Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

noob please help


  • This topic is locked This topic is locked
15 replies to this topic

#1 Gonz1978

Gonz1978

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 06 April 2009 - 07:41 AM

Big log but i dont have allot of programs. when i log onto a game site ( from this comp) of which i am a member i get message no site attachd to this address.
There is no site configured at this address.

--------------------------------------------------------------------------------
Server srv008006 | Host site is bigpoint.com.

(i can access site easly from my laptop)


DDS (Ver_09-03-16.01) - NTFSx86
Run by Eyro at 13:12:44.57 on 06/04/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1022.376 [GMT 1:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Eyro\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [WD_SRT] "c:\program files\western digital technologies\wd win98 se usb disk driver, v1.00.09\WD_SRT.EXE"
mRun: [Media Codec Update Service] c:\program files\essentials codec pack\update.exe -silent
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinSys2] c:\windows\system32\startup.exe
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\users\eyro\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/armhelper.ocx
TCP: {278BE9C4-18F9-4288-AE46-BCD42671DCC1} = 10.206.65.68 10.206.65.68
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-28 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-28 107912]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20061025.029\IDSvix86.sys [2006-12-13 202872]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-28 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-28 298264]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13 24576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-4-12 106808]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\drivers\fetnd6v.sys [2008-12-4 43520]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2006-10-24 37008]
S2 gupdate1c9b458e9deee5c;Google Update Service (gupdate1c9b458e9deee5c);c:\program files\google\update\GoogleUpdate.exe [2009-4-3 133104]
S3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -n --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [2008-2-24 92032]

=============== Created Last 30 ================

2009-04-05 21:34 158,471,859 a------- c:\windows\MEMORY.DMP
2009-04-03 13:32 <DIR> --d----- c:\programdata\Google Updater
2009-04-03 13:04 <DIR> --d----- c:\users\eyro\appdata\roaming\Coyotes Tale
2009-04-03 13:02 <DIR> --d----- C:\games
2009-03-30 17:05 <DIR> --d----- c:\users\eyro\appdata\roaming\SpinTop Games
2009-03-28 22:57 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-28 20:57 <DIR> --d----- c:\windows\'Full Speed' Internet Booster + Performance Tests
2009-03-28 19:23 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-28 19:23 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-28 19:23 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-28 19:23 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-28 19:22 <DIR> --d----- c:\program files\AVG
2009-03-28 19:22 <DIR> --d----- c:\programdata\avg8
2009-03-28 19:22 <DIR> --d----- c:\progra~2\avg8
2009-03-28 02:03 <DIR> --d----- c:\users\eyro\appdata\roaming\V-Games
2009-03-27 23:09 <DIR> --d----- c:\programdata\PlayFirst
2009-03-26 19:04 92,122,860 a------- c:\windows\system32\xa13644359.exe
2009-03-26 19:04 92,122,860 a------- c:\windows\system32\xa13634703.exe
2009-03-25 23:00 <DIR> --d----- c:\users\eyro\appdata\roaming\Shape games
2009-03-25 22:59 <DIR> --d----- c:\program files\Games
2009-03-25 22:26 <DIR> --d----- c:\programdata\Trymedia
2009-03-25 22:26 <DIR> --d----- c:\progra~2\Trymedia
2009-03-25 22:16 <DIR> --d----- C:\GameHouse Games
2009-03-25 22:13 <DIR> --d----- c:\program files\RealArcade
2009-03-24 21:39 <DIR> --d----- c:\users\eyro\appdata\roaming\SpinTop
2009-03-24 03:11 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-23 20:32 <DIR> --d----- c:\users\eyro\appdata\roaming\Vodafone
2009-03-23 20:32 101,504 a------- c:\windows\system32\drivers\ewusbmdm.sys
2009-03-23 20:31 <DIR> --d----- c:\programdata\Vodafone
2009-03-23 20:31 <DIR> --d----- c:\progra~2\Vodafone
2009-03-23 20:30 <DIR> --d----- c:\program files\Vodafone
2009-03-23 14:30 827,392 a------- c:\windows\system32\wininet.dll
2009-03-23 14:30 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-03-23 13:47 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-03-23 13:46 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-03-22 17:48 2,048 a------- c:\windows\system32\tzres.dll
2009-03-22 17:39 428,544 a------- c:\windows\system32\EncDec.dll
2009-03-22 17:39 217,088 a------- c:\windows\system32\psisrndr.ax
2009-03-22 17:39 293,376 a------- c:\windows\system32\psisdecd.dll
2009-03-22 17:39 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-03-22 17:39 80,896 a------- c:\windows\system32\MSNP.ax
2009-03-22 17:34 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-03-22 17:32 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-03-22 17:32 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-03-22 17:32 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-03-22 17:32 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-03-22 17:32 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-03-22 17:32 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-22 17:32 268,288 a------- c:\windows\system32\schannel.dll
2009-03-22 17:32 296,960 a------- c:\windows\system32\gdi32.dll
2009-03-22 17:32 147,456 a------- c:\windows\system32\Faultrep.dll
2009-03-22 17:32 125,952 a------- c:\windows\system32\wersvc.dll
2009-03-22 17:17 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-03-22 17:17 83,456 a------- c:\windows\system32\wudriver.dll
2009-03-22 17:17 162,064 a------- c:\windows\system32\wuwebv.dll
2009-03-22 17:17 31,232 a------- c:\windows\system32\wuapp.exe
2009-03-22 10:12 <DIR> --d----- c:\users\eyro\appdata\roaming\HCM Updater
2009-03-22 09:50 719,360 a------- c:\windows\system32\bmutil.dll
2009-03-22 09:50 18,816 a------- c:\windows\system32\drivers\tcpipBM.sys
2009-03-22 09:50 8,464 a------- c:\windows\system32\sporder.dll
2009-03-22 09:50 475,136 a------- c:\windows\system32\bmnet.dll
2009-03-22 09:50 270,336 a------- c:\windows\system32\bminstall.dll
2009-03-22 09:50 126,976 a------- c:\windows\system32\bmdumpd.bin
2009-03-18 18:55 <DIR> --d----- c:\program files\SEGA
2009-03-14 13:45 <DIR> --d----- c:\program files\Thief - Deadly Shadows
2009-03-14 00:55 <DIR> --d----- c:\programdata\Electronic Arts
2009-03-14 00:55 <DIR> --d----- c:\progra~2\Electronic Arts
2009-03-14 00:55 6,880 a------- c:\windows\system32\ealregsnapshot1.reg

