Cannot connect to the Internet - Can't find IP address issue after running Malwarebytes - maybe still have Malware issues?

[Vee]

I ran Malwarebytes and since then, I can't connect to the internet using IE8 or Firefox or any other browser.

I'm doing this on behalf of a friend who has just switched broadband providers and as such seems to have let her anti virus slip so clearly had problems. She had 34 issues come up after the Malware was run which have been removed.

But... since then, we can't get on the internet at all either via wireless or LAN (plugging in wire). I'm writing this from a PC in the house that can connect so there's no issue with the modem or anything.

When I try to connect I get issues with can't acquire an IP address. The operating system is Windows XP, the laptop is and oldish IBM Think Pad.

There is no anti virus on the system - there used to be McAffee and its still there but not fully updated as subscription lapsed (clearly the start of my friend's issues!).

The firewall is on but I get an error when I try to open Windows Firewall it says "Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service."

I've tried to disable and enable the connection, also tried to repair but the error with repair is about not being able to get the IP address.

I ran Malwarebytes again and below are the logs, it says nothing detected:

Malwarebytes' Anti-Malware 1.40

Database version: 2622

Windows 5.1.2600 Service Pack 2

17/08/2009 08:43:50

mbam-log-2009-08-17 (08-43-50).txt

Scan type: Quick Scan

Objects scanned: 96620

Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I also ran Hijackthis and here are the logs:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:23:49, on 17/08/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Support.com\bin\tgcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe

C:\Program Files\McAfee\MSK\MskAgent.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [storageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe

O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://gltadmin.golearnto.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215602168267

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--

End of file - 8288 bytes

I'm NOT technical or experienced (just enthusiastic about trying to learn and help my friend!) - I can just follow specific instructions so if you are kindly able to offer any advice, would appreciate if you give step by step details to help me as otherwise I might be stuck!

Thanks so much!

[miekiemoes]

Hi,

First of all, please uninstall McAfee since you say it's outdated and not properly working anymore. Because this may be the main cause here.

* Download and run the McAfee Consumer Products Removal tool (MCPR.exe).

Running the McAfee Consumer Product Removal tool (MCPR.exe) removes all 2005, 2006, and 2007 versions of McAfee consumer products.

• McAfee Security Center
  
• McAfee VirusScan
  
• McAfee Personal Firewall Plus
  
• McAfee Privacy Service
  
• McAfee SpamKiller
  
• McAfee Wireless Network Security
  
• McAfee SiteAdvisor
  
• McAfee Data Backup
  
• McAfee Network Manager
  
• McAfee Easy Network
  
• McAfee AntiSpyware
  

Download the removal tool from http://download.mcafee.com/products/licens...atches/MCPR.exe

• Click Save and save the file to any folder on the computer.
  
• Navigate to the folder where the file is saved.
  
• Double-click MCPR.exe.
  
• Click Run. A Command Line window will be displayed, and then close automatically. Wait for a second Command Line window to be displayed.
  Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
  After the second window appears, the program will begin the cleanup.
  
• Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window:
  The machine must reboot to complete the un-installation. Reboot now? [y.n]
  
• Press Y on the keyboard.
  
• Wait for the computer to restart.
  

All McAfee products are now removed from your computer.

These McAfee removal instructions can be found at http://ts.mcafeehelp.com/faq3.asp?docid=408302

Then, *Download WinsockFix

Place it on your desktop.

Start Winsockfix.exe and click "Reg backup"

Your current registry will be saved in the folder "ERDNT"

Then click FIX

Your system will reboot.

Let me know if that solved your issue.

[Vee]

Hi, thanks for your reply.

I've done both of these and I'm now back online, thanks for that, it's great!

I have one more issue though, I have a web based admin system we are trying to login to and it doesn't work with IE8, it works with firefox but I don't know why I can't login with IE as again it works on every other PC we have tried.

Sorry to ask more questions but any pointers on why this might be?

Thanks again

[miekiemoes]

Does it still fail after uninstalling McAfee?

Because it may be an add-on causing this. And in your case, McAfee has set some add-ons in your IE browser here which may cause this.

On the other side, it could also because of IE8 itself. Many people are reporting issues with it after updating to IE8.

[Vee]

Hi

Yes it is failing after uninstalling McAffee.

Can I downgrade IE8 to IE7 at all perhaps? How do I do this?

[miekiemoes]

Hi,

Personally, I don't recommend to uninstall IE8 (which you can do via add&remove programs - that will restore IE7 again), this because IE8 is much secure.

Anyway, first of all, try to reset your IE8 settings. To do this:

http://windowshelp.microsoft.com/Windows/e...5354271033.mspx

Then see if that fixed your issue.

If not, then it's an issue with IE8 itself. If it works fine in Firefox, I would use firefox to access it instead though.

[Vee]

Thanks for all your help!

[miekiemoes]

You're most welcome

[miekiemoes]

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.