It is currently Sat Jul 22, 2017 9:43 pm


Unable to connect to internet adfter running combofix.

Is your PC infected? Is it running slow? Just can't figure out what's making it sluggish? Here is the place to get some help.

Moderators: liljim, Gecko

Unable to connect to internet adfter running combofix.

Postby johnta20 » Tue Dec 13, 2011 4:03 pm

Ran combofix after getting somekind of windows security console trojan. Combofix adv of a rootkit that attached itself to the tcp/ip stack, and that if the connection didnt come back up after reboot to run it again which I did and still nothing. here is the log file.


ComboFix 11-12-09.04 - User 12/10/2011 18:33:13.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.97 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-11-12 05:58 . 2011-11-12 05:58 -------- d-----w- c:\documents and settings\Administrator
2011-11-12 05:42 . 2011-11-12 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-11-12 05:42 . 2011-11-12 05:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-12 05:38 . 2011-11-12 05:38 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2011-11-12 05:38 . 2011-11-12 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-12 05:38 . 2011-11-12 05:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-12 05:38 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-12 04:31 . 2011-11-12 04:37 -------- d-----w- c:\documents and settings\User\Application Data\NXXXwkkUVelBtP0
2011-11-12 04:31 . 2011-11-12 04:31 -------- d-----w- c:\documents and settings\User\Application Data\x555sQJJ6dK8gZh
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2011-07-08 17:28 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-10_02.59.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-10 23:27 . 2011-12-10 23:27 16384 c:\windows\Temp\Perflib_Perfdata_3c4.dat
+ 2004-08-04 10:00 . 2011-12-10 23:32 40190 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2011-12-10 02:55 40190 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2011-12-10 23:32 311842 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2011-12-10 02:55 311842 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 01:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-07-26 344064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/12/2011 12:38 AM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/12/2011 12:38 AM 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-24 01:20]
.
2011-12-10 c:\windows\Tasks\User_Feed_Synchronization-{A15A048D-9021-462C-898E-3DCB878CC4D9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
mStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 18:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(444)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4076)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-12-10 18:40:19
ComboFix-quarantined-files.txt 2011-12-10 23:40
ComboFix2.txt 2011-12-10 03:04
.
Pre-Run: 30,500,573,184 bytes free
Post-Run: 30,488,981,504 bytes free
.
- - End Of File - - D056F55D75929B10ECC5255222E2AD5F

Please help.
johnta20
Newbie
Newbie
 
Posts: 1
Joined: Mon Dec 12, 2011 10:15 pm

Thanks given:0
Thanks received:0
Top

Re: Unable to connect to internet adfter running combofix.

Postby liljim » Fri Dec 16, 2011 8:41 pm

Sounds like you need to rebuild your tcp/ip stack

give THIS a try
User avatar
liljim
Moderator
Moderator
 
Posts: 3017
Joined: Mon Mar 03, 2003 1:00 am
Location: Louisiana
Operating System: Win 7 Home Premium X64

Thanks given:0
Thanks received:12
Top


Return to Malware Support

Who is online

Users browsing this forum: No registered users and 1 guest

cron