==================== Find3M ====================

2009-03-31 19:07 642 a------- c:\users\eyro\appdata\roaming\wklnhst.dat
2009-03-28 20:33 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-28 20:33 51,200 a------- c:\windows\inf\infpub.dat
2009-03-28 20:33 86,016 a------- c:\windows\inf\infstor.dat
2008-07-20 14:45 174 a--sh--- c:\program files\desktop.ini
2008-07-20 14:28 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-10 16:22 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-10 16:22 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-10 16:22 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 13:13:49.07 ===============

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:14 AM

Posted 18 April 2009 - 11:51 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Gonz1978

Gonz1978
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 19 April 2009 - 05:59 PM

i cannot connect to certain web sites ( us.bigpoint.com )
i thought it was only one but there are now more, including my isp vodafone's main web site.
i have ran all scans suggested and all appears clear.
this was my first post about the problem as i thought it may be mall ware.
i am also having problems running inetmgr.exe

also could u please let me know if there is anything i can remove to free up system space i.e redundent items.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Eyro at 23:42:08.86 on 19/04/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1022.218 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Eyro\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [WD_SRT] "c:\program files\western digital technologies\wd win98 se usb disk driver, v1.00.09\WD_SRT.EXE"
mRun: [Media Codec Update Service] c:\program files\essentials codec pack\update.exe -silent
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MobileConnect] c:\program files\vodafone\vodafone mobile connect\bin\MobileConnect.exe /silent
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\users\eyro\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: bmnet.dll
Trusted Zone: bigpoint.com\www.us
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/armhelper.ocx
TCP: {278BE9C4-18F9-4288-AE46-BCD42671DCC1} = 10.203.65.68 10.203.65.68
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-11 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-28 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-28 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-28 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-28 298264]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13 24576]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\drivers\fetnd6v.sys [2008-12-4 43520]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S2 gupdate1c9b458e9deee5c;Google Update Service (gupdate1c9b458e9deee5c);c:\program files\google\update\GoogleUpdate.exe [2009-4-3 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
S3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -n --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [2008-2-24 92032]

