnssdX.dll
2010-07-28 00:44 . 2010-07-28 00:44107808----a-w-c:\windows\system32\dns-sd.exe
2003-08-01 21:54 . 2009-09-06 18:2325852----a-w-c:\program files\TURNBB__.TTF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Trace\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-28 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-01-06 717296]
S1 aswSP;aswSP;

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmtREG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048087957-2194321304-3991422104-1000Core.job
- c:\users\Trace\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 02:01]

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048087957-2194321304-3991422104-1000UA.job
- c:\users\Trace\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 02:01]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-01 19:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (EVERYONE)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-01 19:52:29
ComboFix-quarantined-files.txt 2010-10-02 01:52
ComboFix2.txt 2010-10-02 01:12
ComboFix3.txt 2010-10-01 16:46
ComboFix4.txt 2010-09-24 20:44
ComboFix5.txt 2010-10-02 01:38

Pre-Run: 15,775,641,600 bytes free
Post-Run: 15,740,796,928 bytes free

- - End Of File - - C403EDB12089BB9E312013C59EAF5EE0

Let me know what to do next.

Thanks!

-TraceOnly a couple more scans to go.

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
Once inside the interface, do not fix anything. Click on the Report tab.
Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

Solve : Cannot access internet; laptop infected...?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment