Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
22 replies to this topic

#1 JoE Cardenas

JoE Cardenas

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 27 March 2009 - 07:03 PM

I've been having this problem where when I click a link on google search, it goes somewhere else. If often goes to websites trying to sell you something so it's obviously ,malware or spyware.

At first i tried using my usual programs to try to stop the problem but for some reason i couldn't install updates on spybot, ad-aware, and avg. I installed smitfraudfix and it fixed that problem but the links on google search were still redirecting to random sites.

I've used malwarebytes, ad-aware, spybot, avg to scan the computer but to no avail. please help! I have windows xp.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:37, on 3/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1181523010265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1225673415227
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (file missing)

--
End of file - 11395 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:12 AM

Posted 28 March 2009 - 08:06 AM

Hello JoE Cardenas,

Posted Image

Do you happen to have the SmitfraudFix report to post for me? Also, do you have a router?

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

Thanks,
tea

Edited by teacup61, 28 March 2009 - 08:07 AM.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 JoE Cardenas

JoE Cardenas
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 29 March 2009 - 06:40 PM

Here's the Smitfraudfix log:

SmitFraudFix v2.405

Scan done at 15:36:49.05, Fri 03/27/2009
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost
127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 bis.180solutions.com
127.0.0.1 config.180solutions.com
127.0.0.1 cts.180solutions.com
...

VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


RK


DNS

Description: Linksys WUSB100 RangePlus Wireless USB Adapter #2
DNS Server Search Order: 16.92.3.242
DNS Server Search Order: 16.92.3.243
DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.118.3.243

Description: Linksys WUSB100 RangePlus Wireless USB Adapter #2
DNS Server Search Order: 68.87.69.146
DNS Server Search Order: 68.87.85.98
DNS Server Search Order: 68.87.78.130

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2FEB69C5-12E0-4566-B174-803FD5CC81A4}: DhcpNameServer=68.87.69.146 68.87.85.98 68.87.78.130


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning









And here's the goored log:

GooredFix v1.92 by jpshortstuff
Log created at 16:37 on 29/03/2009 running Option #1 (HP_Administrator)
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:12 AM

Posted 29 March 2009 - 06:45 PM

Hello,

Thanks for that. :thumbup2:

You can delete both GooredFix and SmitfraudFix.

I need for you to go offline completely and disable ALL your protective programs (Spybot, AVG, AdAware) after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :)

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

How is it running please?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 JoE Cardenas

JoE Cardenas
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 30 March 2009 - 04:10 AM

Hi,

here's the log:

ComboFix 09-03-29.02 - HP_Administrator 2009-03-29 22:55:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1571 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\gaopdxxnscmetymxbfohfqxmqbwwbwuyjuuymb.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxpxvqlaalewbwnykuppasflyfuwnujeoc.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf
d:\recycler\S-3-9-32-100010850-100029321-100023842-8609.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-27 16:41 . 2009-03-27 16:41 <DIR> d-------- c:\program files\Trend Micro
2009-03-27 16:05 . 2009-03-27 16:05 <DIR> d--hs---- c:\documents and settings\HP_Administrator\PrivacIE
2009-03-27 15:45 . 2009-03-27 15:45 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-03-26 21:43 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-26 21:42 . 2009-03-27 15:46 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-26 21:42 . 2009-03-26 21:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-26 21:42 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 20:53 . 2009-03-27 15:54 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-26 20:19 . 2009-03-26 20:20 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\vlc
2009-03-26 18:25 . 2009-03-26 18:25 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-03-26 18:14 . 2009-03-26 18:14 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-03-26 18:14 . 2009-03-26 18:14 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-26 18:14 . 2009-03-26 18:14 <DIR> d--hs---- c:\documents and settings\HP_Administrator\IETldCache
2009-03-26 18:11 . 2009-03-26 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-26 18:02 . 2009-03-27 15:53 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-26 17:57 . 2009-03-26 17:57 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-26 17:53 . 2009-03-26 17:53 <DIR> dr------- c:\program files\Skype
2009-03-26 17:53 . 2009-03-26 17:53 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-26 17:50 . 2009-03-26 17:50 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-26 17:43 . 2009-03-26 17:45 <DIR> d--h-c--- c:\windows\ie8
2009-03-26 17:42 . 2009-03-26 17:42 <DIR> d-------- c:\program files\Common Files\DivX Shared
2009-03-26 17:35 . 2009-03-26 17:35 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-25 20:33 . 2009-03-25 20:33 <DIR> d-------- C:\GROUNDHOG_DAY
2009-03-25 14:23 . 2009-03-25 14:23 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Flock
2009-03-25 14:22 . 2009-03-25 14:23 <DIR> d-------- c:\program files\Flock
2009-03-15 21:02 . 2009-03-15 21:02 <DIR> d-------- c:\program files\SoulseekNS
2009-03-15 21:02 . 2009-03-16 13:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Soulseek
2009-03-14 13:34 . 2009-03-14 13:35 <DIR> d-------- c:\program files\Boxee
2009-03-14 13:34 . 2009-03-14 13:35 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\BOXEE
2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll
2009-02-15 22:47 . 2009-02-15 22:47 <DIR> d-------- c:\program files\Paltalk Messenger Interop
2009-02-15 22:42 . 2009-02-15 22:42 <DIR> d-------- c:\windows\PaltalkScene
2009-02-15 22:42 . 2009-02-15 22:42 <DIR> d-------- c:\program files\Paltalk Messenger
2009-02-15 22:42 . 2009-02-15 22:42 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Paltalk
2009-02-15 22:20 . 2009-02-15 22:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2009-02-12 22:20 . 2009-02-12 22:20 5,630 --------- c:\windows\system32\IE8Eula.rtf
2009-02-05 21:24 . 2009-03-26 17:24 <DIR> d-------- c:\program files\CDBurnerXP
2009-02-05 21:24 . 2009-02-05 21:24 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Canneverbe_Limited
2009-02-05 21:13 . 2009-02-05 21:18 4,623,208,448 --a------ C:\WALK_HARD_THE_DEWEY_COX_STORY__2.ISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 06:04 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\uTorrent
2009-03-30 06:03 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2009-03-30 06:03 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\WTablet
2009-03-28 10:54 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Skype
2009-03-28 10:50 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\skypePM
2009-03-28 00:19 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\wsInspector
2009-03-28 00:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-27 22:50 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-27 02:31 325,640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-27 02:30 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-27 01:11 --------- d-----w c:\program files\iTunes
2009-03-27 01:11 --------- d-----w c:\program files\iPod
2009-03-27 01:10 --------- d-----w c:\program files\Bonjour
2009-03-27 01:06 --------- d-----w c:\program files\Safari
2009-03-27 01:05 --------- d-----w c:\program files\Google
2009-03-27 01:04 --------- d-----w c:\program files\QuickTime
2009-03-27 01:03 --------- d-----w c:\program files\Common Files\Apple
2009-03-27 00:57 --------- d-----w c:\program files\Lavasoft
2009-03-27 00:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-27 00:53 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-27 00:52 --------- d-----w c:\program files\Common Files\Adobe
2009-03-27 00:50 --------- d-----w c:\program files\Common Files\Real
2009-03-27 00:48 --------- d-----w c:\program files\Java
2009-03-27 00:42 --------- d-----w c:\program files\DivX
2009-03-27 00:29 --------- d-----w c:\program files\Recuva
2009-03-27 00:26 --------- d-----w c:\program files\MagicISO
2009-03-27 00:23 --------- d-----w c:\program files\Defraggler
2009-03-27 00:23 --------- d-----w c:\program files\CCleaner
2009-03-17 22:32 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\dvdcss
2009-03-16 04:01 --------- d-----w c:\program files\Soulseek
2009-02-16 05:48 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\.gaim
2009-02-16 05:20 --------- d-----w c:\program files\AIM6
2009-02-15 22:47 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Move Networks
2009-02-06 04:04 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-29 08:26 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-07-15 08:01 8 -c--a-w c:\documents and settings\All Users\Application Data\VGALCAJYWPP.SYS
2007-06-10 00:09 0 -c--a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2006-11-20 09:01 81,920 -c--a-w c:\documents and settings\HP_Administrator\Application Data\ezpinst.exe
2006-11-20 09:01 47,360 -c--a-w c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys
2009-01-27 01:34 1,044,480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 200,704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-06 17:47 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070620080707\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-15 270128]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-26 19:31 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\backburner 2\\monitor.exe"=
"c:\\Program Files\\backburner 2\\manager.exe"=
"c:\\Program Files\\backburner 2\\server.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"427:UDP"= 427:UDP:SLP_Port(427)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-26 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-14 325640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-25 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-06-21 33792]
S3 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-14 298264]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-07-28 517632]
S3 SNPHV71;PC Camera (602a VGA);c:\windows\system32\drivers\snphv71.sys [2008-10-11 220928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02b8c676-702e-11dd-9d33-00183908a2f1}]
\Shell\Shell00\Command - J:\Start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-27 15:53]

2009-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-791169165-720021333-198063017-1008.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-28 21:40]
.
.
------- Supplementary Scan -------
.
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\Paltalk Messenger\Paltalk.exe
Trusted Zone: microsoft.com\update
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iyo4bqqg.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iyo4bqqg.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmoznx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Photosynth\Tech Preview\nppsynth.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 23:03:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\GTGina.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\nexon\MapleStory\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-03-29 23:15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-30 06:15:15

Pre-Run: 23,598,899,200 bytes free
Post-Run: 23,472,726,016 bytes free

275 --- E O F --- 2009-03-15 04:02:40




Unfortunately now the computer won't connect to the internet. I'm on my laptop and the internet is working fine on other computers in the house, we have a router and I use an external wireless card for my PC. I've tried restarting and repairing the connection but nothing seems to work...

