Jump to content

Lost Internet after running Malwarebytes


Recommended Posts

Hey guys, first post here and I'm having a problem with my internet connection. I ran MBAM and it deleted 2 items, since that time my internet hasn't worked properly. When I load IE sometimes it will just say "INTERNET EXPLORER CANNOT DISPLAY THE WEBPAGE" other times it will partially load my homepage (google.com) albeit very slowly and only about 50% of it will load before the same page then loads stating "INTERNET EXPLORER CANNOT DISPLAY THE WEBPAGE". When I try loading Firefox, the same things happen. When I open the control panel and look at my network connection it says that it is connected at a speed of 100.0 MBPS.

The log of what MBAM deleted is here:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/11/2011 9:24:10 AM

mbam-log-2011-02-11 (09-24-10).txt

Scan type: Full scan (C:\|)

Objects scanned: 806672

Time elapsed: 10 hour(s), 58 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\VRZJ8K91NT (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{0ede882f-f77c-471a-87a1-8bcdc29f3a36}\RP487\A0073155.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

I checked to make sure that I wasn't set to connect to a proxy server, and I tried some other things that I have basic knowledge of to repair the problem but to no avail. I also tried to repair the problem with a system restore, but no such luck in re-establishing a fully-functional internet connection. I then ran a Windows XP Networks Diagnostics check, but didn't save the first log. So I just ran another one and copied the log. The log is here:

Last diagnostic run time: 02/14/11 12:26:20 HTTP, HTTPS, FTP Diagnostic

HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved

warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established

warn FTP (Active): Error 12031 connecting to ftp.microsoft.com: The connection with the server was reset

warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established

warn HTTP: Error 12002 connecting to www.hotmail.com: The operation timed out

warn HTTPS: Error 12002 connecting to www.passport.net: The operation timed out

error Could not make an HTTP connection.

error Could not make an HTTPS connection.

error Could not make an FTP connection.

info Redirecting user to support call

DNS Client Diagnostic

DNS - Not a home user scenario

info Using Web Proxy: no

info Resolving name ok for (www.microsoft.com): yes

No DNS servers

DNS failure

Gateway Diagnostic

Gateway

info The following proxy configuration is being used by IE: Automatically Detect Settings:Enabled Automatic Configuration Script: Proxy Server: Proxy Bypass list:

info Could not get proxy settings via the Automatic Proxy Configuration mechanism

info This computer has the following default gateway entry(ies): 192.168.1.1

info This computer has the following IP address(es): 192.168.1.100

info The default gateway is in the same subnet as this computer

info The default gateway entry is a valid unicast address

warn The default gateway address could not be resolved via ARP

action Automated repair: Renew IP address

action Releasing the current IP address...

action Successfully released the current IP address

action Renewing the IP address...

action Successfully renewed the current IP address

info This computer has the following default gateway entry(ies): 192.168.1.1

info This computer has the following IP address(es): 192.168.1.100

info The default gateway is in the same subnet as this computer

info The default gateway entry is a valid unicast address

info The default gateway address was resolved via ARP in 1 try(ies)

info The default gateway was reached via ICMP Ping in 1 try(ies)

info TCP port 80 on host 65.55.12.249 was successfully reached

info The Internet host www.microsoft.com was successfully reached

info The default gateway is OK

IP Layer Diagnostic

Corrupted IP routing table

info The default route is valid

info The loopback route is valid

info The local host route is valid

info The local subnet route is valid

Invalid ARP cache entries

action The ARP cache has been flushed

IP Configuration Diagnostic

Invalid IP address

info Valid IP address detected: 192.168.1.100

Wireless Diagnostic

Wireless - Service disabled

Wireless - User SSID

Wireless - First time setup

Wireless - Radio off

Wireless - Out of range

Wireless - Hardware issue

Wireless - Novice user

Wireless - Ad-hoc network

Wireless - Less preferred

Wireless - 802.1x enabled

Wireless - Configuration mismatch

Wireless - Low SNR

WinSock Diagnostic

WinSock status

info All base service provider entries are present in the Winsock catalog.

info The Winsock Service provider chains are valid.

info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.

info Provider entry MSAFD Tcpip [uDP/IP] passed the loopback communication test.

info Provider entry RSVP UDP Service Provider passed the loopback communication test.

info Provider entry RSVP TCP Service Provider passed the loopback communication test.

info Connectivity is valid for all Winsock service providers.

