Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Connect To Internet


  • This topic is locked This topic is locked
4 replies to this topic

#1 exquixotic

exquixotic

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 23 June 2008 - 10:38 AM

I have been staying at a friend's and using their computer for the last month. They are using xp home, service pack 2. Their service was extremely slow and I suspected it had something to do with the enormous number of media players or a virus. The computer would also ignore mouse clicks and the screen always peels when a page closes. I deleted most of the players, bit torrent, flash player and java, plus any other programs that i felt were extraneous and could be downloaded again. I then downloaded ccleaner, adaware and spybot and followed your malware check protocol. I also downloaded TuneUp Utilities and did an online scan with kaspersky. The computer seemed to be running a little more cleanly, so I began to reintroduce some of the programs I had deleted. About this time I began to receive warnings about the skype addon and would find a lot of skype entries when I ran ccleaner so I started over. I found a recommendation on major geeks to try Superantispyware and malawarebytes so tried them as well. I also replaced AVG 7.5 free with kaspersky antivirus. I still found nothing so tried the "not malware" protocols from your site. As everything seemed fine I changed the free trial kaspersky back to AVG and began to reintroduce programs. This time Flash player began to crash the browser. I uninstalled it and installed many times always with the same result. Having grown tired of chasing ghosts I decided to give it a rest and live with the slow and mysterious computer. I replaced all the programs and unplugged the regulator to use with some other electronics. When I plugged the computer back in I could no longer get online.
I spent two hours today on the phone with a tech who checked out the connectivity. He gave me some static parameters for the IP and gateway and I am writing right now on a laptop which is working fine on that connection. I also used an Ubuntu boot disc and was able to get online with the formerly disfunctional machine.
I should also mention that I have done a couple of system restores when I was reintroducing the programs as I didn't like how it seemed to be going. Those are all the details I can recall from the last month and a half of ghost hunting. If you ask me some pointed questions I may be able to dredge up a few more facts.
Any help you can give me with this problem would be greatly appreciated. Thanks ...

PS ...I originally posted this in the general "I have a problem" forum, but I think I really need some malware help. I am currently downloading a few of the programs I want to put back on my friends' computer with a laptop running vista and and AVG 7.5 anti malware and getting heavy contamination. Also, when I moved some files via data stick to another poor old laptop it damn near died ... it started blinking and coughing and is currently in a great deal of pain. I thought I could handle it and I'm now officially overwhelmed.

Here is the DSS scan log ... I can no longer do a Kaspersky online scan.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-23 03:52:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:40 AM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 5778 bytes

-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-23 02:59:57 0 d-------- C:\Program Files\Common Files\Skype
2008-06-23 00:26:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-23 00:12:19 0 d-------- C:\Program Files\iPod
2008-06-23 00:11:53 0 d-------- C:\Program Files\iTunes
2008-06-23 00:11:14 0 d-------- C:\Program Files\Bonjour
2008-06-23 00:09:32 0 d-------- C:\Program Files\QuickTime
2008-06-23 00:08:21 0 d-------- C:\Program Files\Apple Software Update
2008-06-23 00:07:27 0 d-------- C:\Program Files\Common Files\Apple
2008-06-22 23:49:38 0 d-------- C:\Program Files\Common Files\Java
2008-06-22 16:34:24 0 d-------- C:\Program Files\Lavasoft
2008-06-22 15:38:29 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-06-22 12:14:20 0 d-------- C:\Program Files\Propellerhead
2008-06-19 19:58:44 0 d-------- C:\Program Files\VideoLAN
2008-06-19 18:31:03 0 d-------- C:\Program Files\Java
2008-06-16 15:01:58 0 d-------- C:\Program Files\Google
2008-06-15 14:05:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-15 13:17:09 0 d-------- C:\cmdcons
2008-06-15 13:15:11 68096 --a------ C:\WINDOWS\zip.exe
2008-06-15 13:15:11 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-15 13:15:11 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-15 13:15:11 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-15 13:15:11 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-15 13:15:11 98816 --a------ C:\WINDOWS\sed.exe
2008-06-15 13:15:11 80412 --a------ C:\WINDOWS\grep.exe
2008-06-15 13:15:11 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-02 13:15:21 0 d-------- C:\Program Files\MSECache
2008-05-27 12:25:52 0 d-------- C:\Program Files\Trend Micro
2008-05-25 22:08:56 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-05-25 22:08:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-05-25 21:41:23 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 02:58:40 0 d-------- C:\WINDOWS\system32\Kaspersky Lab


