Jump to content

can not connect to the internet after using combofix


lsmd19
 Share

Recommended Posts

hello everyone,

i am new here but i am having a problem with my laptop. after running combofix i can no longer connect to the internet. Combo fix may have deleted something it wasnt supposed to. when i try to repair the connection it say that it cant renew the ip address. A member had a similar problem on this earlier post... http://www.malwarebytes.org/forums/index.php?showtopic=21435 ... his problem was fixed with the help of an admin member. hopefully the same admin member can help me out. Or anyone really. It would be greatly appreciated.

this is the combofix log..

ComboFix 09-08-31.03 - User 08/31/2009 22:26.1.2 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.604 [GMT -7:00]

Running from: E:\com-bofix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\fyblb.exe

C:\LOG3.tmp

c:\program files\antiviirus.exe

c:\program files\tmp0.exe

c:\program files\tmp1.exe

c:\program files\tmp2.exe

c:\program files\tmp3.exe

c:\windows\braviax.exe

c:\windows\cru629.dat

c:\windows\dwltqnmx.exe

c:\windows\fkdnrwsv.dll

c:\windows\Installer\cc42255.msp

c:\windows\Installer\WMEncoder.msi

c:\windows\stfngdvw.dll

c:\windows\svpekgontdn.dll

c:\windows\sxfnewqb.dll

c:\windows\system32\~.exe

c:\windows\system32\braviax.exe

c:\windows\system32\cru629.dat

c:\windows\system32\dllcache\beep.sys

c:\windows\system32\drivers\UACqomxnmltqp.sys

c:\windows\system32\jalopeya.dll

c:\windows\system32\loboseta.dll

c:\windows\system32\lulakodu.dll

c:\windows\system32\resdll.dll

c:\windows\system32\tajf83ikdmf.dll

c:\windows\system32\tapi.nfo

c:\windows\system32\uacinit.dll

c:\windows\system32\UACkdalbwmtaq.dll

c:\windows\system32\UACpsbivdmtpq.dll

c:\windows\system32\UACqtenebwprr.dll

c:\windows\system32\UACwsvkloymws.dll

c:\windows\system32\UACwutoijecjb.dat

c:\windows\system32\wisdstr.exe

c:\windows\system32\wscsvc32.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_UACd.sys

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))

.

2009-08-30 06:42 . 2009-08-30 06:42 21504 ----a-w- C:\emxtqjit.exe

2009-08-30 06:42 . 2009-08-30 06:42 17920 ----a-w- C:\osps.exe

2009-08-30 06:42 . 2009-08-30 06:42 48640 ----a-w- C:\blyuwrjl.exe

2009-08-15 21:50 . 2009-08-15 21:50 -------- d-----w- c:\program files\ffdshow

2009-08-13 19:20 . 2009-08-13 19:20 -------- d-----w- c:\windows\ServicePackFiles

2009-08-12 16:11 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2009-08-09 18:14 . 2009-08-09 18:14 -------- d-----w- c:\documents and settings\User\Incomplete

2009-08-05 09:11 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-01 05:16 . 2004-08-10 18:51 55808 ----a-w- c:\windows\system32\eventlog.dll

2009-08-13 19:22 . 2008-01-22 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-09 18:14 . 2008-04-03 09:34 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire

2009-08-05 09:11 . 2004-08-10 18:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-19 21:55 . 2008-02-05 15:23 -------- d-----w- c:\documents and settings\User\Application Data\U3

2009-07-17 18:55 . 2004-08-10 18:50 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 17:15 . 2009-07-06 05:16 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll

2009-07-14 06:43 . 2004-08-10 18:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-07 05:12 . 2009-07-06 05:15 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll

2009-07-07 05:12 . 2009-07-06 05:15 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2009-07-06 18:04 . 2008-01-17 08:04 -------- d-----w- c:\program files\Microsoft Works

2009-07-06 05:16 . 2009-07-06 05:16 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2009-07-06 05:16 . 2009-07-06 05:16 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe

2009-07-06 05:16 . 2009-07-06 05:16 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll

2009-07-06 05:16 . 2009-07-06 05:16 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll

2009-06-26 15:59 . 2004-08-10 18:51 668160 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 15:59 . 2004-08-10 18:51 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-06-25 08:17 . 2004-08-10 18:51 59392 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:17 . 2004-08-10 18:51 56320 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:17 . 2004-08-10 18:51 168448 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:17 . 2004-08-10 18:51 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:17 . 2004-08-10 18:51 729600 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:17 . 2004-08-10 18:51 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-22 11:35 . 2004-08-10 18:51 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:55 . 2004-08-10 18:51 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:55 . 2004-08-10 18:51 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-12 11:50 . 2004-08-10 18:51 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:21 . 2004-08-10 18:50 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:32 . 2004-08-10 18:51 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 07:42 . 2004-08-10 19:01 655872 ----a-w- c:\windows\system32\mstscax.dll