Network Adapter Diagnostic

Network location detection

info Using home Internet connection

Network adapter identification

info Network connection: Name=Local Area Connection, Device=Intel® PRO/100 VE Network Connection, MediaType=LAN, SubMediaType=LAN

info Ethernet connection selected

Network adapter status

info Network connection status: Connected

HTTP, HTTPS, FTP Diagnostic

HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved

warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved

warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved

warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved

warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved

warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved

error Could not make an HTTP connection.

error Could not make an HTTPS connection.

error Could not make an FTP connection.

I also took a screen shot of the Network Diagnostics window at the completion of the scan as it stated things of which I have no understanding of. Picture here: connectionproblems.jpg

I then tried ComboFix at the recommendation of a friend and that log is here:

ComboFix 11-02-13.04 - Jamie 02/14/2011 10:36:45.8.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.261 [GMT -5:00]

Running from: F:\ComboFix.exe

AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))

.

2011-02-11 16:38 . 2011-02-11 16:38 -------- d-----w- c:\windows\system32\wbem\Repository

2011-02-11 16:35 . 2011-02-11 16:35 -------- d-----w- c:\program files\Security Task Manager

2011-01-25 18:45 . 2011-01-25 18:45 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google

2011-01-25 18:40 . 2011-01-25 18:41 -------- d-----w- c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Local Settings\Application Data\Temp

2011-01-25 18:40 . 2011-01-25 18:40 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-20 12:55 . 2009-04-23 22:33 385024 ----a-w- c:\windows\system32\html.iec

2010-11-18 18:12 . 2009-04-20 21:10 81920 ----a-w- c:\windows\system32\isign32.dll

2010-02-28 23:39 . 2010-02-28 23:14 1228288 -c--a-w- c:\program files\ADBEILSTCS4_LS1.exe

2009-05-13 00:08 . 2009-05-13 00:07 7526856 -c--a-w- c:\program files\Firefox Setup 3.0.10.exe

2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((( SnapShot_2010-12-27_06.19.11 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-11 17:14 . 2011-02-11 17:14 16384 c:\windows\temp\Perflib_Perfdata_74c.dat

+ 2011-02-11 17:14 . 2011-02-11 17:14 16384 c:\windows\temp\Perflib_Perfdata_648.dat

+ 2010-08-13 16:33 . 2010-12-27 06:31 97859 c:\windows\system32\drivers\klick.dat

+ 2011-01-25 18:40 . 2011-01-25 18:40 21504 c:\windows\Installer\4174b6c3.msi

+ 2011-01-25 18:42 . 2011-01-25 18:42 25214 c:\windows\Installer\{C768790F-04FB-11E0-9B2C-001AA037B01E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe

+ 2011-01-12 11:46 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll

+ 2011-01-12 11:46 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll

+ 2002-08-29 12:00 . 2010-11-06 00:26 916480 c:\windows\system32\wininet(3).dll

+ 2002-08-29 12:00 . 2008-04-14 00:12 438272 c:\windows\system32\shimgvw(2).dll

+ 2010-01-26 05:05 . 2011-02-11 16:40 651052 c:\windows\system32\Restore\rstrlog.dat

- 2002-08-29 12:00 . 2008-04-14 00:12 249856 c:\windows\system32\odbc32.dll

+ 2002-08-29 12:00 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll

+ 2002-08-29 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos(3).dll

+ 2010-08-13 16:33 . 2010-12-27 06:31 114243 c:\windows\system32\drivers\klin.dat

+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll

- 2009-04-14 22:07 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\msjro.dll

+ 2009-04-14 22:07 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll

+ 2009-04-14 22:07 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll

- 2009-04-14 22:07 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msadox.dll

- 2009-04-14 22:07 . 2008-04-14 00:11 180224 c:\windows\system32\dllcache\msadomd.dll

+ 2009-04-14 22:07 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll

- 2009-04-14 22:07 . 2008-04-14 00:11 536576 c:\windows\system32\dllcache\msado15.dll

+ 2009-04-14 22:07 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll

- 2009-04-14 22:07 . 2008-04-14 00:11 143360 c:\windows\system32\dllcache\msadco.dll

