Jump to content

Removed virus, now cannot connect to internet


TP143
 Share

Recommended Posts

Hello and thanks in advance,

I recently had a 2012 Security virus that I removed with Malwarebytes but since then I have not been able to connect to the internet. I am sure my internet is working properly since I have been able to connect with other devices. I noticed my IP Address begins with 169, which my internet support staff believes is causing my internet issue. I have tried IPConfig renew and system restore point but neither fixed the issue. Please let me know what I need to do.

Thank you!

Having not heard anything I will post my ComboFix log. Please let me know next steps.

ComboFix 11-11-18.02 - Administrator 11/18/2011 22:22:07.9.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.643 [GMT -7:00]

Running from: F:\ComboFix.exe

AV: PC Tools AntiVirus Free *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {56C7CF68-344F-40AA-8ED8-22990AEC7AEC}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {B1E53AA1-B418-47D8-8693-F254A4207F0E}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {D7AD68D6-3590-41F2-9063-412DFEC86E73}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\CSC\d6

.

.

((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))

.

.

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\XTGN9zRBoEViSuA

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\v4tgnL3fI2dUs0T

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\PwscY0qxGzF9R8

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\iscYHqaY0a

2011-11-05 17:04 . 2011-11-05 17:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-26 04:22 . 2011-08-17 01:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 17:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 17:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 23:00 . 2011-04-16 13:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-05_21.29.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-19 04:53 . 2011-11-19 04:53 16384 c:\windows\Temp\Perflib_Perfdata_2b8.dat

+ 2004-08-04 12:00 . 2011-11-17 00:10 72454 c:\windows\system32\perfc009.dat

+ 2011-06-20 15:06 . 2011-11-18 03:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2011-06-20 15:06 . 2011-09-10 16:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2010-02-24 07:55 . 2011-11-18 03:02 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2010-02-24 07:55 . 2011-09-10 16:41 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-11-06 21:28 . 2011-11-18 03:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2011-06-20 15:06 . 2011-09-10 16:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2011-11-16 04:29 . 2011-11-16 04:31 186096 c:\windows\system32\Restore\rstrlog.dat

+ 2004-08-04 12:00 . 2011-11-17 00:10 443042 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-20 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-07 202256]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"wltrysvc"=2 (0x2)

"sp_rssrv"=2 (0x2)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"gusvc"=3 (0x3)

"avg8wd"=2 (0x2)

"avg8emc"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"46692:TCP"= 46692:TCP:Ares

"46692:UDP"= 46692:UDP:ares

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/15/2010 11:33 PM 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [9/15/2010 11:33 PM 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [9/15/2010 11:33 PM 656320]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [8/16/2011 6:57 PM 233976]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3/13/2010 9:59 AM 142592]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [8/16/2011 6:57 PM 337872]

R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2/6/2003 6:23 PM 59328]

S0 npnnl;npnnl; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 12:01 AM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 12:01 AM 135664]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [8/16/2011 6:57 PM 371472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

.

2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 07:00]

.

2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 07:00]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-18 22:32

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4235610342-271663471-2262188678-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,5d,b5,d3,e0,66,ae,49,9e,4a,72,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,5d,b5,d3,e0,66,ae,49,9e,4a,72,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(936)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'lsass.exe'(992)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

- - - - - - - > 'explorer.exe'(1244)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-11-18 22:37:33

ComboFix-quarantined-files.txt 2011-11-19 05:37

ComboFix2.txt 2011-11-05 21:39

ComboFix3.txt 2011-06-18 02:38

ComboFix4.txt 2011-06-17 05:00

ComboFix5.txt 2011-11-19 05:19

.

Pre-Run: 12,381,016,064 bytes free

Post-Run: 12,371,058,688 bytes free

.

- - End Of File - - 4A755A1410BB02ABB921962D7A0EB222

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.