1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Internet not connecting

Discussion in 'Malware and Virus Removal Archive' started by Nikos88, 2009/12/31.

  1. 2009/12/31
    Nikos88

    Nikos88 Guest Thread Starter

    Joined:
    2008/07/01
    Messages:
    55
    Likes Received:
    0
    [Resolved] Internet not connecting

    Hi,

    I had an issue before that kind of resolved itself but not fully. My logs were analyzed by BBS with no apparent Malware issues. However, now I can not access the internet via my wired connections. I have a 3 pc network set up at home with 2 PC's able to access the internet without a problem. However, one of my PC's can not access at all. I have done all checks with my internet provider and with my wired connections and all is well. I am not sure what to do. I decided on posting a new thread in hopes that someone can assist me. here is my first logs.


    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Nikos at 11:59:57.98 on Thu 12/31/2009
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1536.725 [GMT -5:00]

    AV: Bell Internet Security Services Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
    FW: Bell Internet Security Services Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Bell\Bell Internet Security Services\Fws.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Personal Vault\VaultClientSRV.exe
    C:\Program Files\Personal Vault\VaultClientUpgrade.exe
    C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Bin\SanaAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bell\Bell Internet Security Services\rps.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\UMStor\Res.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Bell\Internet Service Advisor\SSAComHandler.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Bin\SanaMonitor.exe
    C:\Program Files\MagicTune Premium\MagicTune.exe
    C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
    C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
    C:\Program Files\Bell\Internet Service Advisor\SSA.exe
    C:\Program Files\Registry Mechanic\RegMech.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    G:\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.msn.ca/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
    BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\bell\bell internet security services\pkR.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRunOnce: [IndexCleaner] "c:\program files\bell\bell internet security services\IdxClnR.exe "
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe "
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [USB Storage Toolbox] c:\windows\umstor\Res.EXE
    mRun: [SSA.exe] "c:\program files\bell\internet service advisor\SSA.exe" /AUTORUN
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe "
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
    mRunOnce: [IndexCleaner] "c:\program files\bell\bell internet security services\IdxClnR.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\natura~1.lnk - c:\program files\sec\natural color\NaturalColorLoad.exe
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\nikos\applic~1\mozilla\firefox\profiles\joydbze9.default\
    FF - prefs.js: browser.startup.homepage - msn.ca
    FF - component: c:\documents and settings\nikos\application data\mozilla\firefox\profiles\joydbze9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: c:\program files\bell\internet service advisor\nprpspa.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npvirtools.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-8-8 179984]
    R2 RadialpointSafeConnectAgent;Bell Internet Security Services SafeConnectAgent;c:\program files\bell\bell internet security services\safeconnect\bin\SanaAgent.exe [2008-11-14 4937752]
    R2 VaultClientSRV;Personal Vault Backup Service;c:\program files\personal vault\VaultClientSRV.exe [2008-3-7 1047632]
    R2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\personal vault\VaultClientUpgrade.exe [2008-3-7 56400]
    R3 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-22 693512]
    R3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-22 910600]
    R3 Radialpoint Security Services;Bell Internet Security Services;c:\program files\bell\bell internet security services\RpsSecurityAwareR.exe [2009-7-7 170736]
    R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\bell\bell internet security services\safeconnect\driver\platform_xp\SafeConnectDriver.sys [2008-11-14 161304]
    R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\bell\bell internet security services\safeconnect\driver\platform_xp\SafeConnectFilter.sys [2008-11-14 29720]
    R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\bell\bell internet security services\safeconnect\driver\platform_xp\SafeConnectShim.sys [2008-11-14 27376]
    RUnknown SASDIFSV;SASDIFSV; [x]
    RUnknown SASKUTIL;SASKUTIL; [x]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S3 gwiopm;gwiopm;\??\c:\program files\my drivers\gwiopm.sys --> c:\program files\my drivers\gwiopm.sys [?]
    S3 WFIOCTL;WFIOCTL;c:\program files\winfast\wftvfm\WFIOCTL.sys [2004-10-24 9510]
    UnknownUnknown SASENUM;SASENUM; [x]

    =============== Created Last 30 ================

    2009-12-16 04:01:11 0 d-----w- c:\program files\TrendMicro
    2009-12-13 08:35:12 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2009-12-13 08:34:58 0 d-----w- c:\program files\SUPERAntiSpyware
    2009-12-13 08:34:58 0 d-----w- c:\docume~1\nikos\applic~1\SUPERAntiSpyware.com
    2009-12-12 18:21:54 0 d-----w- c:\documents and settings\nikos\Tracing
    2009-12-11 04:59:36 0 d--h--w- c:\windows\system32\GroupPolicy
    2009-12-03 03:50:51 0 d-----w- c:\program files\Yahoo!

