Help with malware

[Elise]

Hi, how are things running now?

[PleaseHelpMe12]

After i restarted computer after combofix, it was connected but the 2nd computer icon won't blink. So i decided to restart the computer and it is now still getting the network address just like what happened in the first place.

[Elise]

Did you try this?

Click Start > Run, type services.msc and press enter. Scroll down to DHCP client and verify it is started and set to automated. If not started, start it and let me know what happens.

[PleaseHelpMe12]

I did do it same thing.

[Elise]

Then please let me know if the service was running and if not, what happened when you attempted to start it.

[PleaseHelpMe12]

It was already running

[Elise]

Lets have a closer look at those settings.

Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.

Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.

On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.

On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.

Click OK to exit the Properties and OK to exit the other windows as well.

Now, click Start > Run and type cmd in the runbox.

A command window will open. Type ipconfig /flushdns and press enter.

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

@echo off
(ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print) >>Log1.txt
start notepad Log1.txt
del %0

Go to the File menu at the top of the Notepad and select Save as.

Select save in: desktop

Fill in File name: test.bat

Save as type: All file types (*.*)

Click save.

Close the Notepad.

Locate and double-click tast.bat on the desktop.

A notepad opens, copy and paste the content it (log1.txt) to your reply.

[PleaseHelpMe12]

Windows IP Configuration

An internal error occurred: The operation completed successfully.

Please contact Microsoft Product Support Services for further help.

Additional information: Unable to open registry key for tcpip.

Server: UnKnown

Address: 127.0.0.1

Server: UnKnown

Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Ping request could not find host yahoo.com. Please check the name and try again.

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...02 00 4c 4f 4f 50 ...... Microsoft Loopback Adapter

0x10004 ...00 13 d4 16 c8 e7 ...... SiS 900-Based PCI Fast Ethernet Adapter

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

169.254.0.0 255.255.0.0 203.116.196.8 203.116.196.8 20

203.116.196.0 255.255.255.0 203.116.196.8 203.116.196.8 30

203.116.196.8 255.255.255.255 127.0.0.1 127.0.0.1 30

203.116.196.255 255.255.255.255 203.116.196.8 203.116.196.8 30

203.188.239.0 255.255.255.0 203.188.239.82 203.116.196.8 30

203.188.239.82 255.255.255.255 127.0.0.1 127.0.0.1 30

203.188.239.255 255.255.255.255 203.188.239.82 203.116.196.8 30

224.0.0.0 240.0.0.0 203.116.196.8 203.116.196.8 30

255.255.255.255 255.255.255.255 203.116.196.8 203.116.196.8 1

255.255.255.255 255.255.255.255 203.188.239.82 10004 1

===========================================================================

Persistent Routes:

None

[Elise]

Please click Start > Run, type cmd and press enter.

Type the following line and press enter.

netsh int ip reset resetlog.txt

Let me know what message was returned. Restart your computer and see if the internet works.

[PleaseHelpMe12]

No message returned and still no internet. Is it the router, computer, or the wire is wrong?

[Elise]

Hi again, please run the following fix and let me know how things are afterwards.

CF-SCRIPT

-------------

We need to execute a CF-script.

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
  

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer]
[HKEY_USERS\.Default\Software\SetID\Internal]
[HKEY_USERS\S-1-5-21-3529863423-2296698273-380274974-1009\Software\InterVideo\Common]
[HKEY_USERS\S-1-5-21-3529863423-2296698273-380274974-1009\Software\Microsoft\Windows\CurrentVersion\Explorer]
[HKEY_LOCAL_MACHINE\software\Classes\Applications\RealPlay.exe]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}]
[HKEY_LOCAL_MACHINE\software\Classes\pnm]
[HKEY_LOCAL_MACHINE\software\Classes\QuickTime.qup]
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RJS.1]
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RSML.6]
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RT.6]
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RV.6]
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RVX.6]
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SDP.6]
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SMIL.6]
[HKEY_LOCAL_MACHINE\software\Classes\rtsp]
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks]
[HKEY_LOCAL_MACHINE\software\Classes\SSM]
[HKEY_LOCAL_MACHINE\software\Clients\Media\RealOne Player]
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer]
[HKEY_LOCAL_MACHINE\software\Realtek\AlcMonitor]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[PleaseHelpMe12]

ComboFix 10-11-03.04 - Compaq_Owner 11/04/2010 19:07:48.7.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.532 [GMT -7:00]

Running from: K:\ComboFix.exe

Command switches used :: K:\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))

.

