Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Losing Internet Connection


  • This topic is locked This topic is locked
6 replies to this topic

#1 yangwendi

yangwendi

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 19 March 2009 - 10:57 PM

Hi, for a while (like a few months) the internet connection for the house drops every now and then, mostly around the time my mother's laptop was on. For the record, we're using Time Warner's cable internet and it's hooked to a wireless router. Whenever the internet connection drops I'll unplug and replug the router to fix it. Anyway, lately this has been happening even when my mother's laptop is off. I think the origin of the cause is from those sketchy chinese programs and sites she uses and visits but for now, I want to see if there is anything wrong with my computer first.

Thanks in advance :thumbup2:


DDS (Ver_09-03-16.01) - NTFSx86
Run by User at 23:47:37.93 on 2009/03/19
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Users\User\Documents\Share10_ex2\Share.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - c:\program files\atlas v14\ATLIECP.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - c:\program files\atlas v14\ATLIECP.DLL
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Translate with ATLAS - c:\program files\atlas v14\Atlscript.html
IE: ATLAS Translation &Editor - c:\program files\atlas v14\AtlscriptEdit.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - c:\program files\atlas v14\Atlscript.html
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\w5zv2fqk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-18 325128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2008-5-18 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-18 298264]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01v32.sys [2008-5-18 48128]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]

=============== Created Last 30 ================

2009-03-18 04:32 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-18 04:32 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-18 04:32 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-18 04:32 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-18 04:32 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-18 04:32 11,264 a------- c:\windows\system32\icardres.dll
2009-03-18 04:32 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-18 04:32 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-18 04:28 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-18 04:28 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-18 04:28 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-18 04:28 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-18 04:28 83,968 a------- c:\windows\system32\mscories.dll
2009-03-18 04:01 <DIR> --d----- c:\windows\system32\js
2009-03-18 04:01 <DIR> --d----- c:\windows\system32\images
2009-03-18 04:01 <DIR> --d----- c:\windows\system32\html
2009-03-18 04:01 <DIR> --d----- c:\windows\system32\css
2009-03-18 04:01 <DIR> --d----- c:\program files\Business Objects
2009-03-18 03:58 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-03-18 03:57 <DIR> --d----- c:\program files\Microsoft Device Emulator
2009-03-18 03:57 <DIR> --d----- c:\program files\Windows Mobile 5.0 SDK R2
2009-03-18 03:56 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2009-03-18 03:56 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-03-18 03:51 <DIR> --d----- c:\programdata\PreEmptive Solutions
2009-03-18 03:51 <DIR> --d----- c:\progra~2\PreEmptive Solutions
2009-03-18 03:47 <DIR> --d----- c:\windows\system32\1033
2009-03-18 03:46 <DIR> --d----- c:\program files\HTML Help Workshop
2009-03-18 03:46 <DIR> --d----- c:\program files\common files\Merge Modules
2009-03-18 03:46 <DIR> --d----- c:\program files\CE Remote Tools
2009-03-18 03:44 <DIR> --d----- c:\program files\Microsoft Web Designer Tools
2009-03-18 03:43 <DIR> --d----- c:\programdata\Microsoft Help
2009-03-17 22:45 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-03-17 22:45 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-03-17 22:45 <DIR> --d----- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
2009-03-17 22:45 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-17 22:44 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-17 18:49 <DIR> --d----- c:\program files\CCleaner
2009-03-17 18:32 <DIR> --d----- c:\program files\a-squared Free
2009-03-15 01:54 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-15 01:54 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-15 01:54 <DIR> --d----- c:\program files\iPod
2009-03-15 01:54 <DIR> --d----- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-15 01:54 <DIR> --d----- c:\program files\iTunes
2009-03-15 01:54 <DIR> --d----- c:\progra~2\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-15 01:53 <DIR> --d----- c:\program files\Bonjour
2009-03-13 15:41 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-13 15:41 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-13 15:41 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-13 15:41 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-13 15:41 268,288 a------- c:\windows\system32\schannel.dll
2009-03-13 15:41 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-01 18:01 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-03-01 18:01 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-03-01 18:01 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-03-01 18:01 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-03-01 18:01 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-03-01 18:01 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-03-01 18:01 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-03-01 17:47 <DIR> --d----- c:\program files\Drakensang

==================== Find3M ====================

2009-03-19 21:21 77,958 a------- c:\windows\War3Unin.dat
2009-03-15 01:51 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-15 01:51 86,016 a------- c:\windows\inf\infstor.dat
2009-03-15 01:51 51,200 a------- c:\windows\inf\infpub.dat
2009-01-31 15:06 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-31 15:06 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-28 01:25 251,392 -------- c:\windows\eiunin21.exe
2009-01-15 02:11 827,392 a------- c:\windows\system32\wininet.dll
2009-01-02 18:22 410,984 a------- c:\windows\system32\deploytk.dll
2008-06-16 14:58 174 a--sh--- c:\program files\desktop.ini
2008-06-16 14:51 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:48:59.80 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:05:36 AM

