Inactive [A] I used Combofix and now i don't have network connection

carby · Dec 31, 2011

i have windows xp service pack 3
i first used malwarebytes' anti malware, then cleaned and cleaned registry with ccleaner and finally i used combofix, but after it was done and i rebooted my pc i had no network connection, and when i try to repair it it says that the TCP/IP is not available, i used winsockFix, changed the ip and dns but i still have no connection...

carby · Dec 31, 2011

here is the log

ComboFix 11-12-27.01 - Agustin 31/12/2011 3:39.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.54.3082.18.1023.777 [GMT -3:00]
Running from: c:\documents and settings\Agustin\Escritorio\ComboFix.exe
AV: avast! antivirus 4.7.1098 [VPS 111230-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2012-04-11 01:11 . 2012-04-11 01:11 -------- d-----w- c:\archivos de programa\TweetDeck
2011-12-31 03:28 . 2011-12-31 03:28 -------- d-----w- c:\archivos de programa\CCleaner
2011-12-30 22:13 . 2011-12-30 22:13 -------- d-----w- c:\documents and settings\Agustin\Datos de programa\Malwarebytes
2011-12-30 22:12 . 2011-12-30 22:12 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2011-12-30 22:12 . 2011-12-10 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 22:12 . 2011-12-30 22:14 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2011-12-30 21:13 . 2011-12-31 04:13 -------- d-sh--w- c:\documents and settings\Agustin\Configuración local\Datos de programa\146bc063
2011-12-30 04:17 . 2011-12-30 04:18 -------- d-----w- c:\archivos de programa\sXe Injected
2011-12-30 03:46 . 2011-12-30 04:04 -------- d-----w- c:\archivos de programa\Cheating-Death
2011-12-30 03:43 . 2011-12-30 04:19 -------- d-----w- c:\archivos de programa\Counter-Strike 1.6
2011-12-21 14:37 . 2011-12-21 14:37 -------- d-----w- c:\archivos de programa\7-Zip
2011-12-09 15:55 . 2011-12-09 16:00 -------- d-----w- c:\documents and settings\Agustin\P5JavaClientSettings
2011-12-03 22:55 . 2011-12-03 22:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 13:47 . 2011-12-01 13:47 2106216 ----a-w- c:\archivos de programa\Mozilla Firefox\D3DCompiler_43.dll
2011-12-01 13:47 . 2011-12-01 13:47 1998168 ----a-w- c:\archivos de programa\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 13:47 . 2011-05-20 14:44 134104 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-14 12:00 . A35899D66F83BD140493040FD21CCF75 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2010-06-30 . A984FD70323F1BADC33C170F60DBD5F6 . 1572352 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-14 12:00 . A35899D66F83BD140493040FD21CCF75 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Agustin\Datos de programa\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Agustin\Datos de programa\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Agustin\Datos de programa\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Agustin\Datos de programa\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"EEventManager"="c:\archivos de programa\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-06-24 124928]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 01:12 3872080 ----a-w- c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 18:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 14:44 248552 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
"c:\\Archivos de programa\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Archivos de programa\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\TegNet1.3.5\\Servidor\\TEGNet_Server.exe"=
"c:\\Archivos de programa\\streamerp2p\\streamerp2p.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\SopCast\\SopCast.exe"=
"c:\\Archivos de programa\\SopCast\\adv\\SopAdver.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\java.exe"=
"c:\\Archivos de programa\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Agustin\\Datos de programa\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Archivos de programa\\Counter-Strike 1.6\\hl.exe"=
"c:\\Archivos de programa\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Documents and Settings\\Agustin\\Mis documentos\\Downloads\\ccsetup314.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*

isabled:Administración remota de Windows
"58896:TCP"= 58896:TCP

ando Media Booster
"58896:UDP"= 58896:UDP

ando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6914:TCP"= 6914:TCP:League of Legends Launcher
"6914:UDP"= 6914:UDP:League of Legends Launcher
"6986:TCP"= 6986:TCP:League of Legends Launcher
"6986:UDP"= 6986:UDP:League of Legends Launcher
"6891:TCP"= 6891:TCP:League of Legends Launcher
"6891:UDP"= 6891:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6896:TCP"= 6896:TCP:League of Legends Launcher
"6896:UDP"= 6896:UDP:League of Legends Launcher
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
.
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [16/11/2010 17:21 47360]
S3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [11/08/2010 09:15 26752]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 09:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Agustin\Datos de programa\Mozilla\Firefox\Profiles\r3g8gz9l.default\
FF - prefs.js: browser.startup.homepage - hxxp://es-ES.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:es-ES

fficial
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-31 03:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-31 03:52:50
ComboFix-quarantined-files.txt 2011-12-31 06:52
.
Pre-Run: 10.726.510.592 bytes libres
Post-Run: 10.730.979.328 bytes libres
.
- - End Of File - - 953FAE26CCAB3C74063530AE11839E00

Broni · Dec 31, 2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

As you already know...never use Combofix on your own!

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Inactive [A] I used Combofix and now i don't have network connection

carby

carby

Broni

Posts: 56,041 +516

Similar threads

Latest posts