Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Access Internet Explorer


  • This topic is locked This topic is locked
10 replies to this topic

#1 slbd78

slbd78

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 05 October 2007 - 02:08 PM

At first I could not access Internet because I was getting an error at the bottom of my screen that said "badurl.grandstreetinteractive.com". I ran Ad-ware and removed some malware and infected files. Now, when I try to connect to the Internet, it keeps saying "page cannot be found". The badurl.grandstreetinteractive.com is no longer coming up. Please help.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:52 AM, on 10/5/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\BMServ.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\BMApp.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\DockApp.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.Begin2Search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Begin2Search.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cg...=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9EFDB268-B381-2C08-5627-828B2AA2FE1B} - C:\WINNT\Nuvdjkyp.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Search - {9EBA549E-BAEF-F0DF-40C7-D8A48BFBDF67} - C:\WINNT\Nuvdjkyp.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [SetupType] Portable
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Belkin Wireless G Notebook Card Client Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 -k9=fftG9i<q[`
õiQV>h?V
1i?x{bʚ:irEՕ2?rK7Tf͌97cGj݌$р:m?S5'yоPV̓dz੩ OtyH#(Ƒ Pg8Qµ_KmcA8Xm0 6P ݞd$`|6%${am)B1犭M$|xbXo #Y:C -7F4+M32#z'2[K
@8e$>pwF<ҪD%y@PKRIU~ZRyfiQY-ȭ⥳Jv:JoK.1,G=*Q:VNFc~SgeUU*r:T#N Ͻ&55:/zELʹzP"P<Մ Ś:wh}k6B=ƒR!/==]m"qӊ}1G=E次U}jT=&H_j~sң8NV!qhҌHۚtkS ґڞ
R*35GU 5[}9ֽUQy0.B+]:n"R nVַ,XAjOw@+: zc֮}O7)uEIS\7`3A#sOsY=QڬH/Mayő Wh[$^ZEo
bHU_!e*W`]vuPouf".(QL!Tp*o8Mh]L

BC AdBot (Login to Remove)

 


m

#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 06 October 2007 - 03:06 PM

Hello there and welcome to BleepingCompuiter. My name is Charles and I will be dealing with your log today.
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Navigate to Start | Control Panel | Add or Remove Programs.
Highlight the following, before clicking Remove:

Web Offer
TV Media


Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.Begin2Search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Begin2Search.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cg...=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - {9EFDB268-B381-2C08-5627-828B2AA2FE1B} - C:\WINNT\Nuvdjkyp.dll (file missing)
O3 - Toolbar: Search - {9EBA549E-BAEF-F0DF-40C7-D8A48BFBDF67} - C:\WINNT\Nuvdjkyp.dll (file missing)
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe)


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Next, please find and delete the following folders (if present):

C:\Program Files\TV Media
C:\Program Files\Web Offer

Reboot into Normal Mode again.

I'd like to see a brand new HijackThis log in your next post.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 slbd78

slbd78
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 07 October 2007 - 05:00 AM

Hi Charles,

I did follow the steps you suggested. Now, when I try to connect to the Internet, "Finding site:auto.search.msn.com" is coming up at the bottom. Then it changes to: "res:\\C:WINNT\system32\shdoclc.dll\dnserror.htm" at the bottom of the screen. Shortly after that I receive an error saying "Internet Explorer could not open the search page". Here is my new log. I appreciate all of your help.

Thanks,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:16 PM, on 10/6/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\BMServ.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\BMApp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\DockApp.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [SetupType] Portable
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Belkin Wireless G Notebook Card Client Utility.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Softex BayManager (BMServ) - Unknown owner - C:\WINNT\System32\BMServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)

--
End of file - 5424 bytes

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 07 October 2007 - 08:12 AM

Hello again,
Please download SmitfraudFix to your Desktop.
Double click SmitfaudFix.exe to run the program.
Press any key to accept the disclaimer.
Select option 5, by typing 5 then hitting enter.
A textfile wil open once it is complete, please copy and paste the contents of this in your reply.
Alternatively, it can be found at C:\rapport.txt.