=============== Created Last 30 ================

2009-04-19 02:22 <DIR> --d----- c:\programdata\WindowsSearch
2009-04-17 16:43 <DIR> --d----- c:\users\eyro\appdata\roaming\TweakNow RegCleaner
2009-04-17 16:43 <DIR> --d----- c:\program files\TweakNow RegCleaner
2009-04-17 16:04 <DIR> --d----- c:\users\eyro\appdata\roaming\Uniblue
2009-04-16 23:50 <DIR> --d----- c:\programdata\SimCity Societies
2009-04-16 23:50 <DIR> --d----- c:\progra~2\SimCity Societies
2009-04-12 20:44 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-12 05:24 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-04-12 05:24 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-04-12 05:23 <DIR> --d----- c:\users\eyro\appdata\roaming\SUPERAntiSpyware.com
2009-04-12 05:23 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-12 01:15 <DIR> --d----- c:\program files\Crazy Christmas Day
2009-04-11 20:56 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-11 20:56 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-11 20:56 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-04-11 20:56 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-11 20:56 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-11 20:56 11,264 a------- c:\windows\system32\icardres.dll
2009-04-11 20:56 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-11 20:56 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-11 20:47 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-11 20:47 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-11 20:47 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-11 20:47 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-11 20:47 83,968 a------- c:\windows\system32\mscories.dll
2009-04-11 18:56 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-11 18:54 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-11 18:54 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-08 22:59 <DIR> --d----- c:\users\eyro\appdata\roaming\Malwarebytes
2009-04-08 22:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-08 22:59 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-08 22:59 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-08 22:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-08 22:59 <DIR> --d----- c:\progra~2\Malwarebytes
2009-04-06 21:28 <DIR> --d----- c:\users\eyro\appdata\roaming\Bytemobile
2009-04-06 21:20 <DIR> --d----- c:\program files\Vodafone
2009-04-05 21:34 158,471,859 a------- c:\windows\MEMORY.DMP
2009-04-03 13:32 <DIR> --d----- c:\programdata\Google Updater
2009-04-03 13:04 <DIR> --d----- c:\users\eyro\appdata\roaming\Coyotes Tale
2009-04-03 13:02 <DIR> --d----- C:\games
2009-03-30 17:05 <DIR> --d----- c:\users\eyro\appdata\roaming\SpinTop Games
2009-03-28 22:57 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-28 20:57 <DIR> --d----- c:\windows\'Full Speed' Internet Booster + Performance Tests
2009-03-28 19:23 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-28 19:23 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-28 19:23 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-28 19:23 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-28 19:22 <DIR> --d----- c:\program files\AVG
2009-03-28 19:22 <DIR> --d----- c:\programdata\avg8
2009-03-28 19:22 <DIR> --d----- c:\progra~2\avg8
2009-03-28 02:03 <DIR> --d----- c:\users\eyro\appdata\roaming\V-Games
2009-03-27 23:09 <DIR> --d----- c:\programdata\PlayFirst
2009-03-26 19:04 92,122,860 a------- c:\windows\system32\xa13644359.exe
2009-03-26 19:04 92,122,860 a------- c:\windows\system32\xa13634703.exe
2009-03-25 23:00 <DIR> --d----- c:\users\eyro\appdata\roaming\Shape games
2009-03-25 22:59 <DIR> --d----- c:\program files\Games
2009-03-25 22:26 <DIR> --d----- c:\programdata\Trymedia
2009-03-25 22:26 <DIR> --d----- c:\progra~2\Trymedia
2009-03-25 22:16 <DIR> --d----- C:\GameHouse Games
2009-03-25 22:13 <DIR> --d----- c:\program files\RealArcade
2009-03-24 21:39 <DIR> --d----- c:\users\eyro\appdata\roaming\SpinTop
2009-03-24 03:11 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-23 20:32 <DIR> --d----- c:\users\eyro\appdata\roaming\Vodafone
2009-03-23 20:32 101,504 a------- c:\windows\system32\drivers\ewusbmdm.sys
2009-03-23 20:31 <DIR> --d----- c:\programdata\Vodafone
2009-03-23 20:31 <DIR> --d----- c:\progra~2\Vodafone
2009-03-23 14:30 827,392 a------- c:\windows\system32\wininet.dll
2009-03-23 14:30 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-03-23 13:47 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-03-23 13:46 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-03-22 17:48 2,048 a------- c:\windows\system32\tzres.dll
2009-03-22 17:39 428,544 a------- c:\windows\system32\EncDec.dll
2009-03-22 17:39 217,088 a------- c:\windows\system32\psisrndr.ax
2009-03-22 17:39 293,376 a------- c:\windows\system32\psisdecd.dll
2009-03-22 17:39 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-03-22 17:39 80,896 a------- c:\windows\system32\MSNP.ax
2009-03-22 17:34 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-03-22 17:32 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-03-22 17:32 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-03-22 17:32 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-03-22 17:32 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-03-22 17:32 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-03-22 17:32 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-22 17:32 268,288 a------- c:\windows\system32\schannel.dll
2009-03-22 17:32 296,960 a------- c:\windows\system32\gdi32.dll
2009-03-22 17:32 147,456 a------- c:\windows\system32\Faultrep.dll
2009-03-22 17:32 125,952 a------- c:\windows\system32\wersvc.dll
2009-03-22 17:17 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-03-22 17:17 83,456 a------- c:\windows\system32\wudriver.dll
2009-03-22 17:17 162,064 a------- c:\windows\system32\wuwebv.dll
2009-03-22 17:17 31,232 a------- c:\windows\system32\wuapp.exe
2009-03-22 10:12 <DIR> --d----- c:\users\eyro\appdata\roaming\HCM Updater
2009-03-22 09:50 719,360 a------- c:\windows\system32\bmutil.dll
2009-03-22 09:50 18,816 a------- c:\windows\system32\drivers\tcpipBM.sys
2009-03-22 09:50 8,464 a------- c:\windows\system32\sporder.dll
2009-03-22 09:50 475,136 a------- c:\windows\system32\bmnet.dll
2009-03-22 09:50 270,336 a------- c:\windows\system32\bminstall.dll
2009-03-22 09:50 126,976 a------- c:\windows\system32\bmdumpd.bin