-- Find3M Report ---------------------------------------------------------------

2008-06-23 03:13:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-06-23 03:00:04 0 d-------- C:\Program Files\Skype
2008-06-23 02:59:57 0 d-------- C:\Program Files\Common Files
2008-06-23 01:18:28 0 d-------- C:\Program Files\Nero
2008-06-22 16:33:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-22 15:03:39 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-22 14:58:15 0 d-------- C:\Documents and Settings\Owner\Application Data\MP3Rocket
2008-06-22 11:59:52 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-06-20 14:00:53 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-06-19 19:21:54 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-19 19:21:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-02 14:55:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2008-06-02 03:37:29 0 d-------- C:\Program Files\Microsoft Works
2008-05-29 12:24:53 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-05-29 11:29:13 0 d-------- C:\Program Files\Common Files\Real
2008-05-29 11:29:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-05-29 11:20:58 0 d-------- C:\Program Files\Windows Live
2008-05-22 22:33:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-05-22 18:27:50 0 d-------- C:\Program Files\MSN Messenger
2008-05-21 11:54:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-21 06:51:06 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-21 06:48:39 0 d-------- C:\Program Files\CCleaner
2008-05-20 18:39:58 0 d-------- C:\Program Files\MUSICMATCH
2008-05-19 13:31:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-04 18:33:36 0 d-------- C:\Documents and Settings\Owner\Application Data\TuneUp Software
2008-05-04 09:11:24 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-15 21:08:41 51124 --ah----- C:\WINDOWS\system32\mlfcache.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [05/21/2008 03:58 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 03:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-06-23 03:53:33 ------------

BC AdBot (Login to Remove)

 


m

#2 exquixotic

exquixotic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 25 June 2008 - 09:46 AM

I'm really sorry but I'm leaving here shortly and had to make these last minute adjustments to the computer. I promise there will be no further changes and I'm sorry for any inconvenience. Here is the new log ...

Deckard's System Scanner v20071014.68

Run by Owner on 2008-06-25 09:18:09

Computer is in Normal Mode.

--------------------------------------------------------------------------------



Total Physical Memory: 255 MiB (512 MiB recommended).





-- HijackThis (run as Owner.exe) -----------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:18:35 AM, on 6/25/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Owner\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe



--

End of file - 5363 bytes



-- Files created between 2008-05-25 and 2008-06-25 -----------------------------



2008-06-24 06:39:49 0 d-------- C:\WINDOWS\system32\NtmsData

2008-06-23 12:20:00 0 d-------- C:\Program Files\MP3 Rocket

2008-06-23 12:15:59 0 d-------- C:\Program Files\DNA

2008-06-23 12:15:59 0 d-------- C:\Documents and Settings\Owner\Application Data\DNA

