Inconsistent Internet Connectivity - Logs Attached

This machine was supposedly not staying connected to the Internet and suspicions were raised. Followed steps in Read & Run Me First.

Symantec is only AV installed.
No other non-Windows firewall installed.
No MyWay or ViewPoint programs installed.
Removed old Java and updated to new (JRE 6 Update 29).
Rebooted.
Norton AV quarantine folder is empty.
No Norton Nprotect folder found.
ID'd system as 32 bit. (Windows Vista)
Enable viewing of hidden system files/extensions.
Verified Msconfig in normal startup mode.
No "known malware" found.
DeFogger used to disable any CD emulators.
Confirmed user account type is admin.
Spybot not installed. No TeaTimer.
Disabled UAC.
Rebooted.
Installed SAS, configured per MG instructions, updated and scanned.
- nothing found
Installed MBAM, configured per MG instructions, updated and scanned.
- 1 instance found and removed
Rebooted.
Ran combofix. Completed successfully. Log attached.
Ran RootRepeal. Hung during scanning of hidden/locked files. Hard reboot required. Second attempt resulted in same. This step skipped.
Ran MGTools. Completed successfully. Logs attached.

System seems ok. Concerned about RootRepeal hanging system. Would be interested in your review of the logs. Thanks in advance.

Regards,
Meik

 

Hi and welcome to Major Geeks, Meikahyael!

There's not any malware in your logs.

I think your connectivity problems are software related. More specifically, I think Norton Antivirus may be the reason. I say this because typically ComboFix will detect what Anti-Virus/Firewall/Spyware Protection is in the Security Center cache, and your log depicts nothing but Windows Defender being present.

We can however do a couple more scans just to be certain that it's not malware.

http://img685.imageshack.us/img685/3557/tdsskiller.gif Now we need to run TDSSKiller by Kaspersky
Follow the instructions here and attach your log when you are finished. (How to attach items to your post)


Please download MBRCheck by GeeksToGo to your desktop.
See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (Vista and Win7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (How to attach items to your post)

 

Thanks for having a look, thisisu. Didn't get any alerts. Requested logs attached.

Also, I have noticed IE9 gives intermittently the "Internet Explorer has stopped working....data execution prevention" error especially when I go to close tabs. One example is when I click on the upload button of this forum for attachments. IE says it has to close and reopen the tab due to problems with the page. Seems like an IE thing because I can use the MG website on other systems with no errors. Dang Vista.

Also will be looking to dump Norton on this machine and go with MSSE as it seems to behave and work well.

Again, your assistance is very much appreciated.

 

No problem. These logs are clean as well.

In my experience Vista and IE9 do not work well together. I've even had trouble with IE9 opening at all on a clean install of Vista with SP2. I recommend sticking to IE8 if you are on Vista.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Dude. You :major rock. Thanks!

 

You're welcome. Surf safely! http://www.bleepingcomputer.com/forums/public/style_emoticons/default/icon_hello.gif