==================== Find3M ====================

2009-04-11 21:06 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-11 21:06 51,200 a------- c:\windows\inf\infpub.dat
2009-04-11 21:06 86,016 a------- c:\windows\inf\infstor.dat
2009-04-07 18:26 1,022 a------- c:\users\eyro\appdata\roaming\wklnhst.dat
2009-03-14 00:55 6,880 a------- c:\windows\system32\ealregsnapshot1.reg
2008-07-20 14:45 174 a--sh--- c:\program files\desktop.ini
2008-07-20 14:28 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-10 16:22 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-10 16:22 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-10 16:22 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 23:43:02.43 ===============

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:14 AM

Posted 19 April 2009 - 07:27 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Download and scan with Spybot S&D 1.6.0
http://www.safer-networking.org/en/download/index.html

1. Install Spybot. Be sure to UNCHECK TeaTimer when presented with the option to install.
2. Run Spybot, go to the Menu Bar at the top choose Mode and make certain that "Default mode" has a check mark beside it.
3. Click the button "Search for Updates".
4. If any updates are found, install them by placing a checkmark next to each one and clicking "Download Updates".If you encounter any error messages while downloading the updates, manually download them from here.
5. Click on "Immunize". When it detects what has or has not been blocked, block all remaining items by clicking the green plus sign next to immunize at the top.
6. Click the button "Check for Problems".
7. When Spybot is complete, it will be showing RED entries, bold BLACK entries and GREEN entries in the window.
8. Make certain there is a check mark beside all of the RED entries ONLY.
9. Choose "Fix Selected Problems" and allow Spybot to fix the RED entries.
10. When the fix is done, right click in the white area of the report and select save results to file. Save the file and the attach it to your next post.
11. REBOOT to complete the scan and clear memory.

Note: After Windows loads, Spybot may run again to clean some files that it could not clean during the prior session. Follow the same procedure.

