TechSpot

[A] I used Combofix and now i don't have network connection

By carby
Dec 31, 2011
  1. i have windows xp service pack 3
    i first used malwarebytes' anti malware, then cleaned and cleaned registry with ccleaner and finally i used combofix, but after it was done and i rebooted my pc i had no network connection, and when i try to repair it it says that the TCP/IP is not available, i used winsockFix, changed the ip and dns but i still have no connection...
     
  2. carby

    carby TS Rookie Topic Starter

    here is the log

    ComboFix 11-12-27.01 - Agustin 31/12/2011 3:39.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.54.3082.18.1023.777 [GMT -3:00]
    Running from: c:\documents and settings\Agustin\Escritorio\ComboFix.exe
    AV: avast! antivirus 4.7.1098 [VPS 111230-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-11 01:11 . 2012-04-11 01:11 -------- d-----w- c:\archivos de programa\TweetDeck
    2011-12-31 03:28 . 2011-12-31 03:28 -------- d-----w- c:\archivos de programa\CCleaner
    2011-12-30 22:13 . 2011-12-30 22:13 -------- d-----w- c:\documents and settings\Agustin\Datos de programa\Malwarebytes
    2011-12-30 22:12 . 2011-12-30 22:12 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
    2011-12-30 22:12 . 2011-12-10 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-30 22:12 . 2011-12-30 22:14 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
    2011-12-30 21:13 . 2011-12-31 04:13 -------- d-sh--w- c:\documents and settings\Agustin\Configuración local\Datos de programa\146bc063
    2011-12-30 04:17 . 2011-12-30 04:18 -------- d-----w- c:\archivos de programa\sXe Injected
    2011-12-30 03:46 . 2011-12-30 04:04 -------- d-----w- c:\archivos de programa\Cheating-Death
    2011-12-30 03:43 . 2011-12-30 04:19 -------- d-----w- c:\archivos de programa\Counter-Strike 1.6
    2011-12-21 14:37 . 2011-12-21 14:37 -------- d-----w- c:\archivos de programa\7-Zip
    2011-12-09 15:55 . 2011-12-09 16:00 -------- d-----w- c:\documents and settings\Agustin\P5JavaClientSettings
    2011-12-03 22:55 . 2011-12-03 22:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-01 13:47 . 2011-12-01 13:47 2106216 ----a-w- c:\archivos de programa\Mozilla Firefox\D3DCompiler_43.dll
    2011-12-01 13:47 . 2011-12-01 13:47 1998168 ----a-w- c:\archivos de programa\Mozilla Firefox\d3dx9_43.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-01 13:47 . 2011-05-20 14:44 134104 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    .
    [7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
    [-] 2008-04-14 12:00 . A35899D66F83BD140493040FD21CCF75 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys
    .
    [-] 2010-06-30 . A984FD70323F1BADC33C170F60DBD5F6 . 1572352 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    [7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
    [-] 2008-04-14 12:00 . A35899D66F83BD140493040FD21CCF75 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Agustin\Datos de programa\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Agustin\Datos de programa\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Agustin\Datos de programa\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Agustin\Datos de programa\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" [2010-03-19 421888]
    "iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "nwiz"="nwiz.exe" [2008-05-16 1630208]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
    "EEventManager"="c:\archivos de programa\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3"="advpack.dll" [2010-06-24 124928]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-17 01:12 3872080 ----a-w- c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2007-04-16 18:28 577536 ----a-w- c:\windows\soundman.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 14:44 248552 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "MDM"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "idsvc"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Archivos de programa\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
    "c:\\Archivos de programa\\iTunes\\iTunes.exe"=
    "c:\\Archivos de programa\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
    "c:\\Archivos de programa\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "c:\\Archivos de programa\\Ares\\Ares.exe"=
    "c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Archivos de programa\\TegNet1.3.5\\Servidor\\TEGNet_Server.exe"=
    "c:\\Archivos de programa\\streamerp2p\\streamerp2p.exe"=
    "c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Archivos de programa\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
    "c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Archivos de programa\\SopCast\\SopCast.exe"=
    "c:\\Archivos de programa\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Archivos de programa\\Java\\jre6\\bin\\java.exe"=
    "c:\\Archivos de programa\\Epson Software\\Event Manager\\EEventManager.exe"=
    "c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
    "c:\\Documents and Settings\\Agustin\\Datos de programa\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Archivos de programa\\Counter-Strike 1.6\\hl.exe"=
    "c:\\Archivos de programa\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\Archivos de programa\\Archivos comunes\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
    "c:\\Documents and Settings\\Agustin\\Mis documentos\\Downloads\\ccsetup314.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Administración remota de Windows
    "58896:TCP"= 58896:TCP:pando Media Booster
    "58896:UDP"= 58896:UDP:pando Media Booster
    "8381:TCP"= 8381:TCP:League of Legends Launcher
    "8381:UDP"= 8381:UDP:League of Legends Launcher
    "6914:TCP"= 6914:TCP:League of Legends Launcher
    "6914:UDP"= 6914:UDP:League of Legends Launcher
    "6986:TCP"= 6986:TCP:League of Legends Launcher
    "6986:UDP"= 6986:UDP:League of Legends Launcher
    "6891:TCP"= 6891:TCP:League of Legends Launcher
    "6891:UDP"= 6891:UDP:League of Legends Launcher
    "8382:TCP"= 8382:TCP:League of Legends Launcher
    "8382:UDP"= 8382:UDP:League of Legends Launcher
    "8383:TCP"= 8383:TCP:League of Legends Launcher
    "8383:UDP"= 8383:UDP:League of Legends Launcher
    "8393:TCP"= 8393:TCP:League of Legends Lobby
    "8393:UDP"= 8393:UDP:League of Legends Lobby
    "8390:TCP"= 8390:TCP:League of Legends Game Client
    "8390:UDP"= 8390:UDP:League of Legends Game Client
    "6896:TCP"= 6896:TCP:League of Legends Launcher
    "6896:UDP"= 6896:UDP:League of Legends Launcher
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [16/11/2010 17:21 47360]
    S3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [11/08/2010 09:15 26752]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 09:00 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Agustin\Datos de programa\Mozilla\Firefox\Profiles\r3g8gz9l.default\
    FF - prefs.js: browser.startup.homepage - hxxp://es-ES.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:es-ES:eek:fficial
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-31 03:49
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-12-31 03:52:50
    ComboFix-quarantined-files.txt 2011-12-31 06:52
    .
    Pre-Run: 10.726.510.592 bytes libres
    Post-Run: 10.730.979.328 bytes libres
    .
    - - End Of File - - 953FAE26CCAB3C74063530AE11839E00
     
  3. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    As you already know...never use Combofix on your own!

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...