+ 2009-04-14 22:07 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll

+ 2002-08-29 12:00 . 2010-10-28 13:13 290048 c:\windows\system32\atmfd(3).dll

+ 2011-01-12 11:46 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2419632$\spuninst\updspapi.dll

+ 2011-01-12 11:46 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe

+ 2011-01-12 11:46 . 2008-04-14 00:12 249856 c:\windows\$NtUninstallKB2419632$\odbc32.dll

+ 2011-01-12 11:46 . 2008-04-14 00:12 102400 c:\windows\$NtUninstallKB2419632$\msjro.dll

+ 2011-01-12 11:46 . 2008-04-14 00:11 200704 c:\windows\$NtUninstallKB2419632$\msadox.dll

+ 2011-01-12 11:46 . 2008-04-14 00:11 180224 c:\windows\$NtUninstallKB2419632$\msadomd.dll

+ 2011-01-12 11:46 . 2008-04-14 00:11 536576 c:\windows\$NtUninstallKB2419632$\msado15.dll

+ 2011-01-12 11:46 . 2008-04-14 00:11 143360 c:\windows\$NtUninstallKB2419632$\msadco.dll

+ 2011-01-12 11:46 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll

+ 2011-01-12 11:46 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2419632\update\update.exe

+ 2011-01-12 11:46 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2419632\spuninst.exe

+ 2010-11-09 14:50 . 2010-11-09 14:50 253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll

+ 2010-11-09 14:50 . 2010-11-09 14:50 102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll

+ 2010-11-09 14:50 . 2010-11-09 14:50 200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll

+ 2010-11-09 14:50 . 2010-11-09 14:50 180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll

+ 2010-11-09 14:50 . 2010-11-09 14:50 565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll

+ 2010-11-09 14:50 . 2010-11-09 14:50 143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll

+ 2002-08-29 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon(3).dll

+ 2002-08-29 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32(3).dll

+ 2009-04-20 16:38 . 2011-02-11 16:41 2010696 c:\windows\system32\FNTCACHE.DAT

- 2009-04-20 16:38 . 2010-12-15 08:41 2010696 c:\windows\system32\FNTCACHE.DAT

+ 2009-05-05 15:50 . 2011-01-12 11:46 37403080 c:\windows\system32\MRT.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-09-09 340520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-29 07:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/29/2002 7:00 AM 14336]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2011 1:40 PM 136176]

S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [9/21/2009 3:34 PM 11264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

2011-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 18:40]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 18:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = *.local;<local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &SHOUTcast Search - c:\documents and settings\All Users.WINDOWS\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html

Trusted Zone: sprint.com\mysprint

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-11994.cab

FF - ProfilePath - c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Application Data\Mozilla\Firefox\Profiles\swpg81rz.default\

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: XULRunner: {12AF9789-BCF4-4495-BAA6-26AC23D076E0} - c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Local Settings\Application Data\{12AF9789-BCF4-4495-BAA6-26AC23D076E0}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-14 10:48

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(132)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2011-02-14 10:54:18

ComboFix-quarantined-files.txt 2011-02-14 15:54

ComboFix2.txt 2010-12-27 06:22

ComboFix3.txt 2010-12-13 22:08

ComboFix4.txt 2010-11-29 20:48

ComboFix5.txt 2011-02-14 15:31

Pre-Run: 1,536,020,480 bytes free

Post-Run: 1,756,291,072 bytes free

- - End Of File - - 63948A44CA2889B94621C999E450895B

After that I ran ComboFix again with this;

FCopy::

C:\WINDOWS\ServicePackFiles\i386\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys

I saved it as CFScript.txt and dragged it into ComboFix which caused CF to reboot again. That log is here:

ComboFix 11-02-13.04 - Jamie 02/14/2011 11:17:38.9.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.209 [GMT -5:00]

Running from: c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Desktop\CFScript.txt

AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\netbt.sys --> c:\windows\system32\drivers\netbt.sys

.

((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))

.