    ==================== Find3M ====================

    2009-12-31 10:06:21 3053856 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2009-12-31 10:06:21 290252 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2009-12-31 10:06:20 707624 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-12-31 10:06:20 52333600 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-08 14:52:10 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-19 00:14:45 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-13 23:45:09 69456 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

    2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
    2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
    2009-06-11 22:59:27 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

    ============= FINISH: 12:01:15.32 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/7/2005 11:24:05 AM
    System Uptime: 12/31/2009 5:06:36 AM (7 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P4S800
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | PGA 478 | 2400/200mhz
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | PGA 478 | 2400/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 39 GiB total, 13.47 GiB free.
    D: is FIXED (NTFS) - 17 GiB total, 5.083 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is FIXED (NTFS) - 149 GiB total, 47.013 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: SiS 900-Based PCI Fast Ethernet Adapter
    Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_80FF1043&REV_91\3&61AAA01&0&20
    Manufacturer: SiS
    Name: SiS 900-Based PCI Fast Ethernet Adapter
    PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_80FF1043&REV_91\3&61AAA01&0&20
    Service: SISNIC

    ==== System Restore Points ===================

    RP457: 11/18/2009 8:42:51 PM - System Checkpoint
    RP458: 11/19/2009 8:45:55 PM - System Checkpoint
    RP459: 11/20/2009 10:02:56 PM - System Checkpoint
    RP460: 11/21/2009 10:05:08 PM - System Checkpoint
    RP461: 11/22/2009 10:33:18 PM - System Checkpoint
    RP462: 11/23/2009 10:54:13 PM - System Checkpoint
    RP463: 11/24/2009 11:19:41 PM - Software Distribution Service 3.0
    RP464: 11/26/2009 6:27:56 PM - System Checkpoint
    RP465: 11/27/2009 7:39:23 PM - System Checkpoint
    RP466: 11/28/2009 8:12:54 PM - System Checkpoint
    RP467: 11/29/2009 8:30:59 PM - System Checkpoint
    RP468: 11/30/2009 9:05:46 PM - System Checkpoint
    RP469: 12/1/2009 9:19:13 PM - System Checkpoint
    RP470: 12/3/2009 12:22:47 AM - Removed Logitech QuickCam
    RP471: 12/3/2009 12:26:15 AM - Logitech Legacy USB Camera
    RP472: 12/4/2009 10:04:18 PM - System Checkpoint
    RP473: 12/6/2009 4:09:21 AM - System Checkpoint
    RP474: 12/7/2009 9:15:54 PM - System Checkpoint
    RP475: 12/8/2009 10:32:37 PM - System Checkpoint
    RP476: 12/9/2009 10:47:44 PM - System Checkpoint
    RP477: 12/10/2009 3:00:38 AM - Software Distribution Service 3.0
    RP478: 12/11/2009 9:13:44 AM - System Checkpoint
    RP479: 12/12/2009 10:39:21 AM - Logitech QuickCam v11.80.1048
    RP480: 12/13/2009 3:34:57 AM - Installed SUPERAntiSpyware Free Edition
    RP481: 12/14/2009 3:46:42 AM - System Checkpoint
    RP482: 12/15/2009 4:16:51 AM - System Checkpoint
    RP483: 12/15/2009 11:01:09 PM - Installed HiJackThis
    RP484: 12/16/2009 11:52:21 PM - System Checkpoint
    RP485: 12/17/2009 11:54:34 PM - System Checkpoint
    RP486: 12/19/2009 12:26:23 PM - System Checkpoint
    RP487: 12/20/2009 1:43:34 PM - System Checkpoint
    RP488: 12/21/2009 7:09:22 PM - System Checkpoint
    RP489: 12/22/2009 11:47:15 PM - System Checkpoint
    RP490: 12/24/2009 12:47:19 AM - System Checkpoint
    RP491: 12/25/2009 1:13:49 AM - System Checkpoint
    RP492: 12/26/2009 12:26:10 PM - System Checkpoint
    RP493: 12/27/2009 6:49:56 PM - System Checkpoint
    RP494: 12/28/2009 8:08:49 PM - System Checkpoint
    RP495: 12/29/2009 8:38:29 PM - System Checkpoint
    RP496: 12/31/2009 12:59:09 AM - System Checkpoint
    RP497: 12/31/2009 11:35:41 AM - Removed Disney Mix Central.
    RP498: 12/31/2009 11:38:10 AM - Removed HiJackThis
    RP499: 12/31/2009 11:50:41 AM - Configured Seagate Manager Installer
    RP500: 12/31/2009 11:56:06 AM - Removed Windows Live Upload Tool
    RP501: 12/31/2009 11:58:27 AM - Removed SUPERAntiSpyware Free Edition

