Windows could not automatically detect this n

Closed
Renken Posts 12 Registration date Wednesday February 1, 2012 Status Member Last seen August 11, 2012 - Feb 23, 2012 at 10:02 AM
 Anonymous User - Mar 8, 2012 at 05:00 AM
Hello, Guys



Well Lately I Had A Virus And I Deleted It Then After A While I rebooted My Computer And Then I Coudlnt Connect I Clicked Trouble Shoot And "windows could not automatically detect this network's proxy settings " showed up I Saw My Laptop (which Im On Now) I Can connect To Wirelesst But Not On Pc
Please Help Me Guys i Really Appreciate It
Related:

9 responses

Anonymous User
Feb 23, 2012 at 11:42 AM
It should have cured zero access rootkit.You may still be infected.We need more scans to make sure you''re clean.Its upto you to decide
Renken Posts 12 Registration date Wednesday February 1, 2012 Status Member Last seen August 11, 2012 1
Feb 24, 2012 at 03:29 AM
You were Right , today when i turned on the computer i had no internet access And Whenever i
Scan With The Tdsskiller I find A Malware then Reboot And Scan Again And Still the Same Malware So Can You Please Tell Me What To try Now ?
Thanks
0
Anonymous User
Feb 23, 2012 at 10:10 AM
I'm not sure if your PC is clean,lets try to fix your Internet connection and then scan for any remaining infections

Download(copy from another PC)

https://download.bleepingcomputer.com/farbar/FSS.exe

Checkmark

Internet Services

Click on Scan.
Please copy and paste the log to your reply.
Renken Posts 12 Registration date Wednesday February 1, 2012 Status Member Last seen August 11, 2012 1
Feb 23, 2012 at 10:24 AM
hey these are the results of the internet services




Farbar Service Scanner Version: 22-02-2012
Ran by user (administrator) on 23-02-2012 at 18:20:11
Running from "J:\"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2009-07-14 01:12] - [2009-07-14 01:12] - 0338944 ____A () 091116EB35DD3AF55CB74193D49006CB

C:\Windows\system32\Drivers\tdx.sys
[2009-07-14 01:12] - [2009-07-14 01:12] - 0074240 ____A () 2CBC60D6AE6F3597561FE78C6551F0A7

C:\Windows\system32\Drivers\tcpip.sys
[2012-02-02 20:23] - [2010-04-09 09:24] - 1285000 ____A (Microsoft Corporation) 63170B9EE1D0EF0032F0408605671D1A

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
Anonymous User
Feb 23, 2012 at 10:48 AM
From your log i can guess that you're still infected

Download

https://support.kaspersky.com/downloads/utils/tdsskiller.exe

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Restart the PC

Launch FSS again and type

afd.sys;tdx.sys in search BOX

click on search files

Post the generated log

Didn't find the answer you are looking for?

Ask a question
Renken Posts 12 Registration date Wednesday February 1, 2012 Status Member Last seen August 11, 2012 1
Feb 23, 2012 at 11:38 AM
I Cured the 2 Viruses i had ;( Then rebooted it worked lol Maybe i need to replace Mse Antivirus Thanks Alot Man Appreciate Your Help
Anonymous User
Feb 24, 2012 at 05:28 AM
Download

https://download.bleepingcomputer.com/sUBs/ComboFix.exe

Close any open browsers or any other programs that are open.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so(in your case you do not have internet to download it,then ignore it)

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer



In your next post I need the following

* Log from Combofix
* How is the computer doing now?
Renken Posts 12 Registration date Wednesday February 1, 2012 Status Member Last seen August 11, 2012 1
Feb 24, 2012 at 06:32 AM
So Its working Now
0
Renken Posts 12 Registration date Wednesday February 1, 2012 Status Member Last seen August 11, 2012 1
Feb 24, 2012 at 06:33 AM
The Log