Also download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

In your next post I would like to see both the Combofix log and the SmitfraudFix report.
Thanks,
Charles :thumbsup:

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 slbd78

slbd78
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 07 October 2007 - 02:58 PM

Hi Charles,

I am unable to connect to the Internet on the computer I am having these problems so I had to download the softwares (Combo Fix & Smit Fraud) to my thumb drive and then transfer them to the computer I am having problems with. Unfortunately, I keep getting an error from ComboFix saying, "some installation files are corrupt. Please download a fresh copy and retry the installation". I have downloaded the software twice to my thumb drive, but I keep getting the same error. Then it go to an installation screen and this is what I have. A dos screen is also comming up that says, "Combo fix-pause" and inside the screen it has "please wait", but nothing ever happens. I really hope you can help.

Combo Fix Log:

Extracting Boot.bat
Extracting CF_anti-viking.bat
Extracting Combobatch.bat
Extracting ComboFix.bat
Extracting Comspec.bat
Extracting DelClsid.bat
Extracting Disclaimer.bat
Extracting FIND3M.bat
Extracting FIXLSP.bat
Extracting history.bat
Extracting Lang.bat
Extracting List-C.bat
Extracting MoveIt.bat
Extracting ND_.bat
Extracting NTP.bat
Extracting Qoo.bat
Extracting SetEnvmt.bat
Extracting Sys.bat
Extracting upload.bat
Extracting nircmd.exe
Extracting ntp.exe
Extracting NTPBack.exe
Extracting ComboFix.sys
Extracting catchme.cfexe
Extracting dd.cfexe
Extracting dumphive.cfexe
Extracting ERUNT.cfexe
Extracting grep.cfexe
Extracting handle.cfexe
Extracting moveex.cfexe
Extracting mtee.cfexe
Extracting nircmd.cfexe
Extracting Ntrights.cfexe
Extracting RestartIt.cfexe
Extracting sed.cfexe
Extracting setpath.cfexe
Extracting SF.cfexe
Extracting swreg.cfexe
Extracting swsc.cfexe
Extracting swxcacls.cfexe
Extracting vfind.cfexe
Extracting zip.cfexe
Extracting 023.dat
Extracting 023v.dat
Extracting cfexe.dat
Extracting clsid.dat
Extracting Creg.dat
Extracting erunt.dat
Extracting executables.dat
Extracting LocalService.dat
Extracting LocalServiceNetworkRestricted.dat
Extracting LocalSystemNetworkRestricted.dat
Extracting Look.dat
Extracting ndis_combofix.dat
Extracting netsvc.bad.dat
Extracting netsvc.dat
Extracting netsvc.vista.dat
Extracting netsvc.xp.dat
Extracting NetworkService.dat
Extracting Policies.dat
Extracting Purity.dat
Extracting region.dat
Extracting rogues.dat
Extracting safeboot.dat
Extracting safeboot.def.dat
Extracting safeboot.def.vista.dat
Extracting svc_wht.dat
Extracting svchost.dat
Extracting svchost.vista.dat
Extracting system_ini.dat
Extracting whitedirB.dat
Extracting WhiteLegacy.dat
Extracting zhsvc.dat
Extracting ERDNT.e_e
Extracting ERDNTDOS.LOC
Extracting ERDNTWIN.LOC
Extracting ERUNT.LOC
Extracting FProps.vbs
Extracting lnkread.vbs
Extracting LocalDrive.vbs
Extracting OSid.vbs
CRC failed in OSid.vbs
The file "???" header is corrupt

Smit Fraud Log:

SmitFraudFix v2.239

Scan done at 13:23:35.31, Sun 10/07/2007
Run from F:\Smith Fraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

DNS Before Fix


DNS After Fix


I appreciate all your help,

Thanks,
Shanitta

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 07 October 2007 - 04:08 PM

Can you try running Combofix in Safe Mode for me, please?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 slbd78

slbd78
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 07 October 2007 - 06:12 PM