Posted 29 March 2009 - 11:24 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 yangwendi

yangwendi
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 29 March 2009 - 12:26 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by User at 13:20:24.94 on 2009/03/29
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - c:\program files\atlas v14\ATLIECP.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - c:\program files\atlas v14\ATLIECP.DLL
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Translate with ATLAS - c:\program files\atlas v14\Atlscript.html
IE: ATLAS Translation &Editor - c:\program files\atlas v14\AtlscriptEdit.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - c:\program files\atlas v14\Atlscript.html
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\w5zv2fqk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-18 325128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2008-5-18 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-18 298264]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01v32.sys [2008-5-18 48128]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]

=============== Created Last 30 ================

2009-03-18 04:32 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-18 04:32 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-18 04:32 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-18 04:32 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-18 04:32 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-18 04:32 11,264 a------- c:\windows\system32\icardres.dll
2009-03-18 04:32 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-18 04:32 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-18 04:28 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-18 04:28 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-18 04:28 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-18 04:28 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-18 04:28 83,968 a------- c:\windows\system32\mscories.dll
2009-03-18 04:01 <DIR> --d----- c:\windows\system32\js
2009-03-18 04:01 <DIR> --d----- c:\windows\system32\images
2009-03-18 04:01 <DIR> --d----- c:\windows\system32\html
2009-03-18 04:01 <DIR> --d----- c:\windows\system32\css
2009-03-18 04:01 <DIR> --d----- c:\program files\Business Objects
2009-03-18 03:58 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-03-18 03:57 <DIR> --d----- c:\program files\Microsoft Device Emulator
2009-03-18 03:57 <DIR> --d----- c:\program files\Windows Mobile 5.0 SDK R2
2009-03-18 03:56 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2009-03-18 03:56 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-03-18 03:51 <DIR> --d----- c:\programdata\PreEmptive Solutions
2009-03-18 03:51 <DIR> --d----- c:\progra~2\PreEmptive Solutions
2009-03-18 03:47 <DIR> --d----- c:\windows\system32\1033
2009-03-18 03:46 <DIR> --d----- c:\program files\HTML Help Workshop
2009-03-18 03:46 <DIR> --d----- c:\program files\common files\Merge Modules
2009-03-18 03:46 <DIR> --d----- c:\program files\CE Remote Tools
2009-03-18 03:44 <DIR> --d----- c:\program files\Microsoft Web Designer Tools
2009-03-18 03:43 <DIR> --d----- c:\programdata\Microsoft Help
2009-03-17 22:45 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-03-17 22:45 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-03-17 22:45 <DIR> --d----- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
2009-03-17 22:45 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-17 22:44 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-17 18:49 <DIR> --d----- c:\program files\CCleaner
2009-03-17 18:32 <DIR> --d----- c:\program files\a-squared Free
2009-03-15 01:54 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-15 01:54 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-15 01:54 <DIR> --d----- c:\program files\iPod
2009-03-15 01:54 <DIR> --d----- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-15 01:54 <DIR> --d----- c:\program files\iTunes
2009-03-15 01:54 <DIR> --d----- c:\progra~2\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-15 01:53 <DIR> --d----- c:\program files\Bonjour
2009-03-13 15:41 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-13 15:41 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-13 15:41 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-13 15:41 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-13 15:41 268,288 a------- c:\windows\system32\schannel.dll
2009-03-13 15:41 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-01 18:01 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-03-01 18:01 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-03-01 18:01 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-03-01 18:01 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-03-01 18:01 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-03-01 18:01 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-03-01 18:01 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-03-01 17:47 <DIR> --d----- c:\program files\Drakensang

==================== Find3M ====================

2009-03-19 21:21 77,958 a------- c:\windows\War3Unin.dat
2009-03-15 01:51 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-15 01:51 86,016 a------- c:\windows\inf\infstor.dat
2009-03-15 01:51 51,200 a------- c:\windows\inf\infpub.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-31 15:06 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-31 15:06 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-28 01:25 251,392 -------- c:\windows\eiunin21.exe
2009-01-15 02:11 827,392 a------- c:\windows\system32\wininet.dll
2008-06-16 14:58 174 a--sh--- c:\program files\desktop.ini
2008-06-16 14:51 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:22:01.05 ===============

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 29 March 2009 - 02:16 PM

Hello.

Your logs look clean.

If the connection can be fixed by replugging the router, it is not likely caused by malware.

Let's run a scan to check.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.

With Regards,
The Panda

#5 yangwendi

yangwendi
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 29 March 2009 - 08:22 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, March 29, 2009
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, March 29, 2009 22:40:23
Records in database: 1985370
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 205041
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:21:36


File name / Threat name / Threats count
C:\Users\User\Documents\Share10_ex2\Share.exe Infected: not-a-virus:Client-P2P.Win32.Share.a 1

The selected area was scanned.


Well I guess there is nothing. So it's time for the source of the problem: my mother's laptop. I KNOW it is currently infected with Baidubar and god knows what else. I'll submit a DDS scan report but it will have to on Tuesday night because that's the earliest I can get access to it.

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 30 March 2009 - 04:23 PM

Hello.

This computer does not appear to be infected.

Please start a new topic for other computers.

With Regards,
The Panda

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 08 April 2009 - 05:31 PM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users