Test out your browser and see if you are getting blocked from going to the sites you were being blocked at. If you are still being blocked, can you give me the exact message, or take a screenshot and post it?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 Gonz1978

Gonz1978
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 23 April 2009 - 07:29 AM

hi sorry for the late reply but ran out of download limit.
this is the spybot report.
Congratulations!: No immediate threats were found. (Status)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2007-09-23 unins000.exe (51.41.0.0)
2009-04-23 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-03-25 Includes\Adware.sbi (*)
2009-04-21 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-31 Includes\Dialer.sbi (*)
2009-04-21 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-04-21 Includes\Hijackers.sbi (*)
2009-04-21 Includes\HijackersC.sbi (*)
2009-03-17 Includes\Keyloggers.sbi (*)
2009-04-21 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-04-07 Includes\Malware.sbi (*)
2009-04-21 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-03-31 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-04-21 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-04-21 Includes\SpywareC.sbi (*)
2009-04-07 Includes\Tracks.uti
2009-04-21 Includes\Trojans.sbi (*)
2009-04-21 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

i have ran scans with
avg
spybot 1.5.9 & 1.6.2
mallwarebites
superantispy
adware
tweeknow regcleaner.

all clean!

Also spoken to vodafone tech team and they reset my dongle. they connected via a different vodafone dongle and got a connection to bigpoint.com.
( the problem also happens to my laptop with same dongle, but also connects via a hardline internet connection )

error message from all site links... There is no site configured at this address.

--------------------------------------------------------------------------------
Server srv008007 | Host

Also on the vodafone forum there are lots of peaple with the same problem. all still waiting for a resolve from vodafone

Edited by Gonz1978, 23 April 2009 - 08:38 AM.


#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:14 AM

Posted 23 April 2009 - 11:41 AM

Has this happened the entire time you have had this service? Or did it start sometime after you got it?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 Gonz1978

Gonz1978
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 24 April 2009 - 03:27 PM

it worked for 2 weeks with out a problem. then for the third week it was intermitant, usually during the third week i would turn off and unpluged the computer leave it for 5 mins then restart and i could then be able to log on to the site. towards the end of the third week it stopped entirely. now no links to the site work at all.
ive tryed the uk server uk.bigpoint.com
german server de.bigpoint.com
and the us server us.bigpoint.com

also tryed loging onto other games on the site (since the problem started not before.) DARK ORBIT being one of them.

DARKORBIT is the problem posted on the vodafone web site.
this is the post from vodafone ( not my post ) it may mean u cant help further but thats life!

post
Hi Pretty Please Help ME

'Website' in the following refers to the website www.darkorbit.com

For the past few weeks now i have been having problems connecting to my gaming website thru Vodafone. At times i can resolve this by disconnecting and reconecting and most times this works, but now for nearly a week i can not connect and no matter what i have tried it has not worked.

I can show that if i connect to the website thru Vodafone i get a browser message of,

'There is no site configured at this address'

It's as if the website has vanished,

However if i hide my Vodafone connection behind another Proxy server i can load the Login page of the website, but as expected not been able to enter mylogin info.
But if i disconnect from Vodafone and use another service provider, example my neighbors wireless connection i can connect to the website and play.

More info can be provided.

I use the Vodafone USB Dongel

I have done the standard stuff, Cache clearing, addon cache clearing ie, flashplayers, checked antivirus, firewall settings, disc cleaned and defraged, Uninstalled the VMC Lite programme and reinstalled it. My Content bar is supposed to be removed.

I dunno what to do

So i Took a deep breath and counted to 100. and wrote to you

It feels like Vodafone have upset the website im trying to access and stoped users connecting

Other then this lil problem, everything is fine, i can zip around the web, and at a pretty good speeds.

Sheep x

vodafone
Hi there Sheep, welcome to the eForum!

I'm sure we can get this sorted out for you!

I've had a look at the websote you mention, and it seems to load ok from a normal browser, so the connection problem can only be a couple of things - they're not letting the modems connects, or we're not!

I'm not in the office today to try and recreate this on one of our modems, but I'll have a look at it first thing tomorrow and get back to you as soon as I have some more info

Paul
eForum Team


Hi again Vodafone support dudes.

I wrote an e-mail to Dark Orbit Support, Sorry but as previous correspondances to them in the past have turn up rubbish.

As follows.............

Dear Sheep,

Thank you for taking the time to contact us with your concerns. My name is
Benjamin Cory and I am happy to assist you further.

Have you already contacted Vodafone about this problem? We had a similar issue
with Virgin media internet users from the uk. IT turned out the changes their
configurations and that kept players from connecting to us.