ComboFix 12-02-24.01 - user 02/24/2012 14:05:47.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2266 [GMT 2:00]
Running from: J:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\10.mid
c:\users\user\11.mid
c:\users\user\12.mid
c:\users\user\AppData\Roaming\edxLabs
c:\users\user\AppData\Roaming\edxLabs\edxSilkroadLoader\edxSilkroadLoader.ini
c:\users\user\AppData\Roaming\edxLabs\edxSilkroadLoader\ISRO.ini
c:\users\user\AppData\Roaming\searchqutb
c:\users\user\AppData\Roaming\searchqutb\dtx.ini
c:\users\user\AppData\Roaming\searchqutb\games\00d2dfc64c07a4f32824abac1d6f735b
c:\users\user\AppData\Roaming\searchqutb\games\3e4265e00cbc4a9cf22a105046a46d8a
c:\users\user\AppData\Roaming\searchqutb\games\44a5d79f5451d3036ba3986425e234c8
c:\users\user\AppData\Roaming\searchqutb\games\GameCategories.xml
c:\users\user\AppData\Roaming\searchqutb\games\GameTypes.xml
c:\users\user\AppData\Roaming\searchqutb\guid.dat
c:\users\user\AppData\Roaming\searchqutb\log.txt
c:\users\user\AppData\Roaming\searchqutb\preferences.dat
c:\users\user\AppData\Roaming\searchqutb\search\searchqutb-search-history.xml
c:\users\user\AppData\Roaming\searchqutb\stats.dat
c:\users\user\AppData\Roaming\searchqutb\uninstallIE.dat
c:\users\user\AppData\Roaming\searchqutb\version.xml
c:\users\user\AppData\Roaming\searchqutb\weather\82bb45b86eb89c373ef13dd8182681f5
c:\users\user\AppData\Roaming\searchqutb\weather\cf20402416da416ce79b0d111d58d5f8
c:\users\user\AppData\Roaming\searchqutb\weather\dbd93ddf7839cb82ce4cc5c492bb5b36
c:\users\user\AppData\Roaming\searchqutb\weather\forecasts_cache.xml
c:\users\user\AppData\Roaming\searchqutb\weather\observations_cache.xml
c:\users\user\AppData\Roaming\searchqutb\weatherbutton_prefs.xml
c:\users\user\AppData\Roaming\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c
c:\users\user\AppData\Roaming\searchqutb\widgets_cache\bf5b6317ae07da699882fc948f22eda4
c:\users\user\AppData\Roaming\searchqutb\widgets_cache\category_cache.xml
c:\users\user\AppData\Roaming\searchqutb\widgets_cache\widget_cache.xml
c:\users\user\WINDOWS
c:\windows\$NtUninstallKB54681$\3644581569
c:\windows\$NtUninstallKB54681$\4223938141\Desktop.ini
c:\windows\system32\1.txt
c:\windows\system32\jlrinlax.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\Tasks\At1.job
D:\install.exe
.
Infected copy of c:\windows\system32\drivers\csc.sys was found and disinfected
Restored copy from - The cat found it :)
c:\windows\system32\drivers\afd.sys was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_jofaiffg
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 12:09 . 2012-02-24 12:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 12:09 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-23 17:47 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A88CFAC8-6F1B-485D-9CEA-DBFD1828283D}\mpengine.dll
2012-02-23 17:32 . 2012-02-24 09:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-22 18:42 . 2012-02-22 18:42 -------- d-----w- c:\programdata\Local Settings
2012-02-22 10:32 . 2012-02-22 10:32 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-22 10:10 . 2012-02-22 10:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-11 11:22 . 2012-02-02 20:47 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-11 11:22 . 2012-02-11 11:22 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB73CCD8-EBDB-4DBC-979B-37AFA2517136}\gapaengine.dll
2012-02-05 14:52 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-02-05 14:52 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-02-05 14:52 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-02-05 14:52 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-02-05 14:52 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-02-05 14:52 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-02-05 14:52 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-02-05 14:52 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-02-04 20:11 . 2012-02-04 20:11 -------- d-----w- c:\windows\system32\xlive
2012-02-04 20:11 . 2012-02-04 20:11 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2012-02-03 22:50 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-03 22:34 . 2012-02-03 22:35 -------- d-----w- c:\program files\ComicRack
2012-02-03 22:21 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-03 22:21 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-02-03 22:21 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-02-03 22:21 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-02-03 22:21 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-02-03 00:20 . 2012-02-11 11:06 -------- d-----w- c:\program files\BitTorrent
2012-02-02 23:08 . 2012-02-02 23:08 -------- d-----w- c:\program files\SystemRequirementsLab
2012-02-02 23:06 . 2012-02-02 23:06 -------- d-----w- c:\program files\Common Files\Java
2012-02-02 23:06 . 2012-02-02 23:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-02 23:06 . 2012-02-02 23:06 -------- d-----w- c:\program files\Java
2012-02-02 20:17 . 2012-02-02 20:17 -------- d-----w- c:\programdata\NFS Underground
2012-02-02 19:26 . 2012-02-02 19:26 -------- d-----w- c:\program files\Common Files\Steam
2012-02-02 19:21 . 2012-02-02 19:21 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-02 19:21 . 2012-02-02 19:21 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-02-02 19:20 . 2012-02-02 19:21 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-02-02 19:03 . 2012-02-02 19:03 -------- d-----w- c:\program files\Internet Download Manager
2012-02-02 18:30 . 2012-02-02 18:32 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-02-02 18:23 . 2012-02-02 18:23 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-02 18:23 . 2010-04-09 07:24 1285000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-02 18:23 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2012-02-02 17:55 . 2012-02-05 14:53 -------- d-----w- c:\programdata\Ubisoft
2012-02-02 17:29 . 2012-02-02 17:29 -------- d-----w- c:\users\UpdatusUser
2012-02-02 17:29 . 2012-02-02 17:29 -------- d-sh--w- c:\users\NetworkService
2012-02-02 17:29 . 2012-02-02 17:29 -------- d-sh--w- c:\users\LocalService
2012-02-02 17:29 . 2012-02-02 17:29 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2012-02-02 17:29 . 2012-02-02 17:29 -------- d-----w- c:\users\Default\AppData\Local\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2012-02-02 17:13 . 2012-02-02 17:13 -------- d-----w- c:\programdata\ATI
2012-02-02 17:13 . 2012-02-02 17:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-02-02 17:13 . 2012-02-02 17:13 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-02 17:12 . 2012-02-02 17:12 -------- d-----w- c:\program files\AMD APP
2012-02-02 17:12 . 2012-02-02 17:12 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-02-02 17:10 . 2012-02-02 17:10 -------- d-----w- C:\AMD