I tried to run combofix in safemode, but I keep getting the same error about the files being corrupted. Is is possible there could be something wrong with my WINNT folder because I keep getting this error when I try to connect to the Internet

res:\\C:WINNT\system32\shdoclc.dll\dnserror.htm

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 09 October 2007 - 02:40 PM

Hmm, I'm not really sure what is cauing this problem. We'll try another scanner instead, called Deckard's System Scanner.
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
    Thanks,
    Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 slbd78

slbd78
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 09 October 2007 - 11:03 PM

Hi Charles,

HEre is the Extra log:

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600)
Architecture: X86; Language: English

CPU 0: Intel® Pentium® III Mobile CPU 1066MHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 246.92 MiB / 66.51 MiB
Pagefile Memory (total/avail): 606 MiB / 360.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1969.08 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 18.63 GiB total, 13.17 GiB free.

\\.\PHYSICALDRIVE0 - TOSHIBA MK2018GAP - 18.63 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 18.63 GiB - C:



-- Security Center -------------------------------------------------------------

AUState says computer is in an unknown state.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACCOUNTANT
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Shanitta Bland.ACCOUNTANT
LOGONSERVER=\\ACCOUNTANT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\Internet Explorer;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\SHANIT~1.ACC\LOCALS~1\Temp
TMP=C:\DOCUME~1\SHANIT~1.ACC\LOCALS~1\Temp
USERDOMAIN=ACCOUNTANT
USERNAME=Shanitta Bland
USERPROFILE=C:\Documents and Settings\Shanitta Bland.ACCOUNTANT
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Jerry Bland (admin)
Shanitta Bland (new local, admin)
Jerry Bland.ACCOUNTANT
Shanitta Bland.ACCOUNTANT (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Belkin Wireless G Notebook Card Driver and Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA45054F-2659-4368-AC8E-0AB805FF3E15}\setup.exe" -l0x9 REMOVE
BusinessLogicXI --> MsiExec.exe /X{B5FC8BEA-0050-4FC3-B4ED-79D0A07B784C}
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
DelFin Media Viewer --> C:\WINNT\unvise32.exe C:\Program Files\DelFin\PromulGate\uninstal.log
DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Gateway SoftK56 Data Fax --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_2486&SUBSYS_5350107B\HXFSETUP.EXE -U -IVEN_8086&DEV_2486&SUBSYS_5350107B
HelpSpot --> MsiExec.exe /I{8DE73C0C-34EA-4888-86DB-EEDB9B69DB94}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP OfficeJet K Series --> "C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\Uninstall\hpourn07.exe" /Path="C:\Program Files\Hewlett-Packard\HP OfficeJet K Series" /Uninstall="HP OfficeJet K Series"
Intel® 830M Chipset Graphics Driver Software --> RUNDLL32.EXE C:\WINNT\System32\ialmrem.dll,UninstallW2KIGfx
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MUSICMATCH Jukebox --> C:\WINNT\IsUninst.exe -f"C:\Program Files\MusicMatch\MusicMatch Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
MuVo Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x9 /remove
ParetoLogic Privacy Controls --> MsiExec.exe /I{742DFC87-1703-46D8-AC24-F87FDCD7C1AB}
PC-Doctor for Windows --> C:\WINNT\UNWISE32.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Softex BayManager --> C:\WINNT\SfUninst.exe -f"C:\Program Files\Softex\BayManager\Win2000\Uninst.isu" -c"C:\Program Files\Softex\BayManager\Win2000\Uninstal.dll
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics TouchPad --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u