2011-02-11 16:38 . 2011-02-11 16:38 -------- d-----w- c:\windows\system32\wbem\Repository

2011-02-11 16:35 . 2011-02-11 16:35 -------- d-----w- c:\program files\Security Task Manager

2011-01-25 18:45 . 2011-01-25 18:45 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google

2011-01-25 18:40 . 2011-01-25 18:41 -------- d-----w- c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Local Settings\Application Data\Temp

2011-01-25 18:40 . 2011-01-25 18:40 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-20 12:55 . 2009-04-23 22:33 385024 ----a-w- c:\windows\system32\html.iec

2010-11-18 18:12 . 2009-04-20 21:10 81920 ----a-w- c:\windows\system32\isign32.dll

2010-02-28 23:39 . 2010-02-28 23:14 1228288 -c--a-w- c:\program files\ADBEILSTCS4_LS1.exe

2009-05-13 00:08 . 2009-05-13 00:07 7526856 -c--a-w- c:\program files\Firefox Setup 3.0.10.exe

2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((( SnapShot_2010-12-27_06.19.11 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-11 17:14 . 2011-02-11 17:14 16384 c:\windows\temp\Perflib_Perfdata_74c.dat

+ 2011-02-11 17:14 . 2011-02-11 17:14 16384 c:\windows\temp\Perflib_Perfdata_648.dat

+ 2010-08-13 16:33 . 2010-12-27 06:31 97859 c:\windows\system32\drivers\klick.dat

+ 2011-01-25 18:40 . 2011-01-25 18:40 21504 c:\windows\Installer\4174b6c3.msi

+ 2011-01-25 18:42 . 2011-01-25 18:42 25214 c:\windows\Installer\{C768790F-04FB-11E0-9B2C-001AA037B01E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe

+ 2011-01-12 11:46 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll

+ 2011-01-12 11:46 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll

+ 2002-08-29 12:00 . 2010-11-06 00:26 916480 c:\windows\system32\wininet(3).dll

+ 2002-08-29 12:00 . 2008-04-14 00:12 438272 c:\windows\system32\shimgvw(2).dll

+ 2010-01-26 05:05 . 2011-02-11 16:40 651052 c:\windows\system32\Restore\rstrlog.dat

- 2002-08-29 12:00 . 2008-04-14 00:12 249856 c:\windows\system32\odbc32.dll

+ 2002-08-29 12:00 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll

+ 2002-08-29 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos(3).dll

+ 2010-08-13 16:33 . 2010-12-27 06:31 114243 c:\windows\system32\drivers\klin.dat

+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll

+ 2002-08-29 12:00 . 2008-04-13 19:21 162816 c:\windows\system32\dllcache\netbt.sys

+ 2009-04-14 22:07 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll

- 2009-04-14 22:07 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\msjro.dll

+ 2009-04-14 22:07 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll

- 2009-04-14 22:07 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msadox.dll

- 2009-04-14 22:07 . 2008-04-14 00:11 180224 c:\windows\system32\dllcache\msadomd.dll

+ 2009-04-14 22:07 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll

- 2009-04-14 22:07 . 2008-04-14 00:11 536576 c:\windows\system32\dllcache\msado15.dll

+ 2009-04-14 22:07 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll

+ 2009-04-14 22:07 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll

- 2009-04-14 22:07 . 2008-04-14 00:11 143360 c:\windows\system32\dllcache\msadco.dll

+ 2002-08-29 12:00 . 2010-10-28 13:13 290048 c:\windows\system32\atmfd(3).dll

+ 2011-01-12 11:46 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2419632$\spuninst\updspapi.dll

+ 2011-01-12 11:46 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe

+ 2011-01-12 11:46 . 2008-04-14 00:12 249856 c:\windows\$NtUninstallKB2419632$\odbc32.dll

+ 2011-01-12 11:46 . 2008-04-14 00:12 102400 c:\windows\$NtUninstallKB2419632$\msjro.dll

+ 2011-01-12 11:46 . 2008-04-14 00:11 200704 c:\windows\$NtUninstallKB2419632$\msadox.dll

+ 2011-01-12 11:46 . 2008-04-14 00:11 180224 c:\windows\$NtUninstallKB2419632$\msadomd.dll

+ 2011-01-12 11:46 . 2008-04-14 00:11 536576 c:\windows\$NtUninstallKB2419632$\msado15.dll

+ 2011-01-12 11:46 . 2008-04-14 00:11 143360 c:\windows\$NtUninstallKB2419632$\msadco.dll