2009-06-03 19:27 . 2004-08-10 18:51 1290752 ----a-w- c:\windows\system32\quartz.dll

2008-04-05 11:38 . 2008-04-05 11:38 36116 ----a-w- c:\program files\instaler.exe

2008-03-27 22:08 . 2008-03-27 22:07 9918872 ----a-w- c:\program files\WMEncoder.exe

2008-04-05 11:38 . 2008-04-05 11:38 23182 --sh--r- c:\windows\Installer\{2c50c159-fbec-446c-9d73-04d55b8c62a2}\zip.dll

2008-04-05 11:37 . 2008-04-05 11:37 14378 --sh--r- c:\windows\Installer\{f4a85fe8-9184-4c5a-a44f-946ddbed1e97}\UnknownService.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-12 50528]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-06 520024]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-03 136600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk

backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [1/17/2008 12:33 AM 3456]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/22/2009 11:12 PM 64160]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1029456]

S2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [8/23/2007 5:29 PM 5376]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/19/2008 7:49 PM 24652]

.

Contents of the 'Scheduled Tasks' folder

2009-08-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 05:15]

2009-07-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-01-17 20:32]

2008-01-17 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-01-17 20:32]

.

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)

URLSearchHooks-Rank - (no file)

BHO-{a0ddd57f-7f7a-4159-91ba-149b37c80e81} - c:\windows\system32\lulakodu.dll

HKLM-Run-nohahasogo - c:\windows\system32\jalopeya.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.dell.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-31 22:38

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(236)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1344)

c:\program files\Google\Google Desktop Search\GoogleDesktopCommon.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\windows\system32\wbem\unsecapp.exe

c:\progra~1\McAfee.com\Agent\mcagent.exe

c:\progra~1\McAfee\MSC\mcuimgr.exe

.

**************************************************************************

.

Completion time: 2009-09-01 22:44 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-01 05:44

Pre-Run: 109,714,997,248 bytes free

Post-Run: 110,144,286,720 bytes free

203 --- E O F --- 2009-08-26 03:24

Link to post
Share on other sites

  • Staff

Hi,

The reason why you lost internet access is probably because you have not really read the instructions how to use Combofix.

It clearly says to disable Antivirus and Firewall.

Also, you should run Combofix from your desktop and no other external source. And you didn't install the recovery console.

On the other side, if a computer is so severly infected, there's also a lot of damage. And that may also be the cause why your Internet connection and a lot of other things give errors and don't work anymore.

Anyway, The combofix tutorial recommends to disable your Antivirus, in your case McAfee. For McAfee, I rather recommend to temporary uninstall it, because Mcafee causes a lot of problems with Combofix after reboot, this because McAfee enables again after reboot. So please temporary uninstall McAfee first and reboot then.

Also,

I see you are running AdWatch.

I suggest you disable it because it can interfere with the fixes.

To disable AdWatch - * Right click on the Ad-Watch icon in the system tray and select to Disable Adwatch Live.

Then, I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Then, Please run Winsockfix: http://majorgeeks.com/WinSock_XP_Fix_d4372.html

Once done, please RERUN Combofix again, but please let it allow to install the Recovery console first. This is extremely important!!!

Then post the new log in your next reply.

Link to post
Share on other sites

I uninstalled mcafee and removed viewpoint media player ( viewpoint media player was the only thing i had in the comp that had the word viewpoint). I rebooted the computer and now i have an internet connection back. all without doing the other steps... should I still follow the steps you mentioned above?

Link to post
Share on other sites

i took out everything you asked me to take out...i didnt run winsockfix because you asked me not to when you found out my internet connection came back on...i ran combofix again and came up with this new log.........

ComboFix 09-09-01.07 - User 09/02/2009 8:45.2.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.583 [GMT -7:00]

Running from: E:\com-bofix.exe

.

((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 )))))))))))))))))))))))))))))))

.

2009-08-30 06:42 . 2009-08-30 06:42 21504 ----a-w- C:\emxtqjit.exe

2009-08-30 06:42 . 2009-08-30 06:42 17920 ----a-w- C:\osps.exe

2009-08-30 06:42 . 2009-08-30 06:42 48640 ----a-w- C:\blyuwrjl.exe

2009-08-15 21:50 . 2009-08-15 21:50 -------- d-----w- c:\program files\ffdshow

2009-08-13 19:20 . 2009-08-13 19:20 -------- d-----w- c:\windows\ServicePackFiles

2009-08-12 16:11 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2009-08-09 18:14 . 2009-08-09 18:14 -------- d-----w- c:\documents and settings\User\Incomplete

2009-08-05 09:11 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-02 15:31 . 2008-06-20 02:49 -------- d-----w- c:\program files\Common Files\AOL