-- Application Event Log -------------------------------------------------------

Event Record #/Type1745 / Warning
Event Submitted/Written: 10/09/2007 00:07:01 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionMade method on subscription {F8321B94-28F1-4130-A6A4-99AA830A2B90}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type1735 / Warning
Event Submitted/Written: 10/09/2007 11:25:03 AM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the StartShell method on subscription {A5978620-5B3F-F1D1-8ED2-00FA0035B753}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type1728 / Warning
Event Submitted/Written: 10/09/2007 10:51:22 AM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the StartShell method on subscription {A5978620-5B3F-F1D1-8ED2-00FA0035B753}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type1724 / Warning
Event Submitted/Written: 10/09/2007 05:26:06 AM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionMade method on subscription {0EAE13E7-9D70-4488-A25D-AB29C9D21E3F}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type1720 / Warning
Event Submitted/Written: 10/08/2007 09:31:57 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionMade method on subscription {3D7DC910-5BB8-483D-AF31-CCC3551ED9EA}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8192 / Error
Event Submitted/Written: 10/09/2007 08:49:13 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The MxlW2k service failed to start due to the following error:
%%2

Event Record #/Type8190 / Error
Event Submitted/Written: 10/09/2007 08:48:14 PM
Event ID/Source: 23 / Print
Event Description:
Printer HP OfficeJet K Series Printer failed to initialize because a suitable HP OfficeJet K Series Printer driver could not be found.

Event Record #/Type8176 / Error
Event Submitted/Written: 10/09/2007 08:40:54 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The MxlW2k service failed to start due to the following error:
%%2

Event Record #/Type8175 / Warning
Event Submitted/Written: 10/09/2007 08:40:35 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00173F308276. The IP address being used is 169.254.107.179.

Event Record #/Type8172 / Error
Event Submitted/Written: 10/09/2007 08:39:50 PM
Event ID/Source: 23 / Print
Event Description:
Printer HP OfficeJet K Series Printer failed to initialize because a suitable HP OfficeJet K Series Printer driver could not be found.



-- End of Deckard's System Scanner: finished at 2007-10-09 21:28:46 ------------


Here is the Main Log:

Deckard's System Scanner v20070905.67
Run by Shanitta Bland on 2007-10-09 21:23:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
25: 2007-10-10 03:24:23 UTC - RP146 - Deckard's System Scanner Restore Point
24: 2007-10-10 02:55:17 UTC - RP145 - ComboFix created restore point
23: 2007-10-10 02:44:20 UTC - RP144 - Restore Operation
22: 2007-10-09 18:02:34 UTC - RP143 - Restore Operation
21: 2007-10-09 17:41:11 UTC - RP142 - Restore Operation


-- First Restore Point --
1: 2007-07-18 01:55:02 UTC - RP122 - Installed Belkin Wireless G Notebook Card Driver and Utility


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 247 MiB (512 MiB recommended).


-- HijackThis (run as Shanitta Bland.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27, on 2007-10-09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\BMServ.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\BMApp.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\DockApp.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Local Settings\Temporary Internet Files\Content.IE5\94JUJ2XG\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Shanitta Bland.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [SetupType] Portable
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Belkin Wireless G Notebook Card Client Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Softex BayManager (BMServ) - Unknown owner - C:\WINNT\System32\BMServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)

--
End of file - 4343 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071006-175147-236 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
backup-20071006-175147-239 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Begin2Search.com/search.html
backup-20071006-175147-304 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20071006-175147-338 R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
backup-20071006-175147-356 R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.Begin2Search.com/search.html
backup-20071006-175147-389 O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
backup-20071006-175147-403 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20071006-175147-462 O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
backup-20071006-175147-531 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q==
backup-20071006-175147-588 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20071006-175147-589 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20071006-175147-596 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cg...stmpl1&fw==
backup-20071006-175147-600 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20071006-175147-613 O2 - BHO: (no name) - {9EFDB268-B381-2C08-5627-828B2AA2FE1B} - C:\WINNT\Nuvdjkyp.dll (file missing)
backup-20071006-175147-617 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20071006-175147-698 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
backup-20071006-175147-850 O3 - Toolbar: Search - {9EBA549E-BAEF-F0DF-40C7-D8A48BFBDF67} - C:\WINNT\Nuvdjkyp.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BayMgr - c:\winnt\system32\drivers\baymgr.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\winnt\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 ASCTRM - c:\winnt\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 SjyPkt - c:\winnt\system32\drivers\sjypkt.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 hpoid407 (IEEE-1284.4 Driver) - c:\winnt\system32\drivers\hpoid407.sys <Not Verified; HP; HP Dot4 Windows 2000>
S3 iscFlash - c:\winnt\system32\drivers\iscflash.sys (file missing)
S3 PCDRDRV (Pcdr Helper Driver) - c:\atf\qctest\pcdoc\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\winnt\system32\drivers\pcdrnt.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\winnt\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BMServ (Softex BayManager) - c:\winnt\system32\bmserv.exe