2035-02-21 01:10 . 2010-09-26 19:15 -------- d-----w- c:\program files\BitDefender

2035-02-21 01:10 . 2010-09-26 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2035-02-21 01:04 . 2010-09-26 19:15 -------- d-----w- c:\program files\Common Files\BitDefender

2010-10-28 02:23 . 2010-11-05 02:07 -------- d-----w- c:\windows\system32\CatRoot2

2010-10-26 04:35 . 2010-10-26 04:35 -------- d-----w- C:\i386

2010-10-21 04:28 . 2010-10-21 04:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-10-21 02:39 . 2008-04-14 12:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll

2010-10-21 02:36 . 2006-12-29 07:31 19569 ----a-w- c:\windows\002767_.tmp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-21 02:50 . 2010-10-21 02:50 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe

2010-10-21 02:50 . 2010-10-21 02:50 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe

2010-09-30 01:21 . 2010-08-09 16:47 35840 ----a-w- c:\windows\system32\drivers\isapnp.sys

2010-09-26 17:07 . 2010-09-25 05:08 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-26 01:22 . 2010-09-26 01:22 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-09-23 04:39 . 2010-09-23 04:39 307 ----a-w- c:\documents and settings\Compaq_Owner\asdsad.bat

2010-09-22 01:36 . 2010-09-22 01:36 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2010-08-12 04:07 . 2010-09-25 23:14 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2010-08-12 04:07 . 2010-09-25 23:14 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2010-08-12 04:07 . 2010-09-25 23:14 133616 ------w- c:\windows\system32\pxafs.dll

2010-08-12 04:07 . 2010-09-25 23:14 126448 ------w- c:\windows\system32\pxinsi64.exe

2010-08-12 04:07 . 2010-09-25 23:14 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-08-12 04:07 . 2005-01-26 16:03 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys

2010-08-10 12:15 . 2010-08-10 12:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-08-10 12:15 . 2010-08-10 12:15 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-08-09 16:42 . 2009-07-11 05:06 2321024 ----a-w- c:\windows\system32\TUKernel.exe

2006-01-29 06:07 . 2006-01-29 06:07 774144 -c--a-w- c:\program files\RngInterstitial.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim"="c:\program files\AIM7\aim.exe" [2010-03-08 3972440]

"Google Update"="c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"SiSPower"="SiSPower.dll" [2005-04-12 49152]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-13 106496]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-06 202256]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Utility Tray.lnk - c:\windows\system32\sistray.exe [2010-6-3 331776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\HP\\KBD\\KBD.EXE"=

"c:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\PPStream\\PPStream.exe"=

"c:\\Program Files\\PPStream\\PPSAP.exe"=

"c:\\Documents and Settings\\All Users\\Documents\\ppstreamsetup (2).exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=

"c:\\Program Files\\AIM7\\aim.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Tencent\\QQIntl\\Bin\\QQ.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57743:TCP"= 57743:TCP:Pando Media Booster

"57743:UDP"= 57743:UDP:Pando Media Booster

"57716:TCP"= 57716:TCP:Pando Media Booster

"57716:UDP"= 57716:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [9/21/2010 6:32 PM 10448]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [6/14/2010 4:42 PM 1051976]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/14/2009 11:22 PM 24652]

R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [8/14/2010 7:16 PM 79360]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/25/2010 11:18 AM 10064]

S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]

S3 maxD20081102;maxD20081102; [x]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [8/14/2010 7:16 PM 133632]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-11-04 c:\windows\Tasks\At1.job

- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]

2010-10-31 c:\windows\Tasks\At2.job

- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]

2010-10-26 c:\windows\Tasks\Automatic maintenance.job

- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2010-06-14 23:48]

2010-11-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-08 01:26]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3529863423-2296698273-380274974-1009Core.job

- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-11 17:38]

2010-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3529863423-2296698273-380274974-1009UA.job

- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-11 17:38]

2010-10-15 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://shop.trendmicro.com/tmasy/eol.html?X=300&Y=300&WIDTH=690&HEIGHT=480

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: QQ - c:\program files\Tencent\QQIntl\Bin\AddEmotion.htm

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab

FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\profiles\c2nz3mf3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - BearShare Web Search

FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=

FF - component: c:\documents and settings\Compaq_Owner\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll

FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\c2nz3mf3.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\c2nz3mf3.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\c2nz3mf3.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\c2nz3mf3.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll

FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll

FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll

FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\c2nz3mf3.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll

FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\np-mswmp.dll

FF - plugin: c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll

FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

.

- - - - ORPHANS REMOVED - - - -

AddRemove-QQ?? - c:\program files\????\QQGAME\Uninstall.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-04 19:20

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3529863423-2296698273-380274974-1009\Software\InterVideo\Common\AUDIODEC\IKernel]

@DACL=(02 0000)

@SACL=

[HKEY_USERS\S-1-5-21-3529863423-2296698273-380274974-1009\Software\InterVideo\Common\NAVIGATOR\IKernel]

@DACL=(02 0000)

@SACL=

[HKEY_USERS\S-1-5-21-3529863423-2296698273-380274974-1009\Software\InterVideo\Common\VIDEODEC\IKernel]

@DACL=(02 0000)

@SACL=

[HKEY_USERS\S-1-5-21-3529863423-2296698273-380274974-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\~

[Elise]

Any change after this?

If not, try the following: reboot your computer and when starting up, tap the F8 key. When the Advanced Boot options menu comes up, select Last Known Good Configuration.

