[Unable to connect to internet, use messenger or AVG, etc]

TinyTuba822 · 3 Weeks Ago

Yes, I am back with yet another computer. This time, The computer cannot browse the web at all. It has been like this for at least a week. I can connect to wireless networks, but the browsers do not work and neither do the messengers. AVG doesn't scan, and adaware 2008 says it cannot open because it cant get online. Help please?

Computer is a dell dimension 8400
OS is XP media center 05 with SP2
memory is 1 gb
and processor is 3.4 GHz

**PeteC** · 3 Weeks Ago

Quote:

Yes, I am back with yet another computer.

So you should know the drill by now - read ....

http://www.WindowsBBS.com/malware-virus-removal/announcements.html

**PeteC** · 3 Weeks Ago

Please observe Posting Rules #3 - Meaningful Subject - I have adjusted your title.

TinyTuba822 · 3 Weeks Ago

HJT logifle:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:03 PM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\system32\cisvc.exe
C:\WINXP\system32\CTsvcCDA.EXE
C:\WINXP\eHome\ehRecvr.exe
C:\WINXP\eHome\ehSched.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINXP\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINXP\system32\MsPMSPSv.exe
C:\WINXP\system32\dllhost.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINXP\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINXP\system32\wuauclt.exe
C:\WINXP\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINXP\system32\hp100.tmp (file missing)
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINXP\system32\hp100.tmp (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137309636114
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...nerInstall.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - https://webapps.eku.edu/stunav/webinst.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zang...55e39bbcd1b030
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/...l/gtdownde.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - E:\aawservice.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe

--
End of file - 8201 bytes

I cannot run DSS on the infected computer because it locks up while its running. There are no programs open to cause it to freeze either.

**Geri** · 3 Weeks Ago

Hi TinyTuba822

Please do the following.

Please download SmitfraudFix (by S!Ri) to your Desktop.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK

I see you have P2P software ( Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Virus and Spyware removal.

Please post the Smitfraud log and try Deckards again and post it if it will run now.

Thanks
Geri

TinyTuba822 · 3 Weeks Ago

This computer I am using is not allowing me to access Smitfraudfix.exe. I can't get the file to the infected computer. AVG keeps telling me this is a potentially harmful threat, and I clicked ignore. I also closed AVG. However I don not know how to get around these download settings. The computer I am trying to download it on is running Vista 32 bt.

**Geri** · 3 Weeks Ago

Hi
You understand that all you need to do is download the smitfraud applacation and then transfer it. Don't do the run part until on the infected computer.

Lets try this.
Disable UAC
To disable the UAC, enter the Control Panel and type UAC in the search box.

The first result returned by the search will be User Accounts – Turn User Account Control (UAC) on or off.
Click on it and the UAC window will open. Deselect the option Use User Account Control (UAC) to help protect your computer and press the OK button.
Windows Vista will ask you to restart your computer. After the restart, UAC will be disabled
It is very important to turn this back on after downloading the tool.

See if you can now download smitfraud. if so, transfer it and then delete it from the vista machine and turn UAC back on. Do not do any surfing with UAC off.

Let me know.
Geri

TinyTuba822 · 3 Weeks Ago

No, I still can't download it. I'm even posting with the UAC off, and I probably shouldn't. I know my way around XP, but not Vista.

**Geri** · 3 Weeks Ago

Hi
OK Lets see if we turn AVG off this way.

Instructions here for turning it off.
http://www.bleepingcomputer.com/forums/topic114351.html

Geri

TinyTuba822 · 3 Weeks Ago

Got it. I ran smitfraudfix.exe and dss.exe. Here are the logs.

SmitFraudFix v2.331

Scan done at 13:00:26.26, Mon 07/28/2008
Run from C:\Documents and Settings\Brian.BULLSHIT\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D56DA9D9-46FF-45A2-8A0F-D2D44C423BCC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D56DA9D9-46FF-45A2-8A0F-D2D44C423BCC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D56DA9D9-46FF-45A2-8A0F-D2D44C423BCC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Deckard's System Scanner v20071014.68
Run by Brian on 2008-07-28 13:39:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 5 Restore Point(s) --
54: 2008-07-26 16:12:44 UTC - RP467 - Deckard's System Scanner Restore Point
53: 2008-07-26 06:36:25 UTC - RP466 - System Checkpoint
52: 2008-07-19 14:44:28 UTC - RP465 - Software Distribution Service 3.0
51: 2008-07-19 02:07:12 UTC - RP464 - Software Distribution Service 3.0
50: 2008-07-18 06:43:33 UTC - RP463 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-04-28 07:33:18 UTC - RP414 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Brian.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:42, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\system32\cisvc.exe
C:\WINXP\system32\CTsvcCDA.EXE
C:\WINXP\eHome\ehRecvr.exe
C:\WINXP\eHome\ehSched.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINXP\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINXP\system32\MsPMSPSv.exe
C:\WINXP\system32\dllhost.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINXP\system32\wuauclt.exe
C:\WINXP\system32\wuauclt.exe
F:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Office12\GRA8E1~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office12\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137309636114
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...nerInstall.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - https://webapps.eku.edu/stunav/webinst.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zang...55e39bbcd1b030
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/...l/gtdownde.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Office12\GR99D3~1.DLL (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - E:\aawservice.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - E:\Office12\GrooveAuditService.exe (file missing)
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe

--
End of file - 8059 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\winxp\system32\drivers\bantext.sys
R3 MAC607 (MAC607 Filter) - c:\winxp\system32\drivers\mac607.sys