S3 PictureTaker - c:\fixit\pt\pctkrnt.sys (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1031&SUBSYS_5350107B&REV_41\4&1472819D&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1031&SUBSYS_5350107B&REV_41\4&1472819D&0&40F0
Service: E100B

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTEAC_DV-28E-B___________________________1.2B____\5&227602EB&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: TEAC DV-28E-B
PNP Device ID: IDE\CDROMTEAC_DV-28E-B___________________________1.2B____\5&227602EB&0&0.0.0
Service: cdrom


-- Scheduled Tasks -------------------------------------------------------------

2007-10-07 16:21:59 366 --a------ C:\WINNT\Tasks\McAfee.com Scan for Viruses - My Computer (ACCOUNTANT-Administrator).job
2002-02-15 11:17:17 254 --a------ C:\WINNT\Tasks\ISP signup reminder 3.job


-- Files created between 2007-09-09 and 2007-10-09 -----------------------------

2007-10-09 20:45:43 0 d-------- C:\Program Files\Common Files\ParetoLogic
2007-10-09 20:45:08 0 d-------- C:\WINNT\DIALPASS
2007-10-09 10:55:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7(2)
2007-10-08 18:52:59 1343488 --a------ C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\ntuser.dat
2007-10-08 18:49:25 0 d-------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Application Data\ParetoLogic
2007-10-08 18:40:17 0 dr-h----- C:\$VAULT$.AVG
2007-10-08 18:02:51 1156 --a------ C:\WINNT\mozver.dat
2007-10-08 17:55:51 0 d---s---- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\UserData
2007-10-08 17:03:56 0 d-------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Application Data\AVG7
2007-10-08 17:03:45 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-08 17:02:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-08 17:02:37 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-08 16:36:16 0 d-------- C:\downloads
2007-10-08 15:45:53 0 d-------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Application Data\Mozilla
2007-10-07 13:23:17 25600 --a------ C:\WINNT\System32\WS2Fix.exe
2007-10-07 13:23:17 289144 --a------ C:\WINNT\System32\VCCLSID.exe <Not Verified; S!Ri; >
2007-10-07 13:23:16 288417 --a------ C:\WINNT\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-10-07 13:23:16 51200 --a------ C:\WINNT\System32\dumphive.exe
2007-10-07 13:23:15 53248 --a------ C:\WINNT\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-10-07 04:37:31 0 --a------ C:\WINNT\nsreg.dat
2007-10-07 04:37:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-10-07 04:29:34 0 d-------- C:\Program Files\PCPitstop
2007-10-07 04:16:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
2007-10-07 04:15:16 0 d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2007-10-07 04:14:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-06 11:49:19 0 d-------- C:\Program Files\Google
2007-10-06 10:41:32 552 --a------ C:\WINNT\System32\d3d8caps.dat
2007-10-05 11:03:28 0 d-------- C:\Program Files\Trend Micro
2007-10-05 10:29:26 0 d-------- C:\Documents and Settings\Jerry Bland.ACCOUNTANT\Application Data\McAfee.com Personal Firewall
2007-10-05 10:18:06 0 d-------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Application Data\McAfee.com Personal Firewall
2007-10-05 09:54:44 0 d-------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Application Data\Macromedia
2007-09-30 18:21:08 0 d-------- C:\Program Files\Common Files\supportsoft
2007-09-30 18:20:03 0 d-------- C:\Program Files\SupportSoft
2007-09-30 16:06:29 0 d-------- C:\ERDNT
2007-09-29 23:23:11 0 d-------- C:\cabs
2007-09-29 23:22:56 0 d---s---- C:\WINNT\Downloaded Program Files
2007-09-29 23:00:08 126976 --a------ C:\WINNT\System32\unzdll.dll <Not Verified; ; BCB/Delphi UnZip>
2007-09-29 21:41:44 0 d-------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Application Data\MSN6
2007-09-29 19:31:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-29 15:43:57 0 d-------- C:\Program Files\Lavasoft
2007-09-29 15:43:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-29 15:41:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-29 14:43:13 110 --a------ C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Application Data\tvmdmns.dll
2007-09-29 14:38:26 0 dr------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Favorites
2007-09-29 14:38:26 0 d-------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Desktop
2007-09-29 14:38:26 0 d---s---- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Cookies
2007-09-29 14:38:26 0 dr-h----- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Application Data
2007-09-29 14:38:26 0 d-------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Application Data\Symantec
2007-09-29 14:38:26 0 d-------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Application Data\InterTrust
2007-09-29 14:38:26 0 d-------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Application Data\Identities
2007-09-29 14:38:26 0 d-------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Application Data\Adobe
2007-09-29 14:38:25 0 d--h----- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Templates
2007-09-29 14:38:25 0 dr------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Start Menu
2007-09-29 14:38:25 0 dr-h----- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\SendTo
2007-09-29 14:38:25 0 dr-h----- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Recent
2007-09-29 14:38:25 0 d--h----- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\PrintHood
2007-09-29 14:38:25 0 d--h----- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\NetHood
2007-09-29 14:38:25 0 dr------- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\My Documents
2007-09-29 14:38:25 0 d--h----- C:\Documents and Settings\Shanitta Bland.ACCOUNTANT\Local Settings
2007-09-29 12:04:44 0 d-------- C:\WINNT\pss
2007-09-14 20:09:18 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-09-14 20:05:59 0 d-------- C:\WINNT\SHELLNEW
2007-09-14 20:05:37 0 d-------- C:\Program Files\Microsoft.NET
2007-09-14 19:58:41 0 dr-h----- C:\MSOCache


