Jump to content

Recommended Posts

I have a PC with Windows XP SP2.

Malwarebytes identified 6 issues (see log below) and I told it to remove them.

After that the computer was rebooted and now I cannot connect to the internet.

I booted the computer in safe mode (with network) and made no difference.

I have run Malwarebytes after this and it did not find any issues.

Any ideas of how I can fix this?

Malwarebytes logs:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7871

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18702

10/5/2011 7:34:09 PM

mbam-log-2011-10-05 (19-34-09).txt

Scan type: Quick scan

Objects scanned: 269791

Time elapsed: 13 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Bot) -> Value: conhost -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\User\application data\microsoft\conhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\documents and settings\User1\application data\microsoft\conhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\documents and settings\User\local settings\Temp\0.47979427001527375.exe (Trojan.Exploit.Drop) -> Quarantined and deleted successfully.

c:\documents and settings\User\local settings\Temp\0.5964353792399744.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

--------------------------------------------

ipconfig result:

ipconfig /all

Windows IP Configuration

An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.

Additional information: Unable to query host name.

--------------------------------------------

DDS Log

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Run by Administrator at 23:34:12 on 2011-10-09

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1706 [GMT -4:00]

.

FW: Norton Internet Worm Protection *Disabled*

FW: ZoneAlarm Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070124

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070124

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZon1.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\progra~1\gbplugin\gbieh.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\program files\gbplugin\gbiehcef.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540007} - c:\progra~1\gbplugin\gbiehabn.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL

TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZon1.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [Creative MediaSource Go] "c:\program files\creative\mediasource5\go\CTCMSGoU.exe" /SCB

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r

mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [ GbPluginAbn] RunDll32.exe c:\progra~1\gbplugin\gbiehAbn.dll,Gbieh

mRunOnce: [ GbPluginBb] RunDll32.exe c:\progra~1\gbplugin\gbieh.dll,Gbieh

mRunOnce: [ GbPluginCef] RunDll32.exe c:\progra~1\gbplugin\gbiehCef.dll,Gbieh

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

Trusted Zone: bancoreal.com.br\www

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: secureweb.com.br\www

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://www.notesathome.com/notesathomef31be94d8e7395220f39ab462e61f2db6ebf9ceb/notesathome0/Citrix/ICAWEB/en/ica32/wficat.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - hxxp://usfulfillment.puretracks.com/onager.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182694132000

DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://www.notesathome.com/InternalSite/WhlCompMgr.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} - hxxp://www.shockwave.com/content/astroavenger2/sis/AstroAvenger2Loader.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/T25L10NSP41EP2-shared-prod/webex/ieatgpc.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remoteny.nyx.com./dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2326B174-43FA-4EE3-AC75-C578499D3873} : DhcpNameServer = 192.168.1.1

Notify: GbPluginAbn - c:\progra~1\gbplugin\gbiehAbn.dll

Notify: GbPluginBb - c:\progra~1\gbplugin\gbieh.dll

Notify: GbPluginCef - c:\program files\gbplugin\gbiehcef.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399007} - c:\progra~1\gbplugin\gbiehabn.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\progra~1\gbplugin\gbieh.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\program files\gbplugin\gbiehcef.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\udo3etqh.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\sonyon~1\npsoe.dll

FF - plugin: c:\progra~1\sonyon~1\npsoeact.dll

FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll

FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-3-29 43600]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-5-31 532224]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S1 mqigkxrp;mqigkxrp;\??\c:\windows\system32\drivers\mqigkxrp.sys --> c:\windows\system32\drivers\mqigkxrp.sys [?]

S1 NEOFLTR_700_16899;Juniper Networks TDI Filter Driver (NEOFLTR_700_16899);c:\windows\system32\drivers\NEOFLTR_700_16899.SYS [2010-11-18 84336]

S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-10-5 328536]

S2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2008-2-22 208264]

S2 GtDetectSc;GtDetectSc;c:\program files\option\globetrotter connect\GtDetectSc.exe [2009-4-2 543744]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-2 135664]

S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]

S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]

S3 59d1d69c-bbc1-4c5e-ba80-6161724c0b35;59d1d69c-bbc1-4c5e-ba80-6161724c0b35;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]

S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-2-4 63360]

S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2009-2-4 105856]

S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [2009-2-4 20352]

S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-2-4 8064]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-2 135664]

.

=============== File Associations ===============

.

inffile=c:\windows\system32\NOTEPAD.EXE "%1"

.

=============== Created Last 30 ================

.

2011-10-10 03:22:28 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe

2011-10-09 14:28:05 -------- d-----w- c:\windows\pss

2011-10-08 14:59:42 -------- d-----w- C:\Registry_backup

2011-10-08 14:33:33 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE

2011-10-08 12:06:31 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2011-10-08 12:05:24 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla

2011-10-08 12:04:48 -------- d-sh--w- c:\documents and settings\administrator\IETldCache

2011-10-07 02:14:35 98816 ----a-w- c:\windows\sed.exe

2011-10-07 02:14:35 518144 ----a-w- c:\windows\SWREG.exe

2011-10-07 02:14:35 256000 ----a-w- c:\windows\PEV.exe

2011-10-07 02:14:35 208896 ----a-w- c:\windows\MBR.exe

2011-10-07 02:14:27 -------- d-----w- C:\ComboFix

2011-10-06 04:15:06 -------- d-----w- C:\ERDNT

2011-10-06 03:43:29 -------- d-----w- c:\program files\IObit

2011-10-06 02:25:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-06 02:25:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware_NOVO

2011-10-05 03:31:07 -------- d-----w- c:\program files\Windows Resource Kits

2011-09-24 23:30:27 -------- d-----w- c:\program files\LEGO Software

.

==================== Find3M ====================

.

2011-09-07 01:24:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-22 12:14:59 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-07-22 12:14:06 88 --sh--r- c:\windows\system32\C0087584F8.sys

2011-07-18 12:13:36 43600 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

.

============= FINISH: 23:36:02.78 ===============

attach.zip

ark.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

Chris

Thank you for the reply: yes I believe I was infected by a backdoor trojan. My firewall (Zonealarm) likely prevented it to connect to the internet so I should be safe for now. The main issue, as stated on the subject of this post is that after I ran MalwareBytes I am unable to connect to the Internet (you can see that ipconfig /all shows nothing). I need help in getting the computer back into the network: can you help me?

Thanks

Rodrigo

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

  • Staff

Hi,

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.