+ 2011-01-12 11:46 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll

+ 2011-01-12 11:46 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2419632\update\update.exe

+ 2011-01-12 11:46 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2419632\spuninst.exe

+ 2010-11-09 14:50 . 2010-11-09 14:50 253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll

+ 2010-11-09 14:50 . 2010-11-09 14:50 102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll

+ 2010-11-09 14:50 . 2010-11-09 14:50 200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll

+ 2010-11-09 14:50 . 2010-11-09 14:50 180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll

+ 2010-11-09 14:50 . 2010-11-09 14:50 565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll

+ 2010-11-09 14:50 . 2010-11-09 14:50 143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll

+ 2002-08-29 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon(3).dll

+ 2002-08-29 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32(3).dll

+ 2009-04-20 16:38 . 2011-02-11 16:41 2010696 c:\windows\system32\FNTCACHE.DAT

- 2009-04-20 16:38 . 2010-12-15 08:41 2010696 c:\windows\system32\FNTCACHE.DAT

+ 2009-05-05 15:50 . 2011-01-12 11:46 37403080 c:\windows\system32\MRT.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-09-09 340520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-29 07:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/29/2002 7:00 AM 14336]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2011 1:40 PM 136176]

S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [9/21/2009 3:34 PM 11264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

2011-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 18:40]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 18:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = *.local;<local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &SHOUTcast Search - c:\documents and settings\All Users.WINDOWS\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html

Trusted Zone: sprint.com\mysprint

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-11994.cab

FF - ProfilePath - c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Application Data\Mozilla\Firefox\Profiles\swpg81rz.default\

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: XULRunner: {12AF9789-BCF4-4495-BAA6-26AC23D076E0} - c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Local Settings\Application Data\{12AF9789-BCF4-4495-BAA6-26AC23D076E0}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-14 11:29

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2011-02-14 11:33:40

ComboFix-quarantined-files.txt 2011-02-14 16:33

ComboFix2.txt 2011-02-14 15:54

ComboFix3.txt 2010-12-27 06:22

ComboFix4.txt 2010-12-13 22:08

ComboFix5.txt 2011-02-14 16:16

Pre-Run: 1,759,457,280 bytes free

Post-Run: 1,748,299,776 bytes free

- - End Of File - - C6E7FB35EA683E6FC73CACF3EC9BD27B

After that I ran an IPCONFIG, log is here:

Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Jamie.JAMIE-J7B6FZLLT>IPCONFIG /ALL

Windows IP Configuration

Host Name . . . . . . . . . . . . : jamie-j7b6fzllt

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.ct.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.ct.comcast.net.

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connecti

on

Physical Address. . . . . . . . . : 00-07-E9-71-AD-89

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.87.71.230

68.87.73.246

Lease Obtained. . . . . . . . . . : Monday, February 14, 2011 11:40:33 A

M

Lease Expires . . . . . . . . . . : Tuesday, February 15, 2011 11:40:33

AM

And finally I pinged Google.com and the log of that is here:

Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Jamie.JAMIE-J7B6FZLLT>ping google.com

Pinging google.com [74.125.226.113] with 32 bytes of data:

Request timed out.

Request timed out.

Reply from 74.125.226.113: bytes=32 time=25ms TTL=52

Reply from 74.125.226.113: bytes=32 time=25ms TTL=52

Ping statistics for 74.125.226.113:

Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 25ms, Average = 25ms

I also just ran WinsockxpFix, but that didn't help either.

On certain forums I was on trying to find info on repairing my problem, all these different steps were recommended which is why I did all these scans and such. I figured the more info I had available to someone helping me with this dilemna, the better off I'd be. I am by no means a computer whiz, and don't understand 3/4 of what is contained in all these logs. But hopefully someone here can help me out...

Thank you very much for any assistance,

Jamie

Link to post
Share on other sites

Please update malwarebytes and scan again. It should fix it when its updated.

If you can't update.

Open up internet explorer.

go to

tools/internet options

go to connections

go to lan settings

uncheck use a proxy server.

Ok your way out.

Update malwarebytes and run another scan.

The proxy server box was already unchecked. Any other suggestions? Thanks

Link to post
Share on other sites

  • 2 weeks later...
  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.