BleepingComputer.com: Please help: No IP address or Windows Firewall after virus

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Please help: No IP address or Windows Firewall after virus

#1 User is offline   ronm2481 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 02-January 12

Posted 02 January 2012 - 01:18 PM

Hello. My desktop computer that runs Windows XP got infected by a virus about a week ago. I used ComboFix to disable the virus. Then I used SuperAntiSpyware and Windows Security Essentials to (hopefully) remove all the infected files. Unfortunately, I now cannot connect to my wireless network. When I type ipconfig into Command Prompt, I have no IP address. It says "An internal error occurred: The request is not supported." I also have no Windows Firewall. Windows says it is unable to start the Windows Firewall/ICS Service. I have attempted several fixes after reading about similar problems on this site, but to no avail. I also cannot do a System Restore for some reason. Please help.

Thank you.

My logs are as follows. First, the ComboFix:

ComboFix 11-12-06.02 - Administrator 12/07/2011 20:12:15.1.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2733 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\ffmpeg.exe
c:\documents and settings\Owner\Local Settings\Application Data\xcc.exe
c:\windows\$NtUninstallKB52587$
c:\windows\$NtUninstallKB52587$\271375687\@
c:\windows\$NtUninstallKB52587$\271375687\bckfg.tmp
c:\windows\$NtUninstallKB52587$\271375687\cfg.ini
c:\windows\$NtUninstallKB52587$\271375687\Desktop.ini
c:\windows\$NtUninstallKB52587$\271375687\kwrd.dll
c:\windows\$NtUninstallKB52587$\271375687\L\jlyniomq
c:\windows\$NtUninstallKB52587$\271375687\lsflt7.ver
c:\windows\$NtUninstallKB52587$\271375687\U\00000001.@
c:\windows\$NtUninstallKB52587$\271375687\U\00000002.@
c:\windows\$NtUninstallKB52587$\271375687\U\00000004.@
c:\windows\$NtUninstallKB52587$\271375687\U\80000000.@
c:\windows\$NtUninstallKB52587$\271375687\U\80000004.@
c:\windows\$NtUninstallKB52587$\271375687\U\80000032.@
c:\windows\$NtUninstallKB52587$\3147059860
.
Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-08 01:20 . 2011-12-08 01:20 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A79F5F36-C18C-4C33-95DC-979E52B62057}\MpKslae598d82.sys
2011-12-08 01:20 . 2011-12-08 01:20 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A79F5F36-C18C-4C33-95DC-979E52B62057}\offreg.dll
2011-12-08 01:08 . 2008-04-14 04:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-12-07 14:45 . 2011-11-21 10:47 6823496 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A79F5F36-C18C-4C33-95DC-979E52B62057}\mpengine.dll
2011-11-30 21:53 . 2011-11-30 21:53 -------- d-----w- c:\documents and settings\Owner\.swt
2011-11-15 14:10 . 2011-11-15 14:10 -------- d-----w- c:\program files\iPod
2011-11-15 14:09 . 2011-11-15 14:11 -------- d-----w- c:\program files\iTunes
2011-11-13 20:37 . 2011-11-13 20:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-11-13 20:33 . 2009-11-06 08:26 642432 ----a-r- c:\windows\system32\drivers\bcmwlhigh5.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-10-24 16:52 6823496 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-17 22:23 . 2011-06-26 16:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2009-12-15 17:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 09:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2002-08-29 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2002-08-29 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-23 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-23 142872]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-12 458861]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HostManager"="c:\program files\Common Files\AOL\1289152805\ee\AOLSoftware.exe" [2010-03-08 41800]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBJAC0ATgA4AEQANwBVAC0ARgA2ADYAOAAyAC0AOAA5ADIAMgBSAC0ARgBVAFUAOQAyAC0AUQBYAE0AUwBLAA&inst=NwA2AC0ANQAxADcAMgA1ADkAMQA5ADQALQBQAEwAKwA5AC0AWABPADMANgArADEALQBOADEARAArADEALQBEAEQAVAArADUAMgAyADkALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0AUAA5ADAATQAxADIAQwArADEALQBQADkAVQArADEALQBVADkANQArADEALQBUAEIATgArADEALQBQADkAUgArADEA&prod=94&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-11-16 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1289152805\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
R1 MpKslae598d82;MpKslae598d82;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A79F5F36-C18C-4C33-95DC-979E52B62057}\MpKslae598d82.sys [12/7/2011 8:20 PM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [3/26/2009 9:33 PM 239760]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [12/15/2009 12:37 PM 110080]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [11/13/2011 3:33 PM 642432]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLAE598D82
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1035525444-682003330-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-07 01:17]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1035525444-682003330-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-07 01:17]
.
2011-12-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 20:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\06\00\0c\028\0a?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(6156)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\idt\wdm\STacSV.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\AOL Desktop 9.6\waol.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\AOL Desktop 9.6\shellmon.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2011-12-07 20:23:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-08 01:23
