 Can't Connect To The Internet, Requesting Help Getting Connected to the Internet |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal > Misplaced HJT Logs  |
 Jun 24 2009, 05:20 PM
Post
#1
|
|
|
Member  Group: Members Posts: 62 Joined: 8-September 07 Member No.: 155,530  |
DDS (Ver_09-05-14.01) - NTFSx86 Run by HP_Owner at 17:16:21.45 on Wed 06/24/2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.629 [GMT -5:00] AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IDrive\IDriveE Service.exe C:\Program Files\IDrive\IDriveWebM.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\iprntctl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\Eraser\eraser.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\IDrive\IDriveETray.exe C:\Program Files\IDrive\IDriveEBackground.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Documents and Settings\HP_Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop uInternet Settings,ProxyServer = 216.124.18.5:8080 uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Weather] c:\progra~1\aws\weathe~1\Weather.exe 1 uRun: [Eraser] c:\program files\eraser\eraser.exe -hide uRun: [IDriveE Startup] "c:\program files\idrive\IDrvieEStartup.exe" Hide uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\idrive~1.lnk - c:\program files\idrive\IDriveEReg2ini.exe StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-30 11608] R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2007-1-19 34671] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-30 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-30 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-30 55640] R2 IDriveE Service;IDriveE Service;c:\program files\idrive\IDriveE Service.exe [2008-9-14 128464] R2 IDrivePlugin;IDrivePlugin;c:\program files\idrive\IDriveWebM.exe [2008-9-14 58832] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408] S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\system32\drivers\SMCWGU.sys [2007-6-26 408064] =============== Created Last 30 ================ 2009-05-30 19:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-05-30 19:42 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-05-30 19:42 <DIR> --d----- c:\docume~1\hp_owner\applic~1\SUPERAntiSpyware.com 2009-05-30 19:42 <DIR> --d----- c:\docume~1\hp_owner\applic~1\Malwarebytes 2009-05-30 19:42 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2009-05-30 19:42 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-30 19:42 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-05-30 19:42 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-05-30 19:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-05-30 19:41 6,406,688 a------- c:\program files\SUPERAntiSpyware.exe 2009-05-30 19:41 3,371,384 a------- c:\program files\mbam-setup.exe 2009-05-30 19:39 <DIR> --d----- c:\program files\VS Revo Group 2009-05-30 19:39 1,079,272 a------- c:\program files\revosetup.exe 2009-05-30 19:36 <DIR> --d----- c:\program files\Glary Utilities 2009-05-30 19:35 6,005,640 a------- c:\program files\gusetupnew.exe 2009-05-30 18:01 55,640 a------- c:\windows\system32\drivers\avgntflt.sys 2009-05-30 18:01 <DIR> --d----- c:\program files\Avira 2009-05-30 18:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira 2009-05-30 15:18 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys 2009-05-30 14:26 333,952 -------- c:\windows\system32\dllcache\srv.sys 2009-05-30 14:13 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll 2009-05-30 13:36 337,408 -------- c:\windows\system32\dllcache\netapi32.dll 2009-05-30 13:29 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-05-30 13:29 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb 2009-05-30 13:29 215,552 -------- c:\windows\system32\dllcache\wordpad.exe 2009-05-30 12:04 30,075,904 a------- c:\program files\Avira Anti Virus Free Addition.exe ==================== Find3M ==================== 2008-09-14 23:14 9,360,888 a------- c:\program files\IDriveSetup.exe 2008-09-14 14:12 8,944,224 a------- c:\program files\EraserSetup32.exe 2008-09-14 12:54 24,439 a------- c:\program files\updatejpegprocessing.docx 2007-10-23 14:59 8,856 a------- c:\docume~1\hp_owner\applic~1\wklnhst.dat 2006-12-10 00:50 1,059,848 a------- c:\program files\Belarc Advisor.exe 2006-12-09 13:50 1,115,549 a------- c:\program files\Quick Startup.exe 2007-01-01 20:42 22 a--sh--- c:\windows\sminst\HPCD.sys ============= FINISH: 17:16:31.93 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 12/9/2006 8:43:28 PM System Uptime: 6/24/2009 4:49:47 PM (1 hours ago) Motherboard: ECS | | Asterope3 Processor: Intel® Pentium® 4 CPU 3.20GHz | CPU 1 | 3199/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 67 GiB total, 56.946 GiB free. D: is FIXED (FAT32) - 7 GiB total, 0.315 GiB free. E: is CDROM () F: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek RTL8139/810x Family Fast Ethernet NIC Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A31103C&REV_10\4&B4B0D3&0&28A4 