Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

It seems that third party programs that connect to the internet by default will not start


  • This topic is locked This topic is locked
2 replies to this topic

#1 suavecu

suavecu

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 22 September 2010 - 12:33 PM

Hello and thanks in advance,

Starting yesterday, when I try to launch most third party programs (Google chrome, Skype, Evernote, Jing, and others) that connect to the internet they will not start and cause windows to say that it has encountered a problem (I have attachd the image of the screen shot)

Anyways, I know this started happening on Tuesday morning because when I view the event log any time I try to start an application an error gets thrown. I have tried downloading malwarebytes, however, after I install it, it will not connect to the internet to download the latest updates. It throws an error. So it seems that I can only use Microsoft programs (although dropbox, symantec endpoint protection, and tweetdeck, seem to work) to access the internet, but that may not be the cause at all. I tried uninstalling the programs and reinstalling them, but that didn't work either. My helpdesk is saying nothing is wrong with my computer because the apps that are throwing the error are not supported, which is a bit ridiculous because they are just the ones that are pointing out the problem.

Here is the output from my Hijackthis log, and from my eyes I cannot see what is really wrong with my pc. I can install lookinmypc to see everything installed and print out that log if you want as well. Anways, any help that can be given would be greatly appreciated.

I ran a full virus scan with symatec endpoint protection and it returned one tracking cookie that it deleted.
When I ran malwarebytes that my corp gave me, it found three things that it automatically deleted.
I have downloaded another version of malwarebytes from the internet and that seemed to be able to download the latest updates and is running a quick scan now.

Also, here is my Hijackthis log (it is also in the attachments):

QUOTE
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:03:05 PM, on 9/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
C:\WINDOWS\system32\BEDevCtl.exe
C:\WINDOWS\system32\BEFCSvcn.exe
C:\Program Files\Marimba\Castanet Tuner\Tuner.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\SGN_MasterServicen.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Utimaco\SafeGuard Enterprise\Client\SGNMaster.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ncarrierlocal\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\ncarrierlocal\My Documents\Downloads\jing_setup.exe
c:\Program Files\Marimba\.marimba\CGEYMARIMBA\ch.2\data\sum.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Common Files\Symantec Shared\COH\coh32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [ProfileBackup] wscript C:\windows\system32\Profilebackup.vbs
O4 - HKLM\..\Run: [SGNMasterApplication] C:\Program Files\Utimaco\SafeGuard Enterprise\Client\SGNMaster.exe
O4 - HKLM\..\Run: [AgentUiRunKey] "C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/
O4 - HKLM\..\Run: [T-Mobile webConnect Manager] "C:\Program Files\T-Mobile\webConnect Manager\TMobileCM.exe" -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\ncarrierlocal\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=myportal.nar.capgemini.com
O15 - Trusted Zone: *.nar.capgemini.com
O15 - Trusted Zone: *.capgemini.com
O15 - Trusted Zone: *.capgemini.fr
O15 - Trusted Zone: *.capgemini.sumtotalsystems.com
O15 - Trusted Zone: *.Cgcontent.skillwsa.com
O15 - Trusted Zone: *.cgey.com
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: *.resources.hewitt.com
O15 - Trusted Zone: *.hewitt.com
O15 - Trusted Zone: *.hp.com
O15 - Trusted Zone: *.insors.net
O15 - Trusted Zone: *.livemeeting.com
O15 - Trusted Zone: *.placeware.com
O15 - Trusted Zone: *.probusiness.com
O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: *.skillsoft.com
O15 - Trusted Zone: *.sumtotalsystems.com
O15 - Trusted Zone: *.talkpoint.com
O15 - Trusted Zone: *.travelport.net
O15 - Trusted Zone: *.windowsmedia.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {29F9C6B1-034C-4B69-BE8C-C6106DB8227A} (ACCReqCheck.UserControl1) - http://software.nar.capgemini.com/files/ACCReqCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199798166328
O16 - DPF: {D3BF9403-24D4-47C0-8D49-0954ADAE8338} (AccDeplCntl.UserControl1) - http://software.nar.capgemini.com/files/Deployment.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.capgemini.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.capgemini.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B4A4DA5-F3E7-4921-AFB1-C503B121150F}: Domain = corp.capgemini.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B4A4DA5-F3E7-4921-AFB1-C503B121150F}: NameServer = 206.245.13.36,206.245.43.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.capgemini.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = corp.capgemini.com,corp.capgemini.com,na.capgemini.com,nar.capgemini.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.capgemini.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = corp.capgemini.com,na.capgemini.com,nar.capgemini.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.capgemini.com,corp.capgemini.com,na.capgemini.com,nar.capgemini.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SGSSOGinaExtension - C:\Program Files\Utimaco\SafeGuard Enterprise\SSO\SGSSOGinaExtension.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AgentService - Iron Mountain Incorporated - C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
O23 - Service: SafeGuardŽ Device Encryption Controller (BEDevCtl) - Utimaco Safeware AG - C:\WINDOWS\system32\BEDevCtl.exe
O23 - Service: SafeGuardŽ Kernel Feature Client (BEFCSvcn) - Utimaco Safeware AG - C:\WINDOWS\system32\BEFCSvcn.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CGEYMARIMBA - Marimba, Inc. - C:\Program Files\Marimba\Castanet Tuner\Tuner.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: IntelŽ PROSet/Wireless Event Log (EvtEng) - IntelŽ Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: IntelŽ PROSet/Wireless Registry Service (RegSrvc) - IntelŽ Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: IntelŽ PROSet/Wireless WiFi Service (S24EventMonitor) - IntelŽ Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SafeGuardŽ Log Service (SGN_LogSystem) - Utimaco Safeware AG - C:\WINDOWS\system32\SGN_MasterServicen.exe
O23 - Service: SafeGuardŽ System Event Manager (SGN_Sem) - Utimaco Safeware AG - C:\WINDOWS\system32\SGN_MasterServicen.exe
O23 - Service: SafeGuardŽ Transport Service (SGN_Trans) - Utimaco Safeware AG - C:\WINDOWS\system32\SGN_MasterServicen.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
O23 - Service: T-Mobile RcApp Svc (TMobileRcAppSvc) - SmithMicro Inc. - C:\Program Files\T-Mobile\webConnect Manager\RcAppSvc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: XobniService - Unknown owner - C:\Program Files\Xobni\XobniService.exe (file missing)

--
End of file - 11495 bytes


Thanks again,

After going through the instructions, I have also attached the DDS.txt and Attach.txt files. When I try to run the GMER, my computer blue screens after a bit. So annoying.

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 22 September 2010 - 04:11 PM.
Moved from XP forum to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 suavecu

suavecu
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 23 September 2010 - 12:52 PM

I had two viruses that were picked up today by the Symantec End Point Protection program and were quarantined. They were backdoor.trojans named esenperf.dll. Topic Closed.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 AM

Posted 23 September 2010 - 04:22 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users