    ==== Installed Programs ======================

    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 2.0
    Adobe Photoshop Album 2.0
    Adobe Photoshop CS2
    Adobe Photoshop Elements 4.0
    Adobe Premiere Pro 2.0
    Adobe Reader 8.1.5
    Adobe Stock Photos 1.0
    Apple Mobile Device Support
    Apple Software Update
    AviSynth 2.5
    AVS Update Manager 1.0 (Update Version)
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.3
    Bell Internet Security Services
    Bell Internet Service Advisor 2.1.7
    Bonjour
    Canon iP4300
    Canon Setup Utility 2.3
    Canon Utilities Easy-PhotoPrint
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Easy-PrintToolBox
    CD-LabelPrint
    ConvertXtoDVD 3.8.0.193c
    Critical Update for Windows Media Player 11 (KB959772)
    DVD-lab PRO 2.51
    DVD Decrypter (Remove Only)
    DVD Flick 1.3.0.7
    DVD Shrink 3.2
    DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0
    Easy-WebPrint
    FileAlyzer
    FLV Player 2.0, build 24
    FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0607
    Free YouTube to Mp3 Converter version 3.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB918997)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    ImgBurn
    InterActual Player
    Internet Check-Up
    InterVideo AVControlSDK
    InterVideo DeviceService
    IrfanView (remove only)
    iTunes
    Java(TM) 6 Update 16
    KB408682
    LightScribe 1.4.124.1
    LimeWire PRO 5.3.6
    Magic ISO Maker v5.4 (build 0251)
    MagicTune Premium
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft OpenType Font File Properties Extension
    Microsoft Search Enhancement Pack
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft XML Parser
    Mozilla Firefox (3.5.5)
    Mozilla Thunderbird (2.0.0.23)
    MP3 Player
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB973686)
    Natural Color
    Nero 7 Premium
    neroxml
    NVIDIA Drivers
    PerfectDisk 2008
    Personal Vault Manager
    QuickTime
    RegAlyzer
    Registry Mechanic 8.0
    RPS Burn
    RPS CRT
    RPS Diagnostic Utility
    RPS Firewall
    RPS Ksdk
    RPS ParentalControl
    RPS PerfectDiskStub
    RPS PopupBlocker
    RPS RpsCore
    RPS SafeConnect
    RunAlyzer
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Segoe UI
    Spelling Dictionaries Support For Adobe Reader 8
    Spybot - Search & Destroy
    Total Video Converter 3.12 080330
    UnderCoverXP 1.22
    Unlocker 1.8.7
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb976884)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoLAN VLC media player 0.8.6i
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Vuze
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinFast Codec-TS SDK
    WinFast De-interlace SDK
    WinFast Multimedia Driver Installation
    WinFast PVR
    WinFast PVR2
    WinFast TT-SB SDK
    WinFast TV USB II(Driver)
    WinRAR archiver
    XviD 1.1 final uninstall

    ==== Event Viewer Messages From Past Week ========

    12/31/2009 1:39:21 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000C6E8BF86F. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    12/30/2009 2:22:07 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    12/26/2009 11:06:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd StarOpen
    12/25/2009 10:25:23 AM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
    12/25/2009 10:25:23 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
    12/25/2009 10:25:23 AM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    ==== End Of File ===========================
     
    Nikos88,
    #1
  2. 2009/12/31
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them,

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2010/01/01
    Nikos88

    Nikos88 Guest Thread Starter

    Joined:
    2008/07/01
    Messages:
    55
    Likes Received:
    0
    I am way ahead of you. I have not used these programs in a while. Just never got to uninstalling them. I have done this now.
     
    Nikos88,
    #3
  5. 2010/01/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Is this same machine as here?

    You said, you have no wired connection. Does it mean, you can connect wirelessly?
    Is it desktop, or laptop?
    What exactly do you mean by "no connection "? Your browser doesn't display any pages, or...? Did you run "ping" command "?


