Thread: Lost Internet connection after combofix...
View Single Post
Old 09-24-2008, 04:31 AM   #1 (permalink)
ravensheat
Registered User
 
Join Date: Sep 2008
Posts: 1
OS: XP SP2


Lost Internet connection after combofix...
hey guys having problems here.. ive tried the LSP thing and the other one but no luck.. must of had something deleted during combofix. Heres the Log



ComboFix 08-09-20.05 - Iota 2008-09-21 18:12:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.196 [GMT 12:00]
Running from: C:\Documents and Settings\Iota\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Iota\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiMalwareGuard.lnk
C:\Documents and Settings\Guest\Application Data\rhc93tj0epb3
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adsfac[1].txt
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt
C:\Documents and Settings\Guest\err.log
C:\Documents and Settings\Iota\Application Data\rhc93tj0epb3
C:\Documents and Settings\Iota\Cookies\iota@ad.yieldmanager[1].txt
C:\Documents and Settings\Iota\Cookies\iota@adsfac[2].txt
C:\Documents and Settings\Iota\Cookies\iota@fatbraintoys[1].txt
C:\Documents and Settings\Iota\Cookies\iota@serving-sys[1].txt
C:\Documents and Settings\Iota\Cookies\iota@specificclick[1].txt
C:\Documents and Settings\Iota\err.log
C:\Program Files\internet explorer\msimg32.dll
C:\WINDOWS\system32\bthser.dll
C:\WINDOWS\system32\cryptex.dll
C:\WINDOWS\system32\drivers\nrplfomj.dat
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\seneka.dll
C:\WINDOWS\system32\senekadf.dll
C:\WINDOWS\system32\senekapop.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PJEADVHI
-------\Service_pjeadvhi


((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.