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8139/810x Family Fast Ethernet NIC PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A31103C&REV_10\4&B4B0D3&0&28A4 Service: RTL8023xp ==== System Restore Points =================== RP172: 5/30/2009 9:46:48 AM - System Checkpoint RP173: 5/30/2009 6:01:33 PM - Avira AntiVir Personal - 5/30/2009 18:01 RP174: 5/30/2009 7:40:27 PM - Revo Uninstaller's restore point - Ask Toolbar RP175: 5/30/2009 7:42:47 PM - Installed SUPERAntiSpyware Free Edition RP176: 5/30/2009 7:43:46 PM - Revo Uninstaller's restore point - Easy Internet Sign-up RP177: 5/30/2009 7:44:01 PM - Configured easy Internet sign-up RP178: 5/31/2009 8:42:57 AM - Software Distribution Service 3.0 RP179: 6/21/2009 12:37:20 PM - System Checkpoint RP180: 6/24/2009 4:47:48 PM - Configured Wireless G WUA-1340 ==== Installed Programs ====================== Adobe Reader 7.0.5 ATI Control Panel ATI Display Driver Avira AntiVir Personal - Free Antivirus Belarc Advisor 7.2 BufferChm CCleaner (remove only) CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_OnlineProjectsConfig CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config cp_PosterPrintConfig cp_UpdateProjectsConfig CueTour Customer Experience Enhancement Data Fax SoftModem with SmartCP Destinations DeviceManagementQFolder Eraser Eusing Free Registry Cleaner FullDPAppQFolder Glary Utilities 2.13.0.686 HP Boot Optimizer hp deskjet 3320 series (Remove only) HP DVD Play 2.1 HP Imaging Device Functions 7.0 HP Photosmart Premier Software 6.5 HP Support Overview HP Update HP Web Helper HPPhotoSmartExpress HpSdpAppCoreApp IDrive version 3.0.0 September 12 2008 InstantShareDevices J2SE Runtime Environment 5.0 Update 6 LiveUpdate 3.1 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Macromedia Flash Player 8 Making the Grade Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Money 2006 Microsoft Office Standard Edition 2003 Microsoft Office Standard Edition 2003 60 days trial Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) My HP Games Netscape Browser (remove only) Norton Internet Security (Symantec Corporation) Novell iPrint Client v04.15.00 OptionalContentQFolder PC-Doctor 5 for Windows PhotoGallery Python 2.2 pywin32 extensions (build 203) Python 2.2.3 Quick StartUp 1.5 Quicken 2006 RandMap RealPlayer Realtek High Definition Audio Driver Revo Uninstaller 1.83 Rhapsody Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB963027) SkinsHP1 SlideShow SlideShowMusic Sonic Express Labeler Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK SUPERAntiSpyware Free Edition Unload Update for Windows XP (KB955839) Update for Windows XP (KB967715) Updates from HP (remove only) WeatherBug WebFldrs XP WildTangent Web Driver Windows Genuine Advantage Validation Tool (KB892130) Windows Media Format Runtime Windows Media Player 10 Windows XP Service Pack 3 Yahoo! Toolbar Yahoo! Toolbar for Internet Explorer ==== Event Viewer Messages From Past Week ======== 6/24/2009 4:48:04 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file wlanapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512. ==== End Of File =========================== |
 |
 
|
|
Jun 24 2009, 05:27 PM
Post
#2
|
|
 Bleepin' Perennially Clueless!!! Group: Members Posts: 5,187 Joined: 1-December 07 From: England Member No.: 173,832 |
Hello Johnny Computer,
I have moved your Topic that included a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not. We understand that dealing with malware issues and getting help can be frustrating but improperly posting a log usually happens if you missed the directions we provide to those who require malware removal assistance. Prior to posting a log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system. Please complete all the steps in the Guide. If you can't perform a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Prep Guide to post a new log. Please DO NOT post any more logs to this topic, or post a log again in the wrong forum. The Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for. When your new DDS/HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done. Thanks for your cooperation and good luck. The BC Staff -------------------- My Father had a profound influence on me, he was a lunatic. X
|
|
|
|
|
Jun 24 2009, 05:36 PM
Post
#3
|
|
|
Member Group: Members Posts: 62 Joined: 8-September 07 Member No.: 155,530 |
Sorry for the post in the wrong area. Can I just repost my question in the Networking forum without the logs?? Thanks for the help Weatherman
|
|
|
|
|
Jun 24 2009, 05:40 PM
Post
#4
|
|
|
Bleepin' Perennially Clueless!!! Group: Members Posts: 5,187 Joined: 1-December 07 From: England Member No.: 173,832 |
Of course yo can Johnny Computer.
-------------------- My Father had a profound influence on me, he was a lunatic. X
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 02:32 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.