cant conect to internet on a laptop that had win32.2urface.bho and win32.downloader

**eddiemac1** · 2013-07-28, 00:35

hi

i am having issues with a lap top that was infected by

win32.2urface.bho and
win32.downloader.gen

the laptop belongs a friend of mine and she was having issues connecting to the internet. i said i would help her out thinking it was going to be something simple but unfortunately it was not.

so history of what i have tried is

initially before thought it was infected i noticed some of the drivers were missing on the pc so i attempted a system restore, however the laptop refused t aloow me to pick a restore point. this is when i realised that it was probably infected.

i downloaded spybot and malware bytes and ran them both

spy bot picked up on several toolbars and the two viruses/hijackers

win32.2urface.bho
win32.downloader.gen

it appeared to clear them

i then ran malware bytes and it found a some more things it didnt like and again said it had cleared them

thinking i was being safe i then ran adwcleaner on the lap top

now when ever any of the 3 above products are run they do not return any issues in the results logs

however i am still seeing issues with the drivers in the system manager and i am unable to update the drivers

the laptop will also not connect to the internet or allow me to create a new connection

so i have abviously missed something or messed up along the way and i am looking for assistance in getting rid of the infection

the dds.txt log is here

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576
Run by Tara at 22:52:06 on 2013-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3033.2186 [GMT 1:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\windows\system32\SAsrv.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\System32\WUDFHost.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\USB Camera2\VM332_STI.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\windows\system32\DllHost.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
F:\TotalLock.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k apphost
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /c
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [332BigDog] c:\program files\usb camera2\VM332_STI.EXE
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [IntelWirelessWiMAX] "c:\program files\intel\wimax\bin\WiMAXCU.exe" /tasktray /nosplash
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
dRunOnce: [WLStart] "c:\program files\windows live\installer\wlstart.exe" /nosearch /nohomepage
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: Interfaces\{747F5790-83FD-492F-AFCB-80B6D0FD4166} : DHCPNameServer = 109.249.185.224 109.249.188.32
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2010-8-24 54800]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\intel\wimax\bin\DMAgent.exe [2009-7-30 348160]
R2 SAService;Conexant SmartAudio service;c:\windows\system32\SASrv.exe [2013-7-16 445496]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-7-22 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2013-7-24 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2013-7-24 48192]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\intel\wimax\bin\AppSrv.exe [2009-7-30 815104]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2013-7-24 21520]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\drivers\bpenum.sys [2009-7-30 56320]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 vm332avs;Lenovo Camera2;c:\windows\system32\drivers\vm332avs.sys [2010-8-24 198000]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2010-8-24 11792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IGRS;IGRS; [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-31 260648]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2010-8-24 63240]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-24 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2010-8-24 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2010-8-24 579400]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-24 171520]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-7-18 1817560]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-7-18 1033688]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-7-18 171928]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
S3 WatAdminSvc;Windows Activation Technologies Service; [x]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
.
=============== Created Last 30 ================
.
2013-07-25 23:00:47 -------- d-----w- C:\SWTOOLS
2013-07-25 23:00:21 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-07-25 22:30:08 2506232 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2013-07-25 22:30:07 -------- d-----w- c:\program files\Broadcom Wireless
2013-07-24 22:58:31 48192 ----a-w- c:\windows\system32\drivers\tvtumon.sys
2013-07-24 22:57:48 21520 ----a-w- c:\windows\system32\drivers\AcpiVpc.sys
2013-07-24 22:31:11 -------- d-sh--w- C:\$RECYCLE.BIN
2013-07-24 22:24:00 -------- d-----w- C:\ComboFix
2013-07-24 22:05:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-24 21:27:03 98816 ----a-w- c:\windows\sed.exe
2013-07-24 21:27:03 256000 ----a-w- c:\windows\PEV.exe
2013-07-24 21:27:03 208896 ----a-w- c:\windows\MBR.exe
2013-07-24 21:20:33 388096 ----a-r- c:\users\tara\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-07-24 21:20:33 -------- d-----w- c:\program files\Trend Micro
2013-07-22 20:08:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-07-18 19:28:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-07-18 19:28:15 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-07-18 19:28:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-07-18 17:46:41 -------- d-----w- c:\users\tara\appdata\roaming\Malwarebytes
2013-07-18 17:46:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-18 17:46:30 -------- d-----w- c:\programdata\Malwarebytes
2013-07-18 17:46:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-18 17:46:19 -------- d-----w- c:\users\tara\appdata\local\Programs
2013-07-16 16:02:59 445496 ------w- c:\windows\system32\SASrv.exe
2013-07-16 15:44:12 -------- d-----w- c:\windows\pss
2013-07-16 15:23:34 -------- d-----w- c:\windows\system32\x64
2013-07-16 15:21:24 -------- d-----w- C:\Intel
2013-07-16 15:21:03 -------- d-----w- c:\windows\Downloaded Installations
2013-07-16 15:20:16 -------- d-----w- C:\Drivers
2013-07-12 09:52:37 -------- d-----w- c:\users\tara\appdata\local\{200C9E30-6278-47AD-8ECD-2685A28A5B5C}
2013-07-10 18:31:16 -------- d-----w- c:\users\tara\appdata\local\{C48F28CC-43DA-48FD-BE2A-78D8949A8611}
2013-07-10 18:27:56 -------- d-----w- c:\users\tara\appdata\local\{B8EC8E39-FBFF-44C7-A6F8-1934B23B2068}
2013-07-10 18:07:03 -------- d-----w- c:\users\tara\appdata\local\{A8D94A1B-74DF-4C0F-808E-38D31869D8FD}
2013-07-10 18:02:11 -------- d-----w- C:\inetpub
2013-07-10 17:39:31 -------- d-----w- c:\users\tara\appdata\local\{50A1C149-6357-43E7-B63A-1E1566BC797A}
2013-07-10 17:32:09 -------- d-----w- c:\users\tara\appdata\local\{6182722F-5D67-43A4-862F-39448616D069}
2013-07-06 17:13:56 -------- d-----w- c:\users\tara\appdata\local\{C28D5EC5-A184-4664-B369-5B152ABE5343}
2013-07-03 17:38:12 -------- d-----w- c:\users\tara\appdata\local\{D0C7C66E-CEFD-447E-902E-2E1D36D203E2}
2013-07-03 15:49:38 -------- d-----w- c:\users\tara\appdata\local\{169FE12A-DDE7-4884-9F7A-6E882FE1605D}
2013-06-29 17:07:15 -------- d-----w- c:\users\tara\appdata\local\{E92422B9-55A9-4DD5-B654-75967C7D85A5}
2013-06-28 17:01:38 -------- d-----w- c:\users\tara\appdata\local\{8B5C6F93-A383-4129-B791-E4C3C5D03E44}
2013-06-28 16:54:41 -------- d-----w- c:\users\tara\appdata\local\ElevatedDiagnostics
2013-06-28 16:36:11 -------- d-----w- c:\users\tara\appdata\local\{A1438B7D-A125-4E39-BFB4-51E2B1AEE7AC}
.
==================== Find3M ====================
.
2013-06-08 23:56:00 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-08 23:56:00 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-06-08 23:53:51 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-02 01:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:52:26.40 ===============
attach.zip

spybot log.zip aswMBR.zip

Thread: cant conect to internet on a laptop that had win32.2urface.bho and win32.downloader

Thread Tools

Display

Threaded View

cant conect to internet on a laptop that had win32.2urface.bho and win32.downloader

Posting Permissions