    I can see some Kaspersky leftovers. Download and run Kaspersky Anti-virus Removal Tool: http://support.kaspersky.com/downloads/products2009/kavremover9.zip
     
    broni,
    #4
  6. 2010/01/02
    Nikos88

    Nikos88 Guest Thread Starter

    Joined:
    2008/07/01
    Messages:
    55
    Likes Received:
    0
    Hi,

    I actually have a home network of 3 wired connection PC's and 1 wireless laptop . I can connect via 2 PC's and the laptop. However, the main PC that is giving me trouble is the one with the no connectivity/limited connection, or no connection or fully connected but then just does not open a page.

    I removed all useless programs from my PC. I am not sure what else to do. I will download the Kaspersky and see what happens.
     
    Nikos88,
    #5
  7. 2010/01/02
    Nikos88

    Nikos88 Guest Thread Starter

    Joined:
    2008/07/01
    Messages:
    55
    Likes Received:
    0
    Ok the Kaspersky showed not signs of threat. I am writing you from my laptop now as I can not access internet from problem PC.

    On the problem PC, I can now see my Local Area Connection now showing Connected and Firewalled. When I open IE, it does not open up a webpage. I even tried to accessing my modem but that does not even work. When i tried accessing the modem from my laptop, I got in no problem.

    It just looks hopeless. Everything looks ok but the webpages just do no load.
     
    Nikos88,
    #6
  8. 2010/01/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm not sure, what you downloaded. My link was for Kaspersky removal tool, since you have some Kaspersky's leftovers.

    1. Click Start>Run (Start> "Start search" in Vista).

    2. Type in (or copy and paste):

    cmd /c ping google.com>%temp%\$.$&notepad %temp%\$.$

    and press Enter.

    3. Notepad will open.

    4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.
     
    broni,
    #7
  9. 2010/01/03
    Nikos88

    Nikos88 Guest Thread Starter

    Joined:
    2008/07/01
    Messages:
    55
    Likes Received:
    0
    Ok. I tried to ping afew times. Although I am getting aresponse from my Bell sympatico 2wire modem/router, I am not able to ping a web page. Here is the result:

    Ping request could not find host google.com. Please check the name and try again.
     
    Nikos88,
    #8
  10. 2010/01/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.


    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Please, never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE. If Combofix asks you to install Recovery Console, please allow it.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
    broni,
    #9
  11. 2010/01/03
    Nikos88

    Nikos88 Guest Thread Starter

    Joined:
    2008/07/01
    Messages:
    55
    Likes Received:
    0
    Ok i did what you said. Just to let you know that I am not able to connect to the internet with the problem PC. I am doing everyting via my laptop, ie copying files on USB and loading them onto the problem PC. I am wondering now if the network card could be an issue. I am all out of ideas. It was working one minute and then not the other. I still show connected via the Local Area Connection but packets received are very low.

    Here are the scans:


    ComboFix 10-01-03.03 - Nicholas 03/01/2010 23:38:43.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1536.1245 [GMT -5:00]
    Running from: c:\documents and settings\Nicholas\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Nicholas\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Nikos\Application Data\inst.exe
    c:\recycler\S-1-5-21-73586283-1500820517-1801674531-1003
    c:\recycler\S-1-5-21-73586283-1500820517-1801674531-1004
    c:\recycler\S-1-5-21-73586283-1500820517-1801674531-500

    .
    ((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
    .

