Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues.

December 16th, 2010, 07:24 AM
sushi
New Member
Join Date: Dec 2010
Posts: 18
Can't access internet -- "redirecting?"


I'm posting this from my friend's computer on his internet. My computer is connected to the internet (for example, Windows will download updates onto my computer), but my browsers (internet explorer and chrome) can't show any web pages. I took it to the tech support at my school. I don't remember exactly what they said to me, but I remember he used the word "redirect" to describe a program that wasn't allowing me access to the internet. He said he didn't know how to remove it, so here I am looking for help. Any help would be much appreciated. Thank you!
December 16th, 2010, 09:24 AM
touch's Avatar
touch
Malware Removal Team
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595
Hello sushi and welcome to CTH

Using your friends computer, then transfer it via an external drive to your own computer ->

We need to get a comprehensive report of what is present in your system.
Please download DDS: Here

If you are using Firefox, go to the toolbar and click File. Then go down to Save As & click.
Then save it on the desktop. Save as dds.scr
Save as Type : All files

to your Desktop and doubleclick on DDs.scr to run it.
If your security software includes script blocking features, please disable these before you run this utility.

When the scan has finished, two logs will open.
Copy and paste both reports in this topic.
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
December 16th, 2010, 05:48 PM
sushi
New Member
Join Date: Dec 2010
Posts: 18

Hi Touch. Thank you for doing this =)

Here is DDS.txt

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Nicole at 8:35:15.34 on Thu 12/16/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2036.1370 [GMT -8:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService .exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - C:\Users\Nicole\AppData\Local\Temp\low\COUPON~1.DL L
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - C:\Users\Nicole\AppData\Local\Temp\low\CouponsBar. dll
TB: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

============= SERVICES / DRIVERS ===============

R0 DLACDBHE;DLACDBHE;C:\Windows\System32\drivers\DLAC DBHE.SYS [2009-12-28 17776]
R0 DRVECDB;DRVECDB;C:\Windows\System32\drivers\DRVECD B.SYS [2009-12-28 124112]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHl pa64.sys [2009-12-28 53488]
R1 DLARTL_E;DLARTL_E;C:\Windows\System32\drivers\DLAR TL_E.SYS [2009-12-28 41072]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 DLABMFSE;DLABMFSE;C:\Windows\System32\drivers\DLAB MFSE.SYS [2009-12-28 46448]
R2 DLABOIOE;DLABOIOE;C:\Windows\System32\drivers\DLAB OIOE.SYS [2009-12-28 42352]
R2 DLADResE;DLADResE;C:\Windows\System32\drivers\DLAD ResE.SYS [2009-12-28 9968]
R2 DLAIFS_E;DLAIFS_E;C:\Windows\System32\drivers\DLAI FS_E.SYS [2009-12-28 146672]
R2 DLAOPIOE;DLAOPIOE;C:\Windows\System32\drivers\DLAO PIOE.SYS [2009-12-28 35056]
R2 DLAPoolE;DLAPoolE;C:\Windows\System32\drivers\DLAP oolE.SYS [2009-12-28 19824]
R2 DLAUDF_E;DLAUDF_E;C:\Windows\System32\drivers\DLAU DF_E.SYS [2009-12-28 144112]
R2 DLAUDFAE;DLAUDFAE;C:\Windows\System32\drivers\DLAU DFAE.SYS [2009-12-28 135152]
R2 DRVEDDM;DRVEDDM;C:\Windows\System32\drivers\DRVEDD M.SYS [2009-12-28 63984]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService .exe [2008-7-17 161064]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S2 gupdate1ca87f3cfadc2d;Google Update Service (gupdate1ca87f3cfadc2d);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-28 133104]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-18 1255736]