It is my pleasure to assist you. Please do not hesitate to contact us again
if you need further assistance.

Thank you for playing our Games.

Sincerely,
Benjamin Cory
--
Bigpoint Support Team
Phone: +49 (0) 40 - 600 80 99 - 0
Fax: +49 (0) 40 - 600 80 99 - 99

Arghhhh

Finally... i know you said its early days yet, but ermmm it's been nearly a week now,


vodafones reply

Hi Guys,

I can understand how frustrated you all at this issue.

Be assured we are looking into the issue and Jon is tracking this. Unfortunately we cannot give any timescales on a resolution for the issue but as soon as we know we will update the thread accordingly.

I am going to close this thread until we have a resolution and Jon will update this once we have a resolution.

Thanks for you patience in this matter.

David
eForum Team

i hope this dosn't mean ive been waisting your time. :-)

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:14 AM

Posted 24 April 2009 - 06:39 PM

Not really. You have a problem, you came for help. So time is not being wasted. Try this, while trying to go to one of the websites.

Click start-->run
Type cmd in the Run box.
In the command prompt that opens, type or copy and paste the following:
netstat -b 5 > activity.txt

Press Enter. Wait 2 minutes then press Ctrl+C.
Type activity.txt on the command line to open the log file in notepad.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 Gonz1978

Gonz1978
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 25 April 2009 - 07:49 AM

followed your instructions the result opened in notepad :

The requested operation requires elevation.

is this the reply u were looking for?

I have ran (just the one word) netstat in cmd and all ports are established. including
spaceinvasion-36-www:http established.

the webpage still comes up no site configured to this address

#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:14 AM

Posted 25 April 2009 - 02:09 PM

Try opening a command prompt this way, go to all programs, then accessories, then command prompt. Right click on the command prompt shortcut and select run as administrator. Then type or copy and paste the following:
netstat -b 5 > activity.txt

Press Enter. Wait 2 minutes then press Ctrl+C.
Type activity.txt on the command line to open the log file in notepad.

Again do this why trying to logging into one of the websites that you are not able to get to.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 Gonz1978

Gonz1978
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 26 April 2009 - 10:02 AM

right this looks more like it!


Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49360 fg-in-f19:http TIME_WAIT
TCP 10.49.10.84:49372 ww-in-f147:http TIME_WAIT
TCP 10.49.10.84:49374 ww-in-f113:http TIME_WAIT
TCP 10.49.10.84:49376 www:http TIME_WAIT

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49360 fg-in-f19:http TIME_WAIT
TCP 10.49.10.84:49372 ww-in-f147:http TIME_WAIT
TCP 10.49.10.84:49374 ww-in-f113:http TIME_WAIT
TCP 10.49.10.84:49376 www:http TIME_WAIT
TCP 10.49.10.84:49378 62.146.187.156:http ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:10080 Eyro-PC:49377 ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:49377 Eyro-PC:10080 ESTABLISHED
[iexplore.exe]

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49360 fg-in-f19:http TIME_WAIT
TCP 10.49.10.84:49372 ww-in-f147:http TIME_WAIT
TCP 10.49.10.84:49374 ww-in-f113:http TIME_WAIT
TCP 10.49.10.84:49376 www:http TIME_WAIT
TCP 10.49.10.84:49378 62.146.187.156:http ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:10080 Eyro-PC:49377 ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:49377 Eyro-PC:10080 ESTABLISHED
[iexplore.exe]

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49360 fg-in-f19:http TIME_WAIT
TCP 10.49.10.84:49372 ww-in-f147:http TIME_WAIT
TCP 10.49.10.84:49374 ww-in-f113:http TIME_WAIT
TCP 10.49.10.84:49376 www:http TIME_WAIT
TCP 10.49.10.84:49378 62.146.187.156:http ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:10080 Eyro-PC:49377 ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:49377 Eyro-PC:10080 ESTABLISHED
[iexplore.exe]

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49360 fg-in-f19:http TIME_WAIT
TCP 10.49.10.84:49372 ww-in-f147:http TIME_WAIT
TCP 10.49.10.84:49374 ww-in-f113:http TIME_WAIT
TCP 10.49.10.84:49376 www:http TIME_WAIT
TCP 10.49.10.84:49378 62.146.187.156:http ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:10080 Eyro-PC:49377 ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:49377 Eyro-PC:10080 ESTABLISHED
[iexplore.exe]