2008-09-21 17:39 . 2008-09-21 17:39 577,024 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-09-21 17:37 . 2008-09-21 17:37 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-21 17:36 . 2008-09-21 17:59 <DIR> d-------- C:\SDFix
2008-09-21 09:41 . 2008-09-21 09:41 <DIR> d-------- C:\Autoruns
2008-09-21 09:00 . 2008-09-21 09:00 900,015 --a------ C:\WINDOWS\system32\TmpA1698842
2008-09-21 08:45 . 2008-09-21 08:58 <DIR> d-------- C:\Program Files\FlashFXP
2008-09-21 08:45 . 2008-09-21 08:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-09-20 13:20 . 2008-09-20 13:21 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-09-20 13:04 . 2008-09-20 13:04 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-20 12:06 . 2008-09-20 12:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 12:06 . 2008-09-20 12:06 <DIR> d-------- C:\Documents and Settings\Iota\Application Data\Malwarebytes
2008-09-20 12:06 . 2008-09-20 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-20 12:06 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-20 12:06 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-20 11:48 . 2008-09-21 18:23 1,262 --a------ C:\WINDOWS\system32\Config.MPF
2008-09-20 11:18 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-09-20 11:17 . 2006-12-22 16:02 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-09-20 11:17 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-09-20 11:17 . 2006-12-22 16:02 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-09-20 11:17 . 2006-12-22 16:02 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-09-20 11:17 . 2006-12-22 16:02 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-09-20 11:17 . 2006-12-22 16:02 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-09-20 11:16 . 2008-09-20 11:16 <DIR> d-------- C:\Program Files\McAfee.com
2008-09-20 11:16 . 2008-09-20 11:23 <DIR> d-------- C:\Program Files\McAfee
2008-09-20 11:16 . 2008-09-20 11:18 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-09-20 11:14 . 2008-09-20 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-20 10:59 . 2008-09-20 10:59 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-19 09:49 . 2008-09-19 09:49 21,200 --a------ C:\WINDOWS\system32\__c00E6499.jpg
2008-09-19 09:49 . 2008-09-19 09:49 21,200 --a------ C:\WINDOWS\m0_glkP_150908.dll
2008-09-19 09:48 . 2008-09-19 09:48 2,435 --a------ C:\WINDOWS\system32\senekadf.dat
2008-09-19 09:48 . 2008-09-19 09:48 42 --a------ C:\WINDOWS\system32\seneka.dat
2008-09-19 09:43 . 2008-09-19 09:43 38,455 --a------ C:\WINDOWS\system32\drivers\seneka.sys
2008-09-19 09:43 . 2008-09-19 09:49 3,294 --a------ C:\WINDOWS\system32\senekaul.dat
2008-09-19 09:43 . 2008-09-19 09:43 87 --a------ C:\WINDOWS\system32\senekakl.dat
2008-09-19 08:35 . 2008-09-19 08:35 94,208 --a------ C:\WINDOWS\system32\bqpopmti.exe
2008-09-18 20:47 . 2008-09-18 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DscSysUtil
2008-09-18 20:36 . 2008-09-18 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\difkrehk
2008-09-18 20:36 . 2008-09-18 09:00 165,888 --a------ C:\WINDOWS\system32\sav.cpl
2008-09-18 20:36 . 2008-09-18 20:36 86,016 --a------ C:\WINDOWS\system32\pshwhczc.exe
2008-09-16 10:18 . 2008-09-16 10:18 119,300 --a------ C:\WINDOWS\system32\mshtml90.dll
2008-09-13 14:00 . 2008-09-13 14:00 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\System Doctor Free
2008-09-13 12:37 . 2008-09-13 12:37 <DIR> d-------- C:\Documents and Settings\Iota\Application Data\PCPrivacyCleaner
2008-09-13 10:23 . 2008-09-13 10:23 <DIR> d-------- C:\Documents and Settings\Iota\Application Data\System Doctor Free
2008-09-13 10:17 . 2008-09-13 10:17 5,120 --a------ C:\WINDOWS\system32\drivers\rhdmclqn.dat
2008-09-08 19:56 . 2008-09-08 19:56 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\PCPrivacyCleaner
2008-09-08 19:12 . 2003-03-19 09:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-09-08 19:12 . 2003-03-19 06:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-08-31 13:54 . 2002-07-08 10:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-08-31 13:54 . 2006-06-20 20:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-08-31 13:53 . 2008-08-31 13:53 <DIR> d-------- C:\Program Files\Outsim
2008-08-31 13:51 . 2008-09-21 09:02 <DIR> d-------- C:\Program Files\Image-Line
2008-08-31 13:14 . 2008-09-21 08:58 <DIR> d-------- C:\Program Files\Vstplugins
2008-08-31 13:13 . 2008-08-31 13:13 900,015 --a------ C:\WINDOWS\system32\TmpA100855
2008-08-31 11:36 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-08-30 19:12 . 2008-08-30 19:12 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-30 19:11 . 2008-08-30 19:11 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-30 19:07 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-30 19:06 . 2008-08-30 19:06 <DIR> d-------- C:\Program Files\Microsoft Works
2008-08-30 19:05 . 2008-08-30 19:05 <DIR> d-------- C:\Program Files\MSBuild
2008-08-30 18:59 . 2008-08-30 19:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-30 18:58 . 2008-08-30 18:58 <DIR> dr-h----- C:\MSOCache
2008-08-30 18:58 . 2008-08-30 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-30 18:48 . 2008-08-30 18:56 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-08-30 18:46 . 2008-08-30 18:46 <DIR> d-------- C:\WINDOWS\provisioning
2008-08-30 18:43 . 2008-08-30 18:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-30 18:39 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-08-30 18:36 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002243_.tmp
2008-08-30 18:36 . 2004-08-03 22:42 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-30 18:33 . 2008-08-30 18:33 <DIR> d-------- C:\WINDOWS\EHome
2008-08-29 20:55 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-08-29 20:55 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-08-29 20:55 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-08-29 20:55 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-08-29 20:55 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-08-29 20:55 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-08-29 20:55 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-08-29 20:55 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 04:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-24 10:53 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-08-04 04:17 --------- d-----w C:\Documents and Settings\Iota\Application Data\MSN6
2008-07-30 06:56 --------- d-----w C:\Documents and Settings\Iota\Application Data\alot
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74EBCFFB-AF2D-4dd4-A9BC-2AC12864B3EC}]
2008-09-16 10:18 119300 --a------ C:\WINDOWS\system32\mshtml90.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NECMFK"="C:\Program Files\necmfk\necmfk.exe" [2004-01-24 62976]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-12-15 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-12-15 118784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 152144]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-01-19 1082920]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-17 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\m0_glkP_150908]
2008-09-19 09:49 21200 C:\WINDOWS\m0_glkP_150908.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 MFKGTKEY;MFKGTKEY;C:\WINDOWS\system32\drivers\mfkgtkey.sys [2003-12-03 12672]
R1 Ps2LedIF;Ps2LedIF;C:\WINDOWS\system32\drivers\ps2ledif.sys [2003-01-11 5376]
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;C:\WINDOWS\system32\DRIVERS\Ps2Led.sys [2004-01-22 8320]
S0 pjeadvhi;pjeadvhi;C:\WINDOWS\system32\drivers\nrplfomj.dat [ ]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{0D61655D-197C-47D9-BE7C-08FE21AE0F55} - C:\WINDOWS\system32\cryptex.dll
BHO-{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
Toolbar-{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://my.alot.com?client_id=57FBD2B001C8BED2008EB8DF&install_time=26-05-2008:13:46&src_id=11069&tb_version=1.2.1.200
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Search - http://edits.mywebsearch.com/toolbar...p=ZRxdm428YYNZ
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/PopularScreenSaversFWBInitialSetup1.0.1.0.cab
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.1.0.inf

O16 -: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB
C:\WINDOWS\Downloaded Program Files\igloader.inf
C:\WINDOWS\Downloaded Program Files\igloader.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 18:33:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pjeadvhi]
"ImagePath"="system32\drivers\nrplfomj.dat"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\m0_glkP_150908.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\m0_glkP_150908.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2008-09-21 18:37:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-21 06:37:29

Pre-Run: 24,071,413,760 bytes free
Post-Run: 28,529,733,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

231
ravensheat is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here