2008-06-23 12:15:58 0 d-------- C:\Program Files\BitTorrent

2008-06-23 12:08:24 0 d-------- C:\Program Files\Winamp

2008-06-23 12:08:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Winamp

2008-06-23 02:59:57 0 d-------- C:\Program Files\Common Files\Skype

2008-06-23 00:26:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

2008-06-23 00:12:19 0 d-------- C:\Program Files\iPod

2008-06-23 00:11:53 0 d-------- C:\Program Files\iTunes

2008-06-23 00:11:14 0 d-------- C:\Program Files\Bonjour

2008-06-23 00:09:32 0 d-------- C:\Program Files\QuickTime

2008-06-23 00:08:21 0 d-------- C:\Program Files\Apple Software Update

2008-06-23 00:07:27 0 d-------- C:\Program Files\Common Files\Apple

2008-06-22 23:49:38 0 d-------- C:\Program Files\Common Files\Java

2008-06-22 16:34:24 0 d-------- C:\Program Files\Lavasoft

2008-06-22 15:38:29 0 dr-h----- C:\Documents and Settings\Owner\Recent

2008-06-22 12:14:20 0 d-------- C:\Program Files\Propellerhead

2008-06-19 19:58:44 0 d-------- C:\Program Files\VideoLAN

2008-06-19 18:31:03 0 d-------- C:\Program Files\Java

2008-06-16 15:01:58 0 d-------- C:\Program Files\Google

2008-06-15 14:05:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-15 13:17:09 0 d-------- C:\cmdcons

2008-06-15 13:15:11 68096 --a------ C:\WINDOWS\zip.exe

2008-06-15 13:15:11 49152 --a------ C:\WINDOWS\VFind.exe

2008-06-15 13:15:11 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>

2008-06-15 13:15:11 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

2008-06-15 13:15:11 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

2008-06-15 13:15:11 98816 --a------ C:\WINDOWS\sed.exe

2008-06-15 13:15:11 80412 --a------ C:\WINDOWS\grep.exe

2008-06-15 13:15:11 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-06-02 13:15:21 0 d-------- C:\Program Files\MSECache

2008-05-27 12:25:52 0 d-------- C:\Program Files\Trend Micro

2008-05-25 22:08:56 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>

2008-05-25 22:08:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Help

2008-05-25 21:41:23 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-25 02:58:40 0 d-------- C:\WINDOWS\system32\Kaspersky Lab





-- Find3M Report ---------------------------------------------------------------



2008-06-25 09:00:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-24 20:52:58 0 d-------- C:\Program Files\Common Files\Ahead

2008-06-24 10:50:46 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7

2008-06-23 03:13:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype

2008-06-23 03:00:04 0 d-------- C:\Program Files\Skype

2008-06-23 02:59:57 0 d-------- C:\Program Files\Common Files

2008-06-23 01:18:28 0 d-------- C:\Program Files\Nero

2008-06-22 14:58:15 0 d-------- C:\Documents and Settings\Owner\Application Data\MP3Rocket

2008-06-20 14:00:53 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6

2008-06-19 19:21:54 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com

2008-06-19 19:21:53 0 d-------- C:\Program Files\SUPERAntiSpyware

2008-06-02 14:55:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead

2008-06-02 03:37:29 0 d-------- C:\Program Files\Microsoft Works

2008-05-29 11:29:13 0 d-------- C:\Program Files\Common Files\Real

2008-05-29 11:29:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Real

2008-05-29 11:20:58 0 d-------- C:\Program Files\Windows Live

2008-05-22 22:33:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe

2008-05-22 18:27:50 0 d-------- C:\Program Files\MSN Messenger

2008-05-21 11:54:27 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-05-21 06:51:06 0 d-------- C:\Program Files\Common Files\InstallShield

2008-05-21 06:48:39 0 d-------- C:\Program Files\CCleaner

2008-05-20 18:39:58 0 d-------- C:\Program Files\MUSICMATCH

2008-05-19 13:31:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes

2008-05-04 18:33:36 0 d-------- C:\Documents and Settings\Owner\Application Data\TuneUp Software

2008-05-04 09:11:24 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller

2008-04-15 21:08:41 51124 --ah----- C:\WINDOWS\system32\mlfcache.dat





-- Registry Dump ---------------------------------------------------------------



*Note* empty entries & legit default entries are not shown





[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [05/21/2008 03:58 PM]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"









-- End of Deckard's System Scanner: finished at 2008-06-25 09:19:38 ------------

#3 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:45 AM

Posted 17 July 2008 - 05:02 AM

Hello


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#4 exquixotic

exquixotic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 17 July 2008 - 10:58 AM

Thanks for your response. I no longer have access to the computer in question and left it without internet access. Everything worked fine just no connect. So until next time ...

#5 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:45 AM

Posted 17 July 2008 - 12:42 PM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users