2012-02-02 16:51 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-02-02 16:51 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2012-02-02 16:50 . 2012-02-02 16:50 -------- d-----w- c:\program files\Microsoft Works
2012-02-02 16:50 . 2012-02-03 22:31 -------- d-----w- c:\program files\Microsoft.NET
2012-02-02 16:50 . 2012-02-02 16:50 -------- d-----w- c:\windows\PCHEALTH
2012-02-02 16:49 . 2012-02-02 16:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-02-02 16:48 . 2012-02-02 16:51 -------- d-----w- c:\programdata\Microsoft Help
2012-02-02 16:48 . 2012-02-02 16:48 -------- d-----r- C:\MSOCache
2012-02-02 16:44 . 2012-02-02 16:44 -------- d-----w- c:\programdata\Yahoo!
2012-02-02 16:44 . 2012-02-02 16:44 -------- d-----w- c:\program files\Yahoo!
2012-02-02 16:41 . 2012-02-02 16:41 -------- d-----w- c:\program files\Common Files\Adobe
2012-02-02 16:40 . 2012-02-02 16:40 -------- d-----w- c:\programdata\Apple Computer
2012-02-02 16:40 . 2012-02-02 16:40 -------- d-----w- c:\windows\system32\Macromed
2012-02-02 16:40 . 2012-02-02 16:40 -------- d-----w- c:\program files\Pure Codec
2012-02-02 16:29 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2012-02-02 16:29 . 2007-09-21 00:52 118784 ----a-w- c:\windows\system32\ac3acm.acm
2012-02-02 16:29 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2012-02-02 16:29 . 2009-04-02 13:21 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2012-02-02 16:29 . 2012-02-02 16:29 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-02-02 16:29 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-02 16:28 . 2012-02-15 18:16 -------- d-sh--w- c:\windows\Installer
2012-02-02 16:27 . 2012-02-02 17:12 -------- d-----w- c:\program files\ATI Technologies
2012-02-02 16:27 . 2012-02-02 16:27 -------- d-----w- c:\program files\ATI
2012-02-02 16:27 . 2012-02-02 16:27 -------- d-----w- C:\swsetup
2012-02-02 16:17 . 2012-02-24 12:10 -------- d-----w- c:\windows\system32\wbem\Performance
2012-02-02 16:10 . 2012-02-24 12:09 -------- d-----w- c:\users\user
2012-01-26 13:42 . 2012-01-27 00:48 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 12:04 . 2009-07-13 23:15 387584 ----a-w- c:\windows\system32\drivers\csc.sys
2012-02-24 09:09 . 2009-07-13 23:45 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-24 09:03 . 2009-07-13 23:12 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-23 17:33 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-01-31 12:44 . 2009-10-14 09:58 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-06 03:44 . 2011-12-06 03:44 9067008 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-12-06 03:17 778752 ----a-w- c:\windows\system32\aticfx32.dll
2011-12-06 03:12 . 2011-12-06 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12 404992 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\system32\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-12-06 03:06 . 2011-12-06 03:06 6159872 ----a-w- c:\windows\system32\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\system32\atioglxx.dll
2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-12-06 02:33 . 2011-12-06 02:33 5919232 ----a-w- c:\windows\system32\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\system32\aticaldd.dll
2011-12-06 02:28 . 2011-12-06 02:28 4206592 ----a-w- c:\windows\system32\atiumdva.dll
2011-12-06 02:18 . 2011-12-06 02:18 51200 ----a-w- c:\windows\system32\coinst.dll
2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:\windows\system32\atigktxx.dll
2011-12-06 02:11 . 2011-12-06 02:11 264192 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2011-12-06 02:11 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2011-12-06 02:11 . 2011-12-06 02:11 29696 ----a-w- c:\windows\system32\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-12-05 20:04 . 2011-12-05 20:04 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2011-12-05 20:03 . 2011-12-05 20:03 54784 ----a-w- c:\windows\system32\OVDecode.dll
2011-12-05 20:03 . 2011-12-05 20:03 14499328 ----a-w- c:\windows\system32\amdocl.dll
2011-12-05 20:02 . 2011-12-05 20:02 44032 ----a-w- c:\windows\system32\OpenCL.dll
2012-01-29 15:55 . 2012-02-02 19:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 19:46 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-01-26 3462552]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"54129"="c:\progra~2\LOCALS~1\Temp\msuruzh.com" [2009-07-14 42656]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-02-02 685816]
R1 MpKslded30e9d;MpKslded30e9d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0E63C6A-4F67-40DC-B828-E04914CAC5B1}\MpKslded30e9d.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-02 242240]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 163328]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-01-27 91936]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-12-06 9067008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 264192]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
plscsi
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3549545748-2438407172-3875115488-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 17:26]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3549545748-2438407172-3875115488-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9rp4903e.default\
FF - prefs.js: browser.startup.homepage - hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ff&clid=206cdeca43b941bb99291237ff2157b7&subid=
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{91E24A22-4F46-E5C1-9522-CE2940F86582} - c:\windows\system32\jlrinlax.dll
HKCU-Run-Steam - d:\skyrim\Skyrim\Steam.exe
SafeBoot-36802418.sys
SafeBoot-48447865.sys
SafeBoot-63365364.sys
SafeBoot-81961895.sys
HKLM_ActiveSetup-{FBC2368E-BF02-AC48-7A8B-8AB8BDBBF9D3} - c:\windows\system32\config\systemprofile\AppData\Roaming\svchost.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.tdx]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3549545748-2438407172-3875115488-1000_Classes\CLSID\{47cd1e50-069a-46c2-9f08-3e55a980cad2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000036
"Therad"=dword:00000017
.
[HKEY_USERS\S-1-5-21-3549545748-2438407172-3875115488-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):34,32,61,01,b1,61,b5,8c,9f,6e,16,e3,31,39,84,79,c4,47,a6,7b,13,
b2,a1,4e,03,e5,8f,cc,67,d9,81,51,8a,90,93,7c,7c,b8,c6,2a,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(584)
c:\windows\system32\mswsock.dll
mswsock.dll 75440000 245760 \\.\globalroot\systemroot\system32\mswsock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-02-24 14:13:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-24 12:13
.
Pre-Run: 23,204,638,720 bytes free
Post-Run: 23,333,314,560 bytes free
.
- - End Of File - - 0E0BD682FDB933D3C03953F222BFB2A9