S0 Spssys (Toshiba SPS Service) - c:\winxp\system32\drivers\spssys.sys (file missing)
S3 A3AB (D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)) - c:\winxp\system32\drivers\a3ab.sys <Not Verified; D-Link Corporation; D-Link Wireless Network adapter>
S3 bvrp_pci - c:\winxp\system32\drivers\bvrp_pci.sys
S3 iMSPCLOj - c:\docume~1\brian~1.bul\locals~1\temp\imspcloj.sys (file missing)
S3 USBAAPL (Apple Mobile USB Driver) - c:\winxp\system32\drivers\usbaapl.sys (file missing)
S3 xbreader (MaxDrive XBox Driver (xbreader.sys)) - c:\winxp\system32\drivers\xbreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 MaxBackServiceInt - "c:\program files\maxtor\maxtor backup\maxbackserviceint.exe" <Not Verified; ; MaxBackServiceInt Module>
R2 NTService1 (MaxSyncService) - "c:\program files\maxtor\utils\syncservices.exe" <Not Verified; ; SyncServices>

S2 aawservice (Lavasoft Ad-Aware Service) - e:\aawservice.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 Microsoft Office Groove Audit Service - e:\office12\grooveauditservice.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01771028&REV_01\4&1D7EFF9E&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01771028&REV_01\4&1D7EFF9E&0&00E0
Service:

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 12:58:37 1244 --a------ C:\WINXP\system32\tmp.reg
2008-07-28 12:58:07 25600 --a------ C:\WINXP\system32\WS2Fix.exe
2008-07-28 12:58:07 289144 --a------ C:\WINXP\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-28 12:58:07 86528 --a------ C:\WINXP\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-28 12:58:07 288417 --a------ C:\WINXP\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-28 12:58:07 53248 --a------ C:\WINXP\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-28 12:58:07 82944 --a------ C:\WINXP\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-28 12:58:07 51200 --a------ C:\WINXP\system32\dumphive.exe
2008-07-28 12:58:07 81920 --a------ C:\WINXP\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-26 12:12:14 0 d-------- C:\Program Files\Trend Micro
2008-07-18 22:31:21 0 d-------- C:\WINXP\system32\scripting
2008-07-18 22:31:20 0 d-------- C:\WINXP\l2schemas
2008-07-18 22:31:19 0 d-------- C:\WINXP\system32\en
2008-07-18 22:31:18 0 d-------- C:\WINXP\system32\bits
2008-07-18 22:25:39 0 d-------- C:\WINXP\ServicePackFiles
2008-07-18 22:23:00 0 d-------- C:\WINXP\network diagnostic
2008-07-18 21:23:33 3840 --a------ C:\WINXP\system32\drivers\BANTExt.sys
2008-07-18 21:23:33 0 d-------- C:\Program Files\Belarc
2008-07-18 00:14:08 0 d--h----- C:\$AVG8.VAULT$
2008-07-17 20:37:39 0 d-------- C:\Program Files\Microsoft Works
2008-07-17 20:36:10 0 d-------- C:\Program Files\MSBuild
2008-07-17 20:24:44 0 d-------- C:\Program Files\Microsoft.NET
2008-07-17 20:11:09 0 d-------- C:\WINXP\SHELLNEW
2008-07-10 12:40:22 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Lavasoft
2008-07-10 11:26:18 0 d-------- C:\Program Files\The Weather Channel FW
2008-07-10 11:23:20 0 d-------- C:\WINXP\system32\drivers\Avg
2008-07-10 11:23:10 0 d-------- C:\Program Files\AVG
2008-07-10 11:23:10 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-20 21:41:40 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 22:32:51 0 d-------- C:\Program Files\Messenger
2008-07-18 22:31:17 0 d-------- C:\Program Files\Movie Maker
2008-07-18 22:25:12 0 d-------- C:\Program Files\Windows NT
2008-07-18 01:00:07 0 d-------- C:\Program Files\GameSpy Arcade
2008-07-17 20:31:31 0 d-------- C:\Program Files\Common Files
2008-07-17 19:26:51 0 d-------- C:\Program Files\Finale 2007
2008-07-12 06:39:57 0 d-------- C:\Program Files\Java
2008-06-16 10:09:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-16 10:09:49 0 d-------- C:\Program Files\Maxtor

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [12/04/2005 20:39]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/19/2008 09:02]
"MaxtorOneTouch"="C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [08/11/2006 08:45]
"@"="" []
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [08/11/2006 11:15]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/10/2008 11:23]
"GrooveMonitor"="E:\Office12\GrooveMonitor.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24]
"ctfmon.exe"="C:\WINXP\system32\ctfmon.exe" [08/10/2004 08:00]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 16:18]

C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe [1/26/2006 5:55:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"InstallVisualStyle"=C:\WINXP\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINXP\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINXP\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawser vice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Brian.BULLSHIT^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Brian.BULLSHIT\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINXP\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINXP\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1137307829\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 P17.dll,P17Helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
"C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon]
C:\Program Files\TBONBin\tbon.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINXP\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Windows Visual V2.0]
C:\WINXP\msiutil.exe

-- End of Deckard's System Scanner: finished at 2008-07-28 13:41:11 ------------

**Geri** · 3 Weeks Ago

Hi TinyTuba822
Are you able to connect to the internet now?

Geri

TinyTuba822 · 3 Weeks Ago

Sadly, no. I wish I was, because I really need updates too. Also, one step of the cleaning process never happened. Smitfraudfixe.exe never asked me about this:

"The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter"."

I ran it twice, thinking I might have done it wrong, but I didn't. I have an internet connection to the wireless router and network here, but something is stopping me from actually using the internet. I also removed the p2p software. I had uninstalled it when I got the computer but forgot to delete the folders for it.

**Geri** · 3 Weeks Ago

Hi
OK lets try this.

Open a command window and type the following commands, hitting enter after each.

ipconfig /release

ipconfig /flushdns

ipconfig /renew

See if the connection is restored.

Geri