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:12 AM

Posted 30 March 2009 - 05:54 PM

Hello,

That's some nasty stuff you had there. :thumbup2:

Go to Start > Run and type cmd
A dos Window will appear.
Type next in the dos window: netsh winsock reset
hit enter.

REBOOT!!

I hope this should solve your broken connection. Let me know. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 JoE Cardenas

JoE Cardenas
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 30 March 2009 - 06:31 PM

no, unfortunately that didn't work. I did it a couple of times, restarting after each one of course and I still can't connect. :-P

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:12 AM

Posted 30 March 2009 - 07:49 PM

Might seem like a silly basic question, but have you tried reinstalling your Belkin Wireless? Also, please be sure Comodo isn't blocking access.

I've looked through everything, and ComboFix did not delete anything that would have caused you to lose your connection.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 JoE Cardenas

JoE Cardenas
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 30 March 2009 - 08:21 PM

It's actually a linksys cisco router and I don't remeber how to install it...My computer is the only that seems to have the problem tho. All the other wireless machines in my house still have internet. Comodo doesn't load on startup so I know that's not an issue.

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:12 AM

Posted 30 March 2009 - 08:35 PM

Hi,

Sorry....I was just going by this WLService.exe, which Googled as a Belkin. I do see the entries for Linksys as well. :thumbup2: The malware present in these logs is the likely culprit at any rate. I just want to be sure to eliminate other possibilities.

Try this:

Download to your Desktop TCPIP_Fix.exe, a self-extracting ZIP archive from here: http://downloads.malwareremoval.com/BillCa...r/TCPIP_Fix.exe
  • Double-click TCPIP_Fix.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called TCPIP_Fix.
  • Double-click to Open the new Folder, and then double-click the file within: TCPIP_Fix.cmd.
  • A black box will briefly appear and then close. Reboot your machine and do the following:
  • Click Start, click Run, and enter into the command box that opens: CMD and press [Enter]
  • Type:

    netsh int ip reset resetlog.txt
    netsh winsock reset

  • A prompt will appear after a moment that a restart of your computer is necessary. Reboot your computer.
  • You can now delete the download, and the new folder it created -- TCPIP_Fix.
Thanks,
tea

Edited by teacup61, 30 March 2009 - 08:35 PM.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 JoE Cardenas

JoE Cardenas
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 30 March 2009 - 09:09 PM

sorry about correcting you on the router, I just wanted to make sure you had the right info. Anything to help the problem :D

still can't connect...

here's the log if you want to see it:



reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{2FEB69C5-12E0-4566-B174-803FD5CC81A4}\NetbiosOptions
old REG_DWORD = 1

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FEB69C5-12E0-4566-B174-803FD5CC81A4}\AddressType
old REG_DWORD = 1

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FEB69C5-12E0-4566-B174-803FD5CC81A4}\DefaultGateway
old REG_MULTI_SZ =
<empty>

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FEB69C5-12E0-4566-B174-803FD5CC81A4}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FEB69C5-12E0-4566-B174-803FD5CC81A4}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FEB69C5-12E0-4566-B174-803FD5CC81A4}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FEB69C5-12E0-4566-B174-803FD5CC81A4}\SubnetMask
old REG_MULTI_SZ =
255.0.0.0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
<completed>

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:12 AM

Posted 30 March 2009 - 09:53 PM

No need to be sorry at all!

I'll be right back with something else for you to try. I have to go fetch it. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:12 AM

Posted 30 March 2009 - 10:27 PM

Thanks for waiting. :thumbup2: I'm trying....this nasty stuff does all sorts of damage and it isn't always easy to fix. :) Let's try this one :
  • Please download WinsockXPFix from a working machine and copy it to a CD or flash media.
  • Copy the file to the desktop on the non working machine.
  • Double Click on Posted Image on your desktop.
  • Push the Posted Image button.
  • Allow your system to reboot.
Please let me know if your connection is restored in your next reply

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 JoE Cardenas

JoE Cardenas
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 30 March 2009 - 10:59 PM

no, didn't work :thumbup2:

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:12 AM

Posted 30 March 2009 - 11:08 PM

Not out of ideas yet. :thumbup2:

Click on Start, Control Panel, select the Network and Internet Connections category or double click on Network Connections, depending on which View you are using. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item. Write down the settings in case you should need to change them back. Select the radio dial that says Obtain DNS servers automatically.
Press OK twice to get out of the properties screen and reboot if it asks. If it does not prompt you to reboot go ahead and reboot manually.

Let me know. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users