Jump to content

Internet connection lost after "XP Security 2012"


Recommended Posts

I was infected with "Windows XP Security 2012" on Dec 23. After cleaning with ESET and Malwarebytes, I was still blocked from accessing Windows Update. At that point I used TDSSkiller (no infections found) and Combofix (found RootKit ZeroAccess virus and removed it). However, after following alll the Combofix steps, the connection to the internet and local network was completely broken. Next I Restored (using System restore) to a point before Combofix (but not before infections started) - this didn't fix the internet/network. Also tried Connection Repair to no avail. So Primary problem now is not being able to connect to internet or network. I have rescanned with ESET & Malwarebytes -- no infections found by either. DDS.txt is pasted below. Attach.txt is attached.

The infected computer runs Windows XP SP3, ESET Smart Security 5.0. I am doing this post from a laptop computer on the same home network, using a flash drive to transfer files.

Thanks in advance for your help!

DDS.txt below:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Compaq_Owner at 13:30:04 on 2011-12-27

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.410 [GMT -6:00]

.

AV: ESET Smart Security 5.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\IDrive\IDriveE Service.exe

C:\Program Files\IDrive\IDriveWebM.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\IDrive\IDriveETray.exe

C:\Program Files\IDrive\IDriveEBackground.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\system32\SearchIndexer.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://www.intellicast.com/Local/Weather.aspx?location=USMN0704

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/techcenter/security

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [iDriveE Startup] "c:\program files\idrive\IDrvieEStartup.exe" Hide

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [NovaBackup 7 Tray Control] "c:\program files\novastor\novabackup\NbkCtrl.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\idrive~1.lnk - c:\program files\idrive\IDriveEReg2ini.exe

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222582666578

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: Interfaces\{76F6986D-E2C8-4D62-A107-7872D3EDBD7B} : DhcpNameServer = 192.168.2.1

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: ulbrnii - c:\documents and settings\compaq_owner\local settings\application data\ulbrnii.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 118104]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]

R2 IDriveE Service;IDriveE Service;c:\program files\idrive\IDriveE Service.exe [2010-10-8 148936]

R2 IDriveWebM;IDrive WebManager;c:\program files\idrive\IDriveWebM.exe [2010-10-8 267720]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-29 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-29 22216]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]

S3 NdisWDM;Dynex Enhanced Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [2008-2-8 198528]

.

=============== Created Last 30 ================

.

2011-12-27 03:31:17 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-12-27 03:31:17 -------- d-----w- c:\windows\system32\wbem\Repository

2011-12-26 22:31:42 -------- d-sha-r- C:\cmdcons

2011-12-26 22:28:47 98816 ----a-w- c:\windows\sed.exe

2011-12-26 22:28:47 518144 ----a-w- c:\windows\SWREG.exe

2011-12-26 22:28:47 256000 ----a-w- c:\windows\PEV.exe

2011-12-26 22:28:47 208896 ----a-w- c:\windows\MBR.exe

2011-12-26 22:28:22 -------- d-----w- C:\ComboFix

2011-12-26 22:05:04 94896 ----a-w- c:\windows\system32\drivers\21127179.sys

2011-12-25 22:59:32 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-24 01:31:11 6144 ----a-w- c:\windows\~DF40B4.tmp

2011-12-24 01:30:10 6144 ----a-w- c:\windows\~DFE0C3.tmp

2011-12-24 01:16:00 6144 ----a-w- c:\windows\~DF19C9.tmp

2011-12-24 00:51:09 6144 ----a-w- c:\windows\~DFFB67.tmp

2011-12-24 00:50:04 6144 ----a-w- c:\windows\~DF890A.tmp

2011-12-24 00:43:25 -------- d-----w- C:\TeamViewer

.

==================== Find3M ====================

.

2011-12-14 12:39:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-10 09:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2009-04-13 17:43:08 63912 -c--a-w- c:\program files\config.bin

2005-11-14 21:15:04 532480 -c--a-w- c:\program files\cwshredder.exe

.

============= FINISH: 13:30:55.23 ===============

attach.txt

Link to post
Share on other sites

  • 1 month later...

Just to let you know, after several weeks, I tried Combofix a second & third time and the internet connection was repaired. However, a day later, after powering off, the computer would not restart, probably due to a power supply or motherboard issue. So the computer has been retired permanently.

You may remove this topic from the forum.

Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.