=============== Created Last 30 ================

2010-12-16 06:21:59 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{D7984DEC-03F8-4577-8B7E-DF13B60BA4D1}\mpengine.dll
2010-12-14 00:22:06 -------- d-----w- C:\Windows\pss
2010-12-08 07:22:34 -------- d-----w- C:\9dfaa726a67410a30a7ef3a5c759
2010-12-01 08:25:41 -------- d-----w- C:\c85589ded8ba7df108
2010-12-01 05:13:14 -------- d-----w- C:\Users\Nicole\AppData\Roaming\ICAClient
2010-12-01 05:08:07 73728 ----a-r- C:\Users\Nicole\AppData\Roaming\Microsoft\Installe r\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_ DAEE4C57F54A.exe
2010-12-01 05:08:07 73728 ----a-r- C:\Users\Nicole\AppData\Roaming\Microsoft\Installe r\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
2010-12-01 05:08:04 -------- d-----w- C:\Users\Nicole\AppData\Local\Citrix
2010-11-30 01:04:41 -------- d-----w- C:\Program Files (x86)\Microsoft
2010-11-30 01:04:28 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-11-30 01:03:48 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2010-11-26 02:06:05 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2010-11-26 01:55:20 306 ----a-w- C:\Windows\myClean.bat
2010-11-24 16:46:43 -------- d-----w- C:\5075a37d2f72316a25
2010-11-24 16:28:29 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-24 16:28:28 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-23 22:56:38 -------- d-----w- C:\Users\Nicole\AppData\Roaming\Macrovision
2010-11-23 20:44:34 -------- d-----w- C:\Windows\SysWow64\E177E04D548C4006A465EEB92D3DE0 21
2010-11-23 20:43:36 -------- d-----w- C:\Users\Nicole\Citrix
2010-11-23 20:41:55 -------- d-----w- C:\Users\Nicole\AppData\Local\Downloaded Installations
2010-11-21 20:09:11 -------- d-----w- C:\PROGRA~3\PC Tools

==================== Find3M ====================

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-09-28 23:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2010-09-28 23:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll

============= FINISH: 8:36:00.73 ===============
December 16th, 2010, 05:49 PM
sushi
New Member
Join Date: Dec 2010
Posts: 18

Here is Attach.txt


DDS (Ver_10-12-12.02)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/27/2009 8:37:33 PM
System Uptime: 12/16/2010 8:26:14 AM (0 hours ago)

Motherboard: Dell Inc. | | 0PP476
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | Microprocessor | 1587/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 147 GiB total, 42.863 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: Broadcom USH
Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
Name: Broadcom USH
PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000

==== System Restore Points ===================

RP139: 11/30/2010 9:38:40 PM - Removed Minitab 15 English.
RP140: 11/30/2010 9:48:00 PM - Installed Minitab 15 English.
RP141: 12/1/2010 12:24:53 AM - Windows Update
RP142: 12/1/2010 12:19:36 PM - Windows Update
RP143: 12/1/2010 11:07:53 PM - Windows Update
RP144: 12/2/2010 9:53:20 AM - Windows Update
RP145: 12/2/2010 11:07:39 PM - Windows Update
RP146: 12/3/2010 5:01:57 PM - Windows Update
RP147: 12/4/2010 10:20:09 PM - Windows Update
RP148: 12/6/2010 12:42:58 AM - Windows Update
RP149: 12/6/2010 12:07:25 PM - Windows Update
RP150: 12/6/2010 11:08:11 PM - Windows Update
RP151: 12/7/2010 3:01:49 PM - Windows Update
RP152: 12/7/2010 11:21:49 PM - Windows Update
RP153: 12/8/2010 12:23:10 PM - Windows Update
RP154: 12/8/2010 10:27:43 PM - Windows Update
RP155: 12/8/2010 10:45:51 PM - Windows Update
RP156: 12/12/2010 3:38:09 PM - Windows Update
RP157: 12/12/2010 9:21:14 PM - Windows Update
RP158: 12/15/2010 10:20:49 PM - Windows Update
RP159: 12/15/2010 11:55:11 PM - Windows Update

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Amazing Slow Downer (remove only)
Apple Application Support
Apple Software Update
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Citrix XenApp Web Plugin
Coupon Printer for Windows
Dell Resource CD
Dell Webcam Central
Google Chrome
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 21
kSolo Recorder
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Move Media Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)

==== Event Viewer Messages From Past Week ========

12/16/2010 8:27:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
12/16/2010 8:27:28 AM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error A system call has failed..
12/15/2010 11:57:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2160841).
12/13/2010 8:03:18 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The handle is invalid. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
12/13/2010 5:02:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2010 4:23:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/13/2010 4:23:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/13/2010 4:23:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/13/2010 4:23:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/13/2010 4:23:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr TfFsMon TfSysMon Wanarpv6
12/13/2010 4:04:43 PM, Error: WudfUsbccidDriver [12] - The device generated 507 unknown interrupt(s) in 530 ms. Last Unknown Interrupt Message: 0x8b.
12/13/2010 4:04:43 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The I/O operation has been aborted because of either a thread exit or an application request. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
12/13/2010 4:01:53 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12/13/2010 3:14:21 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/13/2010 3:14:21 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
12/12/2010 9:21:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2160841).

==== End Of File ===========================
December 16th, 2010, 07:03 PM
touch's Avatar
touch
Malware Removal Team
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595
I´ll suggest you check yor proxy settings.