    2010-01-04 04:10 . 2010-01-04 04:10 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\Help
    2010-01-04 02:29 . 2010-01-04 02:29 -------- d-----w- c:\windows\SiS
    2010-01-04 02:29 . 2010-01-04 02:29 -------- d-----w- c:\windows\LastGood
    2010-01-04 02:29 . 2006-02-14 21:02 32768 ----a-w- c:\windows\system32\drivers\sisnicxp.sys
    2010-01-02 06:54 . 2004-08-04 04:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2010-01-01 20:57 . 2004-08-04 03:32 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
    2010-01-01 20:56 . 2004-08-04 03:31 155705 -c--a-w- c:\windows\system32\dllcache\imjpdsvr.exe
    2010-01-01 20:55 . 2001-08-23 12:00 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
    2010-01-01 20:53 . 2010-01-01 20:53 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\DRM
    2010-01-01 20:51 . 2004-08-04 05:56 725566 -c--a-w- c:\windows\system32\dllcache\srchui.dll
    2010-01-01 20:50 . 2010-01-01 20:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-01-01 20:49 . 2001-08-23 12:00 80384 -c--a-w- c:\windows\system32\dllcache\charmap.exe
    2010-01-01 15:35 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
    2010-01-01 15:34 . 2004-08-03 22:59 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
    2010-01-01 15:34 . 2004-08-03 22:29 1897408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-01-01 15:34 . 2004-08-04 00:56 4274816 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-01-01 15:34 . 2004-08-03 23:08 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
    2010-01-01 15:33 . 2004-08-03 23:07 44672 ----a-w- c:\windows\system32\drivers\UAGP35.SYS
    2010-01-01 15:33 . 2004-08-03 22:31 32768 ----a-w- c:\windows\system32\drivers\sisnic.sys
    2010-01-01 15:33 . 2004-08-04 00:56 74240 ----a-w- c:\windows\system32\usbui.dll
    2010-01-01 15:33 . 2004-08-04 00:56 32285 ----a-w- c:\windows\system32\HSFCISP2.dll
    2010-01-01 15:33 . 2004-08-03 22:41 11868 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
    2010-01-01 15:33 . 2004-08-03 22:41 685056 ----a-w- c:\windows\system32\drivers\HSFCXTS2.sys
    2010-01-01 15:33 . 2004-08-04 00:56 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
    2010-01-01 15:33 . 2004-08-03 22:41 1041536 ----a-w- c:\windows\system32\drivers\HSFDPSP2.sys
    2010-01-01 15:33 . 2004-08-03 22:41 220032 ----a-w- c:\windows\system32\drivers\HSFBS2S2.sys
    2010-01-01 15:33 . 2001-08-17 13:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
    2010-01-01 15:27 . 2010-01-04 04:01 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
    2010-01-01 15:27 . 2010-01-01 20:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS
    2009-12-31 17:29 . 2009-12-31 17:29 52224 ----a-w- c:\documents and settings\Nikos\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2009-12-31 17:20 . 2009-12-31 17:29 117760 ----a-w- c:\documents and settings\Nikos\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-31 06:35 . 2009-12-31 06:35 -------- d-----w- c:\documents and settings\Nikos\Application Data\Motive
    2009-12-22 21:40 . 2009-12-16 19:42 43008 ----a-w- c:\documents and settings\Nikos\Application Data\Mozilla\Firefox\Profiles\joydbze9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-12-22 21:40 . 2009-12-16 19:42 340480 ----a-w- c:\documents and settings\Nikos\Application Data\Mozilla\Firefox\Profiles\joydbze9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-12-22 21:40 . 2009-12-16 19:42 872960 ----a-w- c:\documents and settings\Nikos\Application Data\Mozilla\Firefox\Profiles\joydbze9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2009-12-22 21:40 . 2009-12-16 19:41 346624 ----a-w- c:\documents and settings\Nikos\Application Data\Mozilla\Firefox\Profiles\joydbze9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-12-16 04:01 . 2009-12-16 04:01 -------- d-----w- c:\program files\TrendMicro
    2009-12-13 08:34 . 2009-12-31 17:20 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-13 08:34 . 2009-12-31 17:20 -------- d-----w- c:\documents and settings\Nikos\Application Data\SUPERAntiSpyware.com
    2009-12-13 04:43 . 2009-12-13 04:43 -------- d-sh--w- c:\documents and settings\Administrator.NIKOS\PrivacIE
    2009-12-12 18:21 . 2009-12-28 05:06 -------- d-----w- c:\documents and settings\Nikos\Tracing
    2009-12-11 04:59 . 2010-01-01 15:20 -------- d--h--w- c:\windows\system32\GroupPolicy
    2009-12-10 08:06 . 2009-12-10 08:06 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-01 21:16 . 2010-01-01 20:54 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
    2010-01-01 06:33 . 2005-01-19 04:16 -------- d-----w- c:\program files\LimeWire
    2009-12-31 17:19 . 2009-10-05 01:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-31 16:54 . 2009-04-13 05:44 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
    2009-12-31 16:52 . 2003-10-02 15:45 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-29 18:15 . 2008-05-27 00:58 -------- d-----w- c:\documents and settings\Nikos\Application Data\LimeWire
    2009-12-29 01:44 . 2005-02-19 21:12 -------- d-----w- c:\program files\Mozilla Thunderbird
    2009-12-28 03:25 . 2006-11-15 01:23 -------- d-----w- c:\program files\exPressit S.E. 2.2
    2009-12-28 01:32 . 2008-05-26 04:23 -------- d-----w- c:\documents and settings\Nikos\Application Data\Vso
    2009-12-26 03:29 . 2008-05-26 04:26 -------- d-----w- c:\documents and settings\Nikos\Application Data\DVD Flick
    2009-12-20 14:00 . 2008-05-26 05:00 -------- d-----w- c:\documents and settings\Nikos\Application Data\Azureus
    2009-12-12 15:40 . 2009-08-17 03:50 -------- d-----w- c:\program files\Common Files\LogiShrd
    2009-12-07 02:28 . 2004-01-05 01:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-06 21:53 . 2008-07-02 04:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-03 05:23 . 2009-11-06 04:59 -------- d-----w- c:\program files\Logitech
    2009-11-25 22:48 . 2009-11-25 22:48 152576 ----a-w- c:\documents and settings\Nikos\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-25 22:48 . 2009-11-25 22:48 79488 ----a-w- c:\documents and settings\Nikos\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-11-23 05:07 . 2008-06-29 19:05 -------- d-----w- c:\program files\Unlocker
    2009-11-08 04:26 . 2008-06-26 00:34 -------- d-----w- c:\program files\Windows Live
    2009-11-06 05:56 . 2009-11-06 05:56 -------- d-----w- c:\documents and settings\Nikos\Application Data\Leadertech
    2009-11-06 05:52 . 2006-02-18 07:36 -------- d-----w- c:\program files\Common Files\Logitech
    2009-10-19 00:14 . 2009-09-20 16:37 152576 ----a-w- c:\documents and settings\Nikos\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-03 23:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-01-03 23:44:00
    ComboFix-quarantined-files.txt 2010-01-04 04:43