-- Find3M Report ---------------------------------------------------------------

2007-10-08 18:53:21 0 d-------- C:\Program Files\Common Files
2007-10-08 16:33:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-08 16:31:33 0 d-------- C:\Program Files\Symantec
2007-10-06 18:15:11 0 d-------- C:\Program Files\PhoneTools
2007-09-29 23:00:06 0 d-------- C:\Program Files\Gateway


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINNT\System32\igfxtray.exe" [2001-11-07 13:21]
"HotKeysCmds"="C:\WINNT\System32\hkcmd.exe" [2001-11-07 13:21]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2001-11-07 13:28]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2001-11-07 13:28]
"BayMgr"="DockApp.exe" [2001-08-22 16:45 C:\WINNT\DockApp.exe]
"CapFax"="C:\Program Files\PhoneTools\CapFax.EXE" [2001-11-07 14:25]
"HPAIO_PrintFolderMgr"="C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe" [2000-08-15 03:04]
"SetupType"="Portable" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-08 17:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
"TV Media"="C:\Program Files\TV Media\Tvm.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G Notebook Card Client Utility.lnk - C:\Program Files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe [2007-07-17 19:55:14]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2007-10-09 21:28:46 ------------

Do you think this would have something to do with my wireless card? Why do I keep getting the DNS error? What exactly is that?

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 10 October 2007 - 04:00 PM

I don't think that this problem is being caused by malware, so I'm afraid I can't really help you with it; my speciality lies only in this field. I would however recommend that you post it in our Windows XP Home and Professional forum, where you can receive the best help.
But I have one more question for you- how much RAM do you have on your PC?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 25 October 2007 - 04:09 AM

Due to lack of feedback, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users