Open your Internet browser window.
Choose "Tools" from your browser’s menu section.
Click "Internet Options" and open the "Connections" tab.
Choose "LAN Settings" to open a new window.
Verify the "Use a Proxy Server for your LAN" box is unchecked.
Click "OK" to finish.

See if you can go online now ?

If you can´t, same procedure with transfer ->

Please download Combofix from: Here
And save to the desktop.

After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
Exit all windows that are currently open on your computer.
To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Post the contents of that log in your next reply

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
December 16th, 2010, 10:16 PM
sushi
New Member
Join Date: Dec 2010
Posts: 18

ComboFix 10-12-16.01 - Nicole 12/16/2010 13:06:32.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2036.1185 [GMT -8:00]
Running from: c:\users\Nicole\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))

2010-12-16 21:10 . 2010-12-16 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-16 06:21 . 2010-11-16 20:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7984DEC-03F8-4577-8B7E-DF13B60BA4D1}\mpengine.dll
2010-12-08 07:22 . 2010-12-08 07:22 -------- d-----w- C:\9dfaa726a67410a30a7ef3a5c759
2010-12-01 08:25 . 2010-12-01 08:25 -------- d-----w- C:\c85589ded8ba7df108
2010-12-01 05:13 . 2010-12-01 05:24 -------- d-----w- c:\users\Nicole\AppData\Roaming\ICAClient
2010-12-01 05:08 . 2010-12-01 05:08 73728 ----a-r- c:\users\Nicole\AppData\Roaming\Microsoft\Installe r\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_ DAEE4C57F54A.exe
2010-12-01 05:08 . 2010-12-01 05:08 73728 ----a-r- c:\users\Nicole\AppData\Roaming\Microsoft\Installe r\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
2010-12-01 05:08 . 2010-12-01 05:08 -------- d-----w- c:\users\Nicole\AppData\Local\Citrix
2010-11-30 01:04 . 2010-11-30 01:04 -------- d-----w- c:\program files (x86)\Microsoft
2010-11-30 01:04 . 2010-11-30 01:04 -------- d-----w- c:\program files (x86)\MSN Toolbar
2010-11-30 01:03 . 2010-11-30 01:04 -------- d-----w- c:\program files (x86)\Bing Bar Installer
2010-11-26 02:06 . 2010-12-14 00:13 -------- d-----w- c:\program files (x86)\PC Tools Security
2010-11-26 01:55 . 2009-08-19 12:08 306 ----a-w- c:\windows\myClean.bat
2010-11-24 16:46 . 2010-11-24 16:46 -------- d-----w- C:\5075a37d2f72316a25
2010-11-24 16:28 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-24 16:28 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-23 22:56 . 2010-11-23 22:56 -------- d-----w- c:\users\Nicole\AppData\Roaming\Macrovision
2010-11-23 20:44 . 2010-11-23 20:51 -------- d-----w- c:\windows\SysWow64\E177E04D548C4006A465EEB92D3DE0 21
2010-11-23 20:43 . 2010-11-23 20:43 -------- d-----w- c:\users\Nicole\Citrix
2010-11-23 20:43 . 2010-11-23 20:43 -------- d-----w- c:\programdata\Macrovision
2010-11-23 20:41 . 2010-11-23 20:41 -------- d-----w- c:\users\Nicole\AppData\Local\Downloaded Installations
2010-11-21 20:09 . 2010-12-14 00:12 -------- d-----w- c:\programdata\PC Tools

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2010-10-19 18:41 . 2009-12-28 04:50 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 23:44 . 2010-09-28 23:44 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2010-09-28 23:44 . 2010-09-28 23:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-18 177448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys [x]
R2 gupdate1ca87f3cfadc2d;Google Update Service (gupdate1ca87f3cfadc2d);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-28 133104]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 22528]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNe tMon.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-18 1255736]
S0 DLACDBHE;DLACDBHE;c:\windows\System32\Drivers\DLAC DBHE.SYS [2007-07-23 17776]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECD B.SYS [2007-07-23 124112]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [2007-07-26 53488]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLAR TL_E.SYS [2007-07-23 41072]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\Drivers\DLAB MFSE.SYS [2007-07-23 46448]
S2 DLABOIOE;DLABOIOE;c:\windows\system32\Drivers\DLAB OIOE.SYS [2007-07-23 42352]
S2 DLADResE;DLADResE;c:\windows\system32\Drivers\DLAD ResE.SYS [2007-07-23 9968]
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\Drivers\DLAI FS_E.SYS [2007-07-23 146672]
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\Drivers\DLAO PIOE.SYS [2007-07-23 35056]
S2 DLAPoolE;DLAPoolE;c:\windows\system32\Drivers\DLAP oolE.SYS [2007-07-23 19824]
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\Drivers\DLAU DF_E.SYS [2007-07-23 144112]
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\Drivers\DLAU DFAE.SYS [2007-07-23 135152]
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDD M.SYS [2007-07-23 63984]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService .exe [2008-07-18 161064]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]