.
Pre-Run: 821,012,799,488 bytes free
Post-Run: 821,209,542,656 bytes free
.
- - End Of File - - CC4D031185F9AADEBFE8323C8F6191B4
ComboFix 11-12-06.02 - Owner 12/07/2011 20:28:49.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2417 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-08 01:31 . 2011-12-08 01:31 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A79F5F36-C18C-4C33-95DC-979E52B62057}\offreg.dll
2011-12-08 01:08 . 2008-04-14 04:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-12-07 14:45 . 2011-11-21 10:47 6823496 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A79F5F36-C18C-4C33-95DC-979E52B62057}\mpengine.dll
2011-11-30 21:53 . 2011-11-30 21:53 -------- d-----w- c:\documents and settings\Owner\.swt
2011-11-15 14:10 . 2011-11-15 14:10 -------- d-----w- c:\program files\iPod
2011-11-15 14:09 . 2011-11-15 14:11 -------- d-----w- c:\program files\iTunes
2011-11-13 20:37 . 2011-11-13 20:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-11-13 20:33 . 2009-11-06 08:26 642432 ----a-r- c:\windows\system32\drivers\bcmwlhigh5.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-10-24 16:52 6823496 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-17 22:23 . 2011-06-26 16:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2009-12-15 17:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 09:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2002-08-29 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2002-08-29 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-08_01.21.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-08 01:31 . 2011-12-08 01:31 16384 c:\windows\temp\Perflib_Perfdata_514.dat
+ 2002-08-29 12:00 . 2011-12-08 01:28 67952 c:\windows\system32\perfc009.dat
- 2002-08-29 12:00 . 2011-12-07 14:39 67952 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2011-12-08 01:28 433122 c:\windows\system32\perfh009.dat
- 2002-08-29 12:00 . 2011-12-07 14:39 433122 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-23 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-23 142872]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-12 458861]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HostManager"="c:\program files\Common Files\AOL\1289152805\ee\AOLSoftware.exe" [2010-03-08 41800]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBJAC0ATgA4AEQANwBVAC0ARgA2ADYAOAAyAC0AOAA5ADIAMgBSAC0ARgBVAFUAOQAyAC0AUQBYAE0AUwBLAA&inst=NwA2AC0ANQAxADcAMgA1ADkAMQA5ADQALQBQAEwAKwA5AC0AWABPADMANgArADEALQBOADEARAArADEALQBEAEQAVAArADUAMgAyADkALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0AUAA5ADAATQAxADIAQwArADEALQBQADkAVQArADEALQBVADkANQArADEALQBUAEIATgArADEALQBQADkAUgArADEA&prod=94&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-11-16 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1289152805\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [11/13/2011 3:33 PM 642432]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [3/26/2009 9:33 PM 239760]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [12/15/2009 12:37 PM 110080]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1035525444-682003330-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-07 01:17]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1035525444-682003330-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-07 01:17]
.
2011-12-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 20:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\06\00\0c\028\0a?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(8832)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\idt\wdm\STacSV.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\AOL Desktop 9.6\waol.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\AOL Desktop 9.6\shellmon.exe
.
**************************************************************************
.
Completion time: 2011-12-07 20:34:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-08 01:33
ComboFix2.txt 2011-12-08 01:23
.
Pre-Run: 821,194,563,584 bytes free
Post-Run: 821,182,332,928 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3D7CE0974C5950AE424DC24BC9B336C6







Second, the Farbar Services Scanner log:

Farbar Service Scanner
Ran by Owner (administrator) on 02-01-2012 at 14:49:09
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec service is OK.
Checking LEGACY_IpSec: Attention! Unable to open LEGACY_IpSec\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2010-04-27 11:11] - [2010-04-27 11:11] - 0138496 ____A (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2010-04-27 11:11] - [2010-04-27 11:11] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2010-04-27 11:11] - [2010-04-27 11:11] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6


Extra List:
=======
Gpc(3) IPSec(4) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
Attention! IpSec Tag value should be 5

**** End of log ****

This post has been edited by ronm2481: 02 January 2012 - 03:00 PM

#2 User is offline   ronm2481 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 02-January 12

Posted 04 January 2012 - 02:05 PM

Never mind. I figured out how to remove the virus myself.

#3 User is offline   Budapest 

  • Bleepin' Cynic
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 22,246
  • Joined: 11-November 06
  • Gender:Male

Posted 04 January 2012 - 05:37 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users