Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

problem with internet connection


  • This topic is locked This topic is locked
3 replies to this topic

#1 dejan.jrm

dejan.jrm

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 10 June 2009 - 03:35 AM

I have a problem with internet connection.Computer was catching viruses, and later with string`s that I cleaned, but now can not connect to the internet.For connection to the Internet using a network card that is valid and I've installed
drivers.What to do? Please for checking HjT and CF log, thank you.

Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:27, on 10-06-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\koran3\Desktop\TR3.exe\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\koran3\LOCALS~1\Temp\init.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft® System Manager] C:\WINDOWS\system32\d458e2.exe
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld08.exe
O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\koran3\reader_s.exe
O4 - HKCU\..\Run: [shv] C:\program Files\MicPhone\antit.exe
O4 - HKCU\..\Run: [SYSDLL] SYSDLL
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe (file missing)

--
End of file - 4064 bytes



Combo fix log:
ComboFix 09-06-08.03 - koran3 10-06-2009 9:47.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.239.70 [GMT 2:00]
Running from: c:\documents and settings\koran3\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\koran3\LOCALS~1\Temp\init.exe
c:\documents and settings\koran3\Application Data\wiaserva.log
c:\documents and settings\koran3\Application Data\wiaservg.log
c:\program files\MicPhone
c:\windows\KBPK090605.log
c:\windows\KBPK090606.log
c:\windows\sonce123140.dat
c:\windows\system32\_id.dat
c:\windows\system32\3361
c:\windows\system32\3361\a
c:\windows\system32\3361\mlog
c:\windows\system32\AutoRun.inf
c:\windows\system32\certstore.dat
c:\windows\system32\comsa32.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\msncache.dll
c:\windows\system32\msvcrt2.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_DHCPSRV
-------\Legacy_MSNCACHE
-------\Legacy_SNDINTD
-------\Legacy_SOPIDKC
-------\Service_6to4
-------\Service_DhcpSrv
-------\Service_glaide32
-------\Service_msncache
-------\Service_sndintd
-------\Service_sopidkc


((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-09 17:41 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-06-09 17:41 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2009-06-09 17:36 . 2004-11-02 06:58 163840 ----a-w- c:\windows\system32\igfxres.dll
2009-06-09 17:17 . 2004-08-04 01:07 33792 ----a-w- c:\windows\system32\dllcache\lmmib2.dll
2009-06-09 17:16 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-06-09 16:51 . 2004-08-04 01:07 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-06-09 16:51 . 2004-08-04 01:07 24661 ----a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-06-09 16:51 . 2004-08-04 01:07 13312 ----a-w- c:\windows\system32\irclass.dll
2009-06-09 16:51 . 2004-08-04 01:07 13312 ----a-w- c:\windows\system32\dllcache\irclass.dll
2009-06-09 13:01 . 2009-06-09 13:01 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-09 07:59 . 2009-03-03 18:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-06-09 07:40 . 2009-06-09 07:40 -------- d-----w- c:\program files\Lavalys
2009-06-05 09:22 . 2009-06-05 09:22 -------- d-----w- c:\windows\dhcp
2009-05-30 12:14 . 2009-05-30 12:04 30075904 ----a-w- C:\avira_antivir_personal_en.exe
2009-05-30 12:05 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 17:14 . 2007-04-18 09:15 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-25 12:29 . 2006-12-14 14:44 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-4-18 106560]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=

.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-cbvcs - c:\windows\system32\urretnd.exe
HKCU-Run-shv - c:\program files\MicPhone\antit.exe
HKLM-Run-Microsoft® System Manager - c:\windows\system32\d458e2.exe
HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe
Notify-winzlo32 - winzlo32.dll
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 09:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-10 9:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 07:51

Pre-Run: 35.368.992.768 bytes free
Post-Run: 35.435.872.256 bytes free

124

BC AdBot (Login to Remove)

 


m

#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:27 AM

Posted 10 June 2009 - 04:30 AM

Hi dejan.jrm,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Reset the LAN settings:

    In Internet Explorer:

    Go to Tools/Internet Options/ click on the Connections tab, then click on LAN Settings.The following items should be unchecked:
    • Automatically detect settings
    • Use a proxy server for your LAN
  • Make sure the following setting is set as it is supposed to be set:
    • Go to Start -> Control Panel -> Double click on Network Connections.
    • Right click on your default connection (usually Local Area Connection) and select Properties.
    • Select the General tab.
    • Double click on Internet Protocol (TCP/IP).
      Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".
    • Click OK twice to save the settings.
  • Now reboot the computer and tell me if you can connect to internet. Also post a fresh Hijackthis log to your reply.


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:27 AM

Posted 12 June 2009 - 08:39 PM

Are you still there?

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:27 AM

Posted 15 June 2009 - 04:11 PM

This thread will now be closed due to lack of activity.

If you should have the same or a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users