I have been unable to download anything from microsoft.com, always get a "Internet Explorer cannot display the webpagepage" message. I cannot successfully ping download.microsoft.com, microsoft.com, etc., getting "request timed out message", and 100% loss of packets.
After many days of trying things including MTU's, examining the host file, run malwarebytes, CCleaner, HijackThis, and finally ComboFix, I am reaching out in this forum for help. I was scared to run the combofix as I am not a combofix guru, but I ran the scan and am posting the log file, which i don't know how to interpret. Any help would be greatly appreciated, as I just cannot resolve this issue, and need to download stuf for software / database development.
Here is the ComboFix log...
ComboFix 11-01-29.03 - John 01/30/2011 20:39:39.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.994 [GMT 8:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\John\GoToAssistDownloadHelper.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
.
2011-01-30 12:50 . 2011-01-30 12:50 -------- d-----w- c:\users\John\AppData\Local\temp
2011-01-30 12:50 . 2011-01-30 12:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-30 11:23 . 2011-01-30 11:23 28752 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKslafb2ca6f.sys
2011-01-30 10:51 . 2011-01-30 10:51 28752 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKsla28d477c.sys
2011-01-29 19:03 . 2011-01-29 19:03 28752 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKslc77544bf.sys
2011-01-28 18:33 . 2011-01-30 06:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-28 18:33 . 2011-01-29 01:56 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-01-28 17:43 . 2011-01-28 17:49 -------- d-----w- c:\program files\Windows Live Safety Center
2011-01-28 11:26 . 2011-01-28 11:26 28752 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKslf0b0f0c0.sys
2011-01-25 06:29 . 2011-01-25 06:29 28752 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKslb6901cf9.sys
2011-01-25 05:43 . 2011-01-13 09:41 5890896 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\mpengine.dll
2011-01-23 03:16 . 2011-01-23 03:17 -------- d-----w- c:\users\John\AppData\Local\{F356FF98-6255-4A23-B10E-CDC2624F8E70}
2011-01-22 12:00 . 2011-01-22 12:01 -------- d-----w- c:\users\John\AppData\Local\{B5953ECC-8222-40EC-8E04-1376C8A60AC9}
2011-01-22 11:32 . 2011-01-22 11:32 -------- d-----w- c:\users\John\AppData\Local\{664311A6-373D-4BE1-B53D-C228406CCF15}
2011-01-22 06:30 . 2009-09-04 09:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-01-22 06:30 . 2009-09-04 09:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-01-22 06:30 . 2009-09-04 09:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-01-22 06:26 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-01-22 06:21 . 2011-01-22 06:21 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\8f7b0ba31cbb9fc04\MeshBetaRemover.exe
2011-01-22 06:20 . 2011-01-22 06:20 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\7d2755831cbb9fc03\DSETUP.dll
2011-01-22 06:20 . 2011-01-22 06:20 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\7d2755831cbb9fc03\DXSETUP.exe
2011-01-22 06:20 . 2011-01-22 06:20 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\7d2755831cbb9fc03\dsetup32.dll
2011-01-22 06:20 . 2011-01-22 06:20 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\691da2631cbb9fc02\DXSETUP.exe
2011-01-22 06:20 . 2011-01-22 06:20 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\691da2631cbb9fc02\dsetup32.dll
2011-01-22 06:20 . 2011-01-22 06:20 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\691da2631cbb9fc02\DSETUP.dll
2011-01-22 04:28 . 2011-01-22 11:13 -------- d-----w- c:\users\John\AppData\Local\Windows Live
2011-01-22 03:59 . 2011-01-22 03:59 -------- d-----w- c:\program files\Windows Portable Devices
2011-01-22 03:24 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-01-22 03:24 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-01-22 03:24 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-01-22 03:22 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2011-01-22 03:20 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-01-22 03:20 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-01-22 03:20 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-01-22 02:02 . 