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49360 fg-in-f19:http TIME_WAIT
TCP 10.49.10.84:49372 ww-in-f147:http TIME_WAIT
TCP 10.49.10.84:49374 ww-in-f113:http TIME_WAIT
TCP 10.49.10.84:49376 www:http TIME_WAIT
TCP 10.49.10.84:49378 62.146.187.156:http ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:10080 Eyro-PC:49377 ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:49377 Eyro-PC:10080 ESTABLISHED
[iexplore.exe]

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49360 fg-in-f19:http TIME_WAIT
TCP 10.49.10.84:49372 ww-in-f147:http TIME_WAIT
TCP 10.49.10.84:49374 ww-in-f113:http TIME_WAIT
TCP 10.49.10.84:49376 www:http TIME_WAIT
TCP 10.49.10.84:49378 62.146.187.156:http ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:10080 Eyro-PC:49377 ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:49377 Eyro-PC:10080 ESTABLISHED
[iexplore.exe]

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49378 62.146.187.156:http ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:10080 Eyro-PC:49377 ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:49377 Eyro-PC:10080 ESTABLISHED
[iexplore.exe]

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49378 62.146.187.156:http ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:10080 Eyro-PC:49377 ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:49377 Eyro-PC:10080 ESTABLISHED
[iexplore.exe]

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49378 62.146.187.156:http ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:10080 Eyro-PC:49377 ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:49377 Eyro-PC:10080 ESTABLISHED
[iexplore.exe]

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49378 62.146.187.156:http ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:10080 Eyro-PC:49377 ESTABLISHED
[avgnsx.exe]
TCP 127.0.0.1:49377 Eyro-PC:10080 ESTABLISHED
[iexplore.exe]

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49378 62.146.187.156:http TIME_WAIT

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49378 62.146.187.156:http TIME_WAIT

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49378 62.146.187.156:http TIME_WAIT

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49378 62.146.187.156:http TIME_WAIT

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49378 62.146.187.156:http TIME_WAIT

Active Connections

Proto Local Address Foreign Address State
TCP 10.49.10.84:49378 62.146.187.156:http TIME_WAIT

Active Connections

Proto Local Address Foreign Address State

comp is running slow on the net today with many pages having trouble loading or timing out. i will post another when log when its running properly incase theres a significant diference. Either way bigpoint dosn't load.

#12 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:14 AM

Posted 26 April 2009 - 10:41 AM

Another log will not make a difference. Are you connecting to the internet thru a Proxy Server? Does your ISP use special software to connect with?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#13 Gonz1978

Gonz1978
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 27 April 2009 - 07:35 AM

Vodafone use an optimiser when it connects to broadband. (i dont know how to access it yet ) but that is the only special/ specific software i can find relating to the internet connection.

yes vodafone is/uses a proxy server.

I tryed using an online anonymous proxy server (hideany.com) this allowed me to access the site but not all the features ie when a new window is used to open a new page not all pages would load properly. some will some wont. so not realy a viable option.

#14 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:14 AM

Posted 27 April 2009 - 10:06 AM

That proxy is what is blocking the connection. See the entries TCP 10.49.10.84:49378 62.146.187.156:http TIME_WAIT The first IP is your IP address on your ISP's LAN. The second is the IP for bigpoint. But the number right after your IP address, 49378, is the port that it is using. As this is a non standard port for A NY HTTP traffic, it is telling me that your ISP is using a proxy. As big point responds to me, and not to you, then I would have to say it's the proxy killing the connection. And when tested Big Point only has an average of 150ms lag time, so its not even taking an overly long time responding.

I don't think there is any thing else I can help you with on this issue. It will be up to your ISP to deal with it.

Do you have any other questions or concerns that I can help you with?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#15 Gonz1978

Gonz1978
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 28 April 2009 - 04:56 AM

cheers for your help ... i will know what to look for now...
once u said about the proxy it confermed that that was the problem and now i can show my isp the bit of info they'll need to see. also i have found a decent online anonymous proxy server. had to try a few first before i got a good one. it has allowd me to play the game. so if others contact u with the same problem thats the way to go untill their isp sorts its self out..
thanks again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users