2009-09-02 15:21 . 2009-02-23 06:07 -------- d-----w- c:\program files\Lavasoft

2009-09-02 15:15 . 2008-01-17 08:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-09-02 15:09 . 2008-06-20 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-09-01 05:16 . 2004-08-10 18:51 55808 ----a-w- c:\windows\system32\eventlog.dll

2009-08-13 19:22 . 2008-01-22 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-09 18:14 . 2008-04-03 09:34 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire

2009-08-05 09:11 . 2004-08-10 18:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-19 21:55 . 2008-02-05 15:23 -------- d-----w- c:\documents and settings\User\Application Data\U3

2009-07-17 18:55 . 2004-08-10 18:50 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 06:43 . 2004-08-10 18:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-06 18:04 . 2008-01-17 08:04 -------- d-----w- c:\program files\Microsoft Works

2009-06-26 15:59 . 2004-08-10 18:51 668160 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 15:59 . 2004-08-10 18:51 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-06-25 08:17 . 2004-08-10 18:51 59392 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:17 . 2004-08-10 18:51 56320 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:17 . 2004-08-10 18:51 168448 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:17 . 2004-08-10 18:51 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:17 . 2004-08-10 18:51 729600 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:17 . 2004-08-10 18:51 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-22 11:35 . 2004-08-10 18:51 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:55 . 2004-08-10 18:51 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:55 . 2004-08-10 18:51 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-12 11:50 . 2004-08-10 18:51 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:21 . 2004-08-10 18:50 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:32 . 2004-08-10 18:51 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 07:42 . 2004-08-10 19:01 655872 ----a-w- c:\windows\system32\mstscax.dll

2008-04-05 11:38 . 2008-04-05 11:38 36116 ----a-w- c:\program files\instaler.exe

2008-03-27 22:08 . 2008-03-27 22:07 9918872 ----a-w- c:\program files\WMEncoder.exe

2008-04-05 11:38 . 2008-04-05 11:38 23182 --sh--r- c:\windows\Installer\{2c50c159-fbec-446c-9d73-04d55b8c62a2}\zip.dll

2008-04-05 11:37 . 2008-04-05 11:37 14378 --sh--r- c:\windows\Installer\{f4a85fe8-9184-4c5a-a44f-946ddbed1e97}\UnknownService.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-09-01_05.38.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-10 18:51 . 2009-09-02 15:28 54478 c:\windows\system32\perfc009.dat

+ 2009-09-01 05:53 . 2009-09-02 15:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-22 03:56 . 2009-09-02 15:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-01-22 03:56 . 2009-09-01 05:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-01-22 03:56 . 2009-09-02 15:11 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-01-22 03:56 . 2009-09-01 05:05 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2004-08-10 18:51 . 2009-09-02 15:28 384834 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-03 136600]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk

backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [1/17/2008 12:33 AM 3456]

R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [8/23/2007 5:29 PM 5376]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.dell.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-02 08:48

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3396)

c:\program files\Google\Google Desktop Search\GoogleDesktopCommon.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-09-02 8:49

ComboFix-quarantined-files.txt 2009-09-02 15:49

ComboFix2.txt 2009-09-01 05:44

Pre-Run: 109,438,763,008 bytes free

Post-Run: 109,408,223,232 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

135 --- E O F --- 2009-08-26 03:24

Link to post
Share on other sites

  • Staff

Hi,

Please navigate to and delete the following files:

C:\emxtqjit.exe

C:\osps.exe

C:\blyuwrjl.exe

c:\program files\instaler.exe

c:\windows\Installer\{2c50c159-fbec-446c-9d73-04d55b8c62a2}\zip.dll

c:\windows\Installer\{f4a85fe8-9184-4c5a-a44f-946ddbed1e97}\UnknownService.dll

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

BTW, don't forget to reinstall your Antivirus afterwards + please update your Windows ASAP.

Link to post
Share on other sites

  • Staff
i ran combofix through a flashdrive....could that be why?
Yes, that explains it. That's why I also asked you before to place Combofix on your desktop.

Anyway, since that wasn't been done, use next command in start > run to uninstall it:

E:\com-bofix.exe /u

Let me know in your next reply how things are now.

Link to post
Share on other sites

  • Staff

They are hidden files, so.. Please set your system to show all files.

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option. <== don't forget this

Click Yes to confirm.

Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.

And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

Link to post
Share on other sites

everything has been done....deleted the files you asked me to delete. i hid all the files and folders again... i restarted my computer and presto......eveyrthing is working !!! Actually, everything is working faster and smooter.... Thank you so much for everything. Do I have to do anything else? If not then thank you again.... You were such a great help....

Link to post
Share on other sites

  • Staff

Hi,

Good to hear :)

Do I have to do anything else?
Yes, make sure this won't happen again, so Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.