2010-11-02 06:03 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-01-22 02:01 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-01-22 02:01 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-01-22 02:00 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-01-22 01:59 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-01-22 01:59 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2011-01-22 01:59 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-01-22 01:59 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-01-22 01:59 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-01-22 01:59 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-01-22 01:59 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-01-22 01:59 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2011-01-22 01:59 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-22 01:59 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-22 01:59 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-01-22 01:57 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-01-22 01:56 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-01-22 01:56 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-01-22 01:56 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-01-22 01:56 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-01-22 01:47 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-01-22 01:35 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-01-22 01:35 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-01-22 00:34 . 2011-01-22 00:34 -------- d-----w- c:\program files\CCleaner
2011-01-21 13:38 . 2011-01-21 13:39 -------- d-----w- c:\windows\system32\ca-ES
2011-01-21 13:38 . 2011-01-21 13:39 -------- d-----w- c:\windows\system32\eu-ES
2011-01-21 13:38 . 2011-01-21 13:39 -------- d-----w- c:\windows\system32\vi-VN
2011-01-21 08:37 . 2011-01-21 08:37 -------- d-----w- c:\users\John\AppData\Roaming\ParetoLogic
2011-01-21 08:37 . 2011-01-21 08:37 -------- d-----w- c:\users\John\AppData\Roaming\DriverCure
2011-01-21 08:37 . 2011-01-21 09:31 -------- d-----w- c:\progra~2\ParetoLogic
2011-01-21 05:58 . 2011-01-21 05:58 -------- d-----w- c:\progra~2\Office Genuine Advantage
2011-01-21 05:17 . 2011-01-21 05:17 -------- d-----w- c:\windows\system32\EventProviders
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-10-13 05:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-10-13 05:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 04:33 . 2010-01-10 07:36 6273872 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"="" [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R1 MpKsl5f6ba2d2;MpKsl5f6ba2d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKsl5f6ba2d2.sys [2011-01-29 28752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca28cd9f3a3070;Google Update Service (gupdate1ca28cd9f3a3070);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
R2 OracleVssWriterCLASSDB;Oracle CLASSDB VSS Writer Service;d:\app\John\product\11.1.0\db_1\bin\OraVSSW.exe CLASSDB [x]
R2 OracleVssWriterORCL;Oracle ORCL VSS Writer Service;d:\app\John\product\11.1.0\db_1\bin\OraVSSW.exe ORCL [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]
R4 OracleJobSchedulerCLASSDB;OracleJobSchedulerCLASSDB;d:\app\john\product\11.1.0\db_1\Bin\extjob.exe CLASSDB [x]
R4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;d:\app\john\product\11.1.0\db_1\Bin\extjob.exe ORCL [x]
R4 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;d:\app\John\product\11.1.0\db_1\BIN\TNSLSNR [x]
R4 OracleServiceCLASSDB;OracleServiceCLASSDB;d:\app\john\product\11.1.0\db_1\bin\ORACLE.EXE CLASSDB [x]
R4 OracleServiceORCL;OracleServiceORCL;d:\app\john\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [x]
S1 MpKslafb2ca6f;MpKslafb2ca6f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9EC7-D303-4C1D-9472-C0AC166B9490}\MpKslafb2ca6f.sys [2011-01-30 28752]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2008-12-18 202592]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:24]
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:24]
2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{B83BA6FC-D31D-4680-8CA4-CCFF376A6534}.job
- c:\windows\system32\msfeedssync.exe [2011-01-22 04:25]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
AddRemove-Lizard Safeguard - PDF Viewer_is1 - f:\e-books\Lizard Safeguard PDF Viewer\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-30 20:50
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="d:\app\John\product\11.1.0\db_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-30 20:54:38
ComboFix-quarantined-files.txt 2011-01-30 12:54
Pre-Run: 5,802,229,760 bytes free
Post-Run: 5,665,177,600 bytes free
- - End Of File - - 9E998CA20967DA566D18C6D704E7BFB3
Edited by Budapest, 30 January 2011 - 04:37 PM.
Moved from Vista forum to Malware Removal Logs.