Help Verify PC is Clean and I Can Not Get Internet Back!

I've spent the better part of two days dealing with some nasty Virus/Malware on an older HP Pavilion Windows XP SP3 machine.

Everything was running fine and then the PC suddenly began shutting down and rebooting or just shutting down. Around the same time I noticed the DSL connection was seemingly slower than usual (which I verified with speed tests etc). The PC started to randomly reboot more and things got to the point where it was unusable because it would sometimes only stay on for less than a minute.

I do seem to remember clicking on something on a webpage a week or two ago and one of those fake anti virus sites popped up pretending it was scanning my pc. I didn't click anything within and I remember simply closing the pop up with the X in the corner and ignoring it.

Anyway I figured I had some virus so I began piecing together info from other sites and forums before I found this one. Turns out my efforts in the beginning seemed to make things get worse. Running virus scans froze the comp, then I suddenly was unable to update any virus definitions. Much of what I had going on sounded like a rootkit so I downloaded tdsskiller and it was showing trojangen files and constantly flagging files as "forged" in the Windows/System32/Drivers folder.

TDSSKiller would quarantine them and I'd reboot and they'd be back again. Deleting them to cure them on reboot was (as you'd probably suspect) a bad idea. I ended up bumbling through it but using rkill was necessary to kill processes troughout b/c the thing(s) blocked EVERYTHING I'd try to do. I remember points where the task/start bar was locked. I was locked out of task manager, programs wouldn't run etc.

I found this site a little late in the game so any program I'd throw at it would act finicky. Most anything would lock up or refuse to run. If it did run scans would freeze or the pc would BSOD and reboot. I then got caught up in an endless reboot, crash/bsod and reboot cycle.

It was a nightmare to get things straightened out before I could even get into Windows to run any of the suggestions I found here. I ended up using chkdsk chkdsk /p and doing them several times until it would come back without a problem. Reboot after reboot and doing a repair of my windows installation. The computer also liked to run its own chkdsk verifications at every reboot for a while. When it was all said and done I was able to recover enough to get into windows and start running some of the steps suggested for Malware removal here. In my efforts I ended up removing some "trojan Agent gen" files with superantispyware and I also remember something referencing a "regedit.com" virus.

Eventually things seemed to be straightened out. The computer ran perfectly fine for a half day and then just suddenly started randomly shutting down and then rebooting for no reason again. Much of the same previously deleted/quarantined files were back and I again lost the ability to download virus updates etc.

This time I was now aware of this site and these forums in the beginning so I went through the malware removal steps in order. This was much more productive and think I might have it licked for the most part. This most recent fight ended with SAS eliminating

Trojan Agent/Gen.IE FAKE (8 items)
Trojan Agent/Gen - IExplorer (4 items)
Trojan Agent/Gen-PEC (4 items)​

After eliminating the above, SAS and Malware Bytes scans have come up clean. Scans with Avast antivirus come up clean as well. The computer runs fine and has not unexpectedly shut down at all since I've gone through a second time following your protocols. I think there may be a copy of whatever was ailing me hidden in a system restore point or recovery partition on this HP comp but I'm not sure.

Everything seems to be running great on this PC with ONE exception. I can NOT get an internet connection. The Local area connection is working. This pc sees other computers on my little network here and the pc sends and receives pings. I can ping by ip address to other machines and external sites. I've tried nearly every basic and common suggestion I could find by googling it. None of them work! I'll post more details on that in my next post. I was concerned it's possibly still malware or a virus somehow blocking me so I wanted to check here.

I've run several SAS, antivirus scans, and Malware Bytes scans and they come back clean. That being said NOTHING fixes my internet issue and I wanted to verify I've cleaned this machine before spending more time on that issue. I'm also fearful perhaps there is still remnants of malware that is causing me problems with the internet connection.



After that long winded intro I have two major favors to ask:
1. Could someone take a look at my logs to see if they look ok and/or to recommend further action?

2. If this infection is gone can someone help me get this internet issue resolved?


I've gone through the "Read and Run Me First" steps in order and I've attached my logs to this post for your review. I apologize sincerely for the long post but I felt it was necessary. Thanks so much!

 

I just realized I forgot to post my ComboFix log last night. Sorry about that...I was dead tired last night/this morning when I posted! :zzz

 

Thanks for verifying for me!
Now that I'm fairly confident there are no remnants of the malware on that PC I need to start trying to figure out why I can't connect to the internet.
I wasn't aware SAS had a repair option for network connections.

Unfortunately the SAS repair internet connection function didn't work.

It's weird. I know the internet connection is up and running. It shows it under "status".

This is DSL modem connected to a Belkin Wireless router. I have two other desktops wired to the router that can surf the internet just fine. Wireless works like a champ too. Everything was working fine before the malware with the PC that now won't connect to the internet.


The PC in question will even get updates through the Avast antivirus built in update function. However I cannot update SAS or Malware Bytes.

I CAN ping loopback, all the machines can "see" each other on the internet. The affected PC can even ping by IP address. If I ping by IP its successful. If I browse by IP address I see at least some sort of webpage. I CANNOT ping or browse the internet by host name.

This issue affects both IE and FireFox. I've made sure I've ticked direct connection to the internet and that the browsers are NOT set to use a proxy. Nothing I've tried changes things for me. I've ipconfig /renew /release and DNS flush which does nothing.

I've tried winsock fix, XP's built in repair functions, I've verified all the right boxes are checked for obtaining IP addresses etc. I've tried powercycling everything and the router settings look right. I'm aggravated!

I've seen other people on the internet who've been in similar situations and had to throw in the towel and do a fresh install simply b/c the PC won't connect to the internet. I've fought back so hard against this and made it this far. I really hope I can get it figured out!

I've tried a bunch of stuff but I'm willing and ready to start over with any suggestions. Of course this is now probably more a Networking thread so should I start a new thread there?

Thanks so much for your time!

 

Will do. Thanks for taking a look at my logs and double checking for me!