Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tcp/ip driver problems after virus? lingering rootkit? can't get on the internet


  • This topic is locked This topic is locked
3 replies to this topic

#1 carolynski

carolynski

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 14 August 2011 - 08:02 AM

Merged topics so you retain your place in line. ~ OB

Hi there
Can't wait to use the forum for a virus problem but Gmer is still running after 24 hours. I have the dds logs but can't stop my usb to get them off the infected computer because Gmer is running and it won't let me remove the usb.

Task manager says Gmer is running and the computer is not frozen.

Do i stop gmer at this point? Is there another way to get you the logs you need?

Running xp sp3 pro.

Thanks!

Edited by Orange Blossom, 14 August 2011 - 03:04 PM.


BC AdBot (Login to Remove)

 


#2 carolynski

carolynski
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 14 August 2011 - 10:29 AM

I posted eariler that i have problems with running gmer but i guess it was done and I just didn't know?

Anyway...
I ran mbam, super antivirus but still had problems so i went to run kaspersky tool and thought it froze so i did a force restart and now my computer can't get on the internet.
Tried previous restore point, didn't work.
Tried to reset tcp/ip things and registrys but didn't work.
Tried to reinstall tcp/ip protocal but says "Driver not signed" so i tried to replace the tcpip.sys but it just reappears if you delete it which makes me think I still have a virus.
Firewall won't start because it can't start shared services.
An old version of Viper rescue found a couple more infections but no change.

My CD drive also diappeared after the restart but i was able to uninstall and reinstall to get it back without reinstlling a new drivers but i did anyway for good measure.
I really think a virus is jacking with my tcp/ip driver or may be there is a system setting need adjusted? I may try uninstalling more programs.
Can you help?
Thanks in advance!



.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Tiffany at 9:46:51 on 2011-08-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1624 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: {C4B8BAB4-1667-11DF-A242-BA9455D89593} - No File
BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java™ Plug-In 2 SSV Helper
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: itlntfy - itlnfw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tiffany\application data\mozilla\firefox\profiles\i9vjsuhv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\tiffany\application data\mozilla\firefox\profiles\i9vjsuhv.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency.dll
FF - component: c:\documents and settings\tiffany\application data\mozilla\firefox\profiles\i9vjsuhv.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\tiffany\application data\mozilla\firefox\profiles\i9vjsuhv.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency3.6.dll
FF - component: c:\documents and settings\tiffany\application data\mozilla\firefox\profiles\i9vjsuhv.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\components\dtTransparency.dll
FF - component: c:\documents and settings\tiffany\application data\mozilla\firefox\profiles\i9vjsuhv.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\tiffany\application data\mozilla\firefox\profiles\i9vjsuhv.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\components\dtTransparency3.6.dll
FF - component: c:\program files\bearshare applications\mediabar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - plugin: c:\documents and settings\tiffany\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Fantapper: FantapperExtension@brandaffinity.net - %profile%\extensions\FantapperExtension@brandaffinity.net
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Surf Canyon - Search Engine Assistant: {75623d5d-4683-402a-b610-ac4bab767c86} - %profile%\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-8-12 93872]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-8-10 352656]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-20 136176]
S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2008-4-14 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-20 136176]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-28 30576]
.
=============== File Associations ===============
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-08-13 03:28:26 93872 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-13 03:28:26 27944 ----a-w- c:\windows\system32\sbbd.exe
2011-08-13 03:27:27 -------- d-----w- C:\VIPRERESCUE
2011-08-13 00:43:16 -------- d-----w- C:\SMCLpav
2011-08-12 22:57:21 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2011-08-12 22:57:21 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-08-12 12:48:26 7294 ----a-w- C:\cc_20110812_074819.reg 5.reg
2011-08-12 12:45:07 -------- d-----w- c:\documents and settings\tiffany\application data\simppulltoolbar
2011-08-12 12:23:16 30816 ----a-w- C:\cc_20110812_072309.reg 4.reg
2011-08-11 12:33:21 -------- d-----w- c:\documents and settings\tiffany\local settings\application data\PCHealth
2011-08-11 12:32:54 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-11 06:55:24 79238 ----a-w- C:\cc_20110811_015516.reg 3.reg
2011-08-11 05:53:05 -------- d-----w- C:\ERDNT
2011-08-11 04:38:15 43408 --sha-w- c:\windows\system32\c_73654.nl_
2011-08-11 03:46:12 -------- d-----w- C:\2011-08-10 22-46-12
2011-08-11 03:36:46 -------- d-----w- c:\documents and settings\tiffany\application data\IObit
2011-08-11 03:36:44 -------- d-----w- c:\program files\IObit
2011-08-11 02:01:17 22730 ----a-w- C:\cc_20110810_210103.reg 2.reg
2011-08-11 01:28:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-11 01:28:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-10 23:49:38 -------- d-----w- c:\windows\system32\NtmsData
2011-08-10 22:27:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-10 20:35:27 52834 ----a-w- C:\cc_20110810_153509.reg
2011-08-10 19:17:07 -------- d-----w- c:\documents and settings\tiffany\application data\SUPERAntiSpyware.com
2011-08-10 19:17:07 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-08-10 19:17:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-10 18:56:38 54016 ----a-w- c:\windows\system32\drivers\dbelxox.sys
2011-08-10 18:24:17 -------- d-----w- c:\windows\system32\LogFiles
2011-08-10 18:23:03 -------- d-----w- c:\documents and settings\tiffany\application data\Malwarebytes
2011-08-10 18:22:57 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-10 18:22:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-10 18:22:54 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-10 18:22:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-10 18:21:17 -------- d-----w- c:\program files\CCleaner
2011-08-10 15:42:37 -------- d-----w- c:\windows\pss
2011-08-10 14:05:56 1134 ----a-w- C:\FixNCR.reg
.
==================== Find3M ====================
.
2011-08-10 20:40:36 256 ----a-w- c:\windows\system32\pool.bin
.
============= FINISH: 9:47:15.32 ===============

Attached Files


Edited by Orange Blossom, 14 August 2011 - 03:03 PM.
Merged topics. ~ OB


#3 carolynski

carolynski
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 16 August 2011 - 05:51 PM

... I reinstalled windows. Problem solved

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:13 PM

Posted 17 August 2011 - 09:44 PM

Hello,

Thank you for letting us know. I'm sorry we couldn't get to you sooner. Sometimes a reformat and reinstall is the quickest solution.

Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users