After windows is started up, check if your internet works.

[PleaseHelpMe12]

doesnt work

[Elise]

Please boot in Safe mode with Networking and see if your internet works there.

[PleaseHelpMe12]

It doesnt work

[Elise]

Can you try to uninstall/reinstall your Network Adapter?

Before doing so, make sure you have the Driver CD or download the driver from the manufacturers website.

You can do so by pressing Windows key + R, typing devmgmt.msc and pressing enter.

Right click your network adapter and select uninstall.

[PleaseHelpMe12]

Okay now it says its connected and all adresses in details are not 0.0.0.0 buy internet's addresses. The problem now is whenever i try to go on browser the server is not found

[PleaseHelpMe12]

Also i rarely recieve packets and sent packets are slow

[Elise]

Well, thats at least progress.

Please rerun the batchfile we created earlier and post me the new log. See here

[PleaseHelpMe12]

Windows IP Configuration

An internal error occurred: The operation completed successfully.

Please contact Microsoft Product Support Services for further help.

Additional information: Unable to open registry key for tcpip.

Server: UnKnown

Address: 127.0.0.1

Server: UnKnown

Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Ping request could not find host yahoo.com. Please check the name and try again.

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...02 00 4c 4f 4f 50 ...... Microsoft Loopback Adapter

0x10004 ...00 13 d4 16 c8 e7 ...... SiS 900-Based PCI Fast Ethernet Adapter

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

169.254.0.0 255.255.0.0 203.116.196.8 203.116.196.8 20

203.116.196.0 255.255.255.0 203.116.196.8 203.116.196.8 30

203.116.196.8 255.255.255.255 127.0.0.1 127.0.0.1 30

203.116.196.255 255.255.255.255 203.116.196.8 203.116.196.8 30

203.188.239.0 255.255.255.0 203.188.239.82 203.116.196.8 30

203.188.239.82 255.255.255.255 127.0.0.1 127.0.0.1 30

203.188.239.255 255.255.255.255 203.188.239.82 203.116.196.8 30

224.0.0.0 240.0.0.0 203.116.196.8 203.116.196.8 30

255.255.255.255 255.255.255.255 203.116.196.8 203.116.196.8 1

255.255.255.255 255.255.255.255 203.188.239.82 10004 1

===========================================================================

Persistent Routes:

None

Windows IP Configuration

An internal error occurred: The operation completed successfully.

Please contact Microsoft Product Support Services for further help.

Additional information: Unable to open registry key for tcpip.

Server: cns.sanjose.ca.sanfran.comcast.net

Address: 68.87.76.182

Name: google.com

Addresses: 74.125.19.147, 74.125.19.103, 74.125.19.104, 74.125.19.99

Server: cns.sanjose.ca.sanfran.comcast.net

Address: 68.87.76.182

Name: yahoo.com

Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70

67.195.160.76

Ping request could not find host google.com. Please check the name and try again.

Ping request could not find host yahoo.com. Please check the name and try again.

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...02 00 4c 4f 4f 50 ...... Microsoft Loopback Adapter

0x10004 ...00 13 d4 16 c8 e7 ...... SiS 900-Based PCI Fast Ethernet Adapter

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.106 20

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

169.254.0.0 255.255.0.0 192.168.1.106 192.168.1.106 20

192.168.1.0 255.255.255.0 192.168.1.106 192.168.1.106 20

192.168.1.106 255.255.255.255 127.0.0.1 127.0.0.1 20

192.168.1.255 255.255.255.255 192.168.1.106 192.168.1.106 20

203.116.196.0 255.255.255.0 203.116.196.8 203.116.196.8 30

203.116.196.8 255.255.255.255 127.0.0.1 127.0.0.1 30

203.116.196.255 255.255.255.255 203.116.196.8 203.116.196.8 30

203.188.239.0 255.255.255.0 203.188.239.82 203.116.196.8 30

203.188.239.82 255.255.255.255 127.0.0.1 127.0.0.1 30

203.188.239.255 255.255.255.255 203.188.239.82 203.116.196.8 30

224.0.0.0 240.0.0.0 192.168.1.106 192.168.1.106 20

224.0.0.0 240.0.0.0 203.116.196.8 203.116.196.8 30

255.255.255.255 255.255.255.255 192.168.1.106 192.168.1.106 1

255.255.255.255 255.255.255.255 203.116.196.8 203.116.196.8 1

Default Gateway: 192.168.1.1

===========================================================================

Persistent Routes:

None

[Elise]

What happens when you right click the connection icon in the tray and select "repair"? What message do you get back?

[PleaseHelpMe12]

It says it is finished repairing and try connecting again but it doesnt work still

[Elise]

Can you once again try this: http://forums.malwarebytes.org/index.php?s...st&p=339023

Make sure you type exactly as is (or copy/paste, you can paste at the command prompt by rightclicking and selecting Paste).

[PleaseHelpMe12]

Still doesnt work