Contents of the 'Scheduled Tasks' folder

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-28 19:22]

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-28 19:22]

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 16329760]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 93728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
------- Supplementary Scan -------
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 k.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 k.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{FF3E9388-AC5C-78BA-ADD2DEDBC8CD3822}\{3A1287C7-66E7-369B-1F735B898390688C}\{D7B36791-6000-8B4A-CB886D7CE3F1E4AE}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,0 0,00,00,9a,27,1e,8a,da,80,81,

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
Completion time: 2010-12-16 13:12:21
ComboFix-quarantined-files.txt 2010-12-16 21:12

Pre-Run: 45,698,023,424 bytes free
Post-Run: 46,059,917,312 bytes free

- - End Of File - - 6578ED45CD7167962727D80D871340E5
December 16th, 2010, 10:17 PM
sushi
New Member
Join Date: Dec 2010
Posts: 18
I checked my proxy settings, and that box was already unchecked. I still can't go online. The combofix.txt is in the above post.
December 17th, 2010, 05:48 AM
touch's Avatar
touch
Malware Removal Team
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595

Click on the Start button.
Click on the Settings menu option.
Click on the Control Panel option.
When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.

You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
Click on the Repair menu option.

Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.
Alternatively, if your network icon also appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair as shown below.

Please, let me know if you can go online now ?
December 17th, 2010, 06:10 AM
sushi
New Member
Join Date: Dec 2010
Posts: 18
The Control Panel option that is closest to "Network Connections" on my computer is "Network and Sharing Center" (I'm running Windows 7 if that makes a difference).

I found a list of possible wireless network connections. I right-clicked it and the options are "Disconnect," "Status," and "Properties." I can't find an option for "Repair." I clicked "Status" and then a window popped up. I clicked "Diagnose" and received the message that "Troubleshooting couldn't identify the problem." I still can't get on the internet.
Reply With Quote
December 18th, 2010, 05:16 AM
touch's Avatar
touch
Malware Removal Team
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595
Ik What happens excactly when you try to get on the internet ?
December 18th, 2010, 05:47 AM
sushi
New Member
Join Date: Dec 2010
Posts: 18
In Chrome, I get the following error message:

Error 105 (net::ERR_NAME_NOT_RESOLVED): The server could not be found.

In internet explorer, I get the message that "Internet Explorer cannot display the webpage" or "The address is not valid" when I try to access the internet.
December 18th, 2010, 06:05 AM
touch's Avatar
touch
Malware Removal Team
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595
The problem is probably caused by unreliable implementation of DNS caching or prefetching in Google Chrome web browser, or buggy coding of Google Chrome’s network I/O (input output) stack.

As a result, turning off and disable DNS pre-fetching may actually solve and fix many web page not loading issue in Google Chrome. Here’s how to disable and turn of DNS prefetching in Google Chrome.

1.In Google Chrome, click on Tools menu (a little wrench icon), then go to Options.
2.Click on the Under the Hood tab.
3.Under “Privacy” section, untick the check box for Use DNS pre-fetching to improve page load performance.

See if you get Chrome on online now ?
December 18th, 2010, 06:12 AM
sushi
New Member
Join Date: Dec 2010
Posts: 18
In Chrome, that box was already unticked. =(
December 18th, 2010, 06:29 AM
touch's Avatar
touch
Malware Removal Team
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595
I´m not sure where the below are located in Win7.

start> my network places > view all connections > right click on loacl area connection > properties> scroll till you find the internet protocol TCP/IP > properties > use the following DNS server address and set the address of your DNS server.
December 18th, 2010, 07:00 AM
sushi
New Member
Join Date: Dec 2010
Posts: 18
From Network and Sharing Center (in the Control Panel), I clicked Change Adapter Settings. Then I right-clicked Local Area Connection and clicked Properties. I have the following two internet protocols in the box:

Internet Protocol Version 6 (TCP/IPv6)
Internet Protocol Version 4 (TCP/IPv4)

I selected the first one (Version 6) and clicked Properties. I don't know what to set as the address of my DNS server though, so I don't know what to put in the box under "Use the following DNS server addresses."
