Past infection still looms

[jz64]

Hello again, and thank you for the continuing help...

I ran RogueKiller and followed the instructions, logs are attached.
I then re-ran OTL and I am attaching the log.

I didn't forget the MCSHield log this time, will attach immediatly after this post.

[jz64]

That MCShield log you requested...

[magna86]

Re-run OTL.exe.

• Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  
  

Code: [Select]


:Otl
SRV - File not found [Disabled | Stopped] -- C:\Users\JOHNSO~1\AppData\Local\Temp\YGUHJEN.exe -- (YGUHJEN)
SRV - File not found [Disabled | Stopped] -- C:\Users\JOHNSO~1\AppData\Local\Temp\SPGSTFLZ.exe -- (SPGSTFLZ)
SRV - File not found [Disabled | Stopped] -- C:\Users\JOHNSO~1\AppData\Local\Temp\JMURG.exe -- (JMURG)
SRV - File not found [Disabled | Stopped] -- C:\Users\JOHNSO~1\AppData\Local\Temp\HN.exe -- (HN)
SRV - File not found [Disabled | Stopped] -- C:\Users\JOHNSO~1\AppData\Local\Temp\HBCVQFF.exe -- (HBCVQFF)
SRV - File not found [Disabled | Stopped] -- C:\Users\JOHNSO~1\AppData\Local\Temp\GBQYAZ.exe -- (GBQYAZ)
SRV - File not found [Disabled | Stopped] -- C:\Users\JOHNSO~1\AppData\Local\Temp\AKCDWAASWEB.exe -- (AKCDWAASWEB)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Users\JOHNSO~1\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)
IE - HKU\S-1-5-21-2314929129-2979127341-398551399-1000\..\SearchScopes\{DBFE57E6-8D18-4993-8109-7A5C8F07507A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=292AF8E5-A814-4C76-A321-E6B6C1B61220&apn_sauid=4A5DC8E8-35D6-45CF-BEC2-8DC6C907FC3F
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[CREATERESTOREPOINT]
[emptytemp]



• Then click the Run Fix button at the top.
  
• Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

********************************


How's your computer running now? 

[jz64]

Hello, I attached the log. The problem is that there is no internet connection anymore. The lan ip is static. After the OTL fix, I only got autoconfig bc of that. So, I gave it the correct ip address. Still there is no internet connectivity, when before these fixes there was at least intermittent connectivity. ... The other computers accessing the internet have no problems at the same time the problem machine does.

Could a LSP (layered service provider) have been installed and improperly removed causing the internet headache? I ask because I seen some winsock entries with catalog5,catalog9, etc...

Again, thank you for your continued help...

[jz64]

...upon a reinspection of ipconfig, I did set the correct ip for the machine, but overlooked re-setting the gateway to the router address... That is a funny oops! Anyway, I am goin to use that machine for a while to see if it is still doing the intermittent no internet thing...
...Crossing fingers....

[magna86]

Code: [Select]

The lan ip is static.
Aha, i didn't know that.

OTL has received the command in OTL script to start ipconfig tool and do release and renew of your ip adress.

all that could be done manualy through command prompt

here is how:
start>run>cmd
ipconfig /release > enter
ipconfig /renew > enter

this command refresh and forse windows to obtain new ip adress.

Or may process after ipconfig /release in OTL script has blocked for some reason and you up temporarily lost internet connection ( becose there is no ip adress ).
Thats may happend sometimes. It's nothing scarry abaut. If you have setup your IP, your internet is up again. 

Important thin is that your modem (or router) is connected to the Internet ( to receive incoming and outgoing traffic from your service provider).
----------------------------------------


Lets removed used tool. 



It is necessary to uninstall ComboFix :

• Click Start (or ) then Run.
  
  
  On Windows7 or Vista you may use Start Search field if Run is not available.
  
  
• In the line of text type in (Copy) the following:

Code: [Select]

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

• then click OK (or press Enter ).

Wait for the uninstall process is complete.

*******************


> Keep OTL for a while. We will remove OTL in the end.


******************



I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity -  Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

************************

[jz64]

Hello again Magna86,
I wanted to wait a day or two before returning with news of the problem...

Like I said in the last message, I forgot to set the gateway but once I did that and set the ip the internet was back.

In the end it does look like my original problem is fixed. The original problem was after infections and partial cleanings there was only an intermittent wireless internet connection even though other computers were fine at the same time.

That being said I have a few comments and a question or two, I hope you do not mind...

Comments:
First off, thank you for your help I had the problem for more than a year.
Also, because I haven't found all usb drives, I will keep mcshield for now.

Questions:
Can you tell me which malware was the problem (or which combination of malware was my problem in this case)? (I would like to learn more about it---thirst for knowledge )
If/when I do decide to get rid of MCshield, is there any removal tool needed, can you provide removal instructions?
When I need to get rid of OTL, is there a removal tool or special process needed?

P.S. The webpages, I am told, load quicker as well now. I was also told the internet hasn't been down since the user has been using it after it had been cleaned.
User is family, I use Ubuntu on laptop.

[magna86]

Hi,

First off, thank you for your help I had the problem for more than a year.

No problem. Glad i could help. 

Can you tell me which malware was the problem (or which combination of malware was my problem in this case)? (I would like to learn more about it---thirst for knowledge )

Let's just say there was a lot of bad files&entrys that are trying to be started or they were already been executed. 

If/when I do decide to get rid of MCshield, is there any removal tool needed, can you provide removal instructions?

MCShield is a small software and it have his uninstaller as any other application. In any time MCS may be removed from control panel.
But as I wrote above, I recommend you to leave&keep it on the system because it is very light and very helpfull softwere.

When I need to get rid of OTL, is there a removal tool or special process needed?

> Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

P.S. The webpages, I am told, load quicker as well now.

Combofix ( and later OTL ) has clean all junk files created by your browsers and system. Thats why it load faster.