Thanks For Helping
0
Renken Posts 12 Registration date Wednesday February 1, 2012 Status Member Last seen August 11, 2012 1
Feb 24, 2012 at 06:35 AM
I dont Know why but I Cant Post The Log But Thanks Alot For Helping
0
Anonymous User
Feb 24, 2012 at 06:58 AM
Upload the log to

https://authentification.site

and post the link here
Hi Guys,

I am having the same problem. I have download the the utility from
http://download.bleepingcomputer.com/farbar/FSS.exe and the log is below.

Can anybody advise please?

Many Thanks,
Rod


Farbar Service Scanner Version: 01-03-2012
Ran by Administrator (administrator) on 07-03-2012 at 16:42:03
Running from "D:\"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-03-18 11:57] - [2010-11-20 08:40] - 0338944 ____A () 2639EDA7B2D1B54AC99BDF35A4DDD151

C:\Windows\system32\Drivers\tdx.sys
[2011-03-18 11:57] - [2010-11-20 08:39] - 0074752 ____A () 8E38DC51666F97100024BF2B5B8DA437

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll
[2011-03-18 11:58] - [2010-11-20 12:18] - 0132608 ____N (Microsoft Corporation) 2FE30D71919C51131405797620E0A714

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
Anonymous User
Mar 8, 2012 at 05:00 AM
Download

https://support.kaspersky.com/downloads/utils/tdsskiller.exe

Launch it.Click on change parameters-Select TDLFS file system

Click on Scan".Please post the LOG report(log file should be in your C drive)