    Pre-Run: 24,050,708,480 bytes free
    Post-Run: 24,032,051,200 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect /noexecute=optin

    - - End Of File - - F447506A296EDA5EF44433E6D6C50370


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:47:17 PM, on 03/01/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    --
    End of file - 1398 bytes
     
    Nikos88,
    #10
  12. 2010/01/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I was thinking about same thing as a next step, but let's finish cleaning process, so we know there is no security issue here.

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Restart computer.

    ==============================================================

    Re-run HJT and checkmark:
    - O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    - O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    Click "Fix checked" button.

    Restart computer.

    Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    When done...

    Turn off computer. Disconnect router, and modem from power source for 30 seconds.
    Power them back on.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew

    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.


    If that doesn't work...
    Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista)
    Restart computer, and check again.

    If that doesn't work...
    Download Dial-A-Fix (DAF) (doesn't work in Vista):
    http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

    Have XP CD available in case DAF needs a file. Likely not!

    Check all boxes on the screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here, one at a time, do the below:

    Reinstall BITS
    Reinstall Windows Firewall
    Repair Permissions
    Reset networking

    Watch for any File not found or other errors and make note as this may lead to the fix!

    Restart computer.

    IMPORTANT! When checking, if connection is back, don't use any browser to check. use "ping ".

    If the above doesn't help, I think, you're ready for shelling out 15 bucks for a new network card.
     
    broni,
    #11
  13. 2010/01/03
    Nikos88

    Nikos88 Guest Thread Starter

    Joined:
    2008/07/01
    Messages:
    55
    Likes Received:
    0
    Thanks Broni for all your help. I will try all that you have written. the only thing is that I can not try

    "If that doesn't work, bypass router, and connect computer straight to the modem "

    because my modem and router are one in the same. I have a bell sympatico 2Wire 2701. I mention it just in case anyone else you help has this kind of router/modem.

    I will report back what happens so that my thread can help out others who may have similar issues.. If it works, then I am saved and I owe you a big thanks. If not, I go buy myself a new card.

    Thanks again and happy new year.

    Nick
     
    Nikos88,
    #12
  14. 2010/01/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Happy New Year to you too :)
    Keep me posted :)
     
    broni,
    #13
  15. 2010/01/04
    Nikos88

    Nikos88 Guest Thread Starter

    Joined:
    2008/07/01
    Messages:
    55
    Likes Received:
    0
    Ok Broni

    Could not sleep until I got this figured out. So I guess our hunch was right. I need a new network card. I tried all you mentioned in your last post and nothing worked.

    Thanks again for the effort. It is alwasy good to make sure it is not a security issue before replacing hardware.

    One last thing. Any suggestions on a new card? I currently have an Asus P4s800 mother board with an SiS 900 10/100 Ethernet card. At $15, not a big deal but better to avoid the **** cards if I can.

    Nick
     
    Nikos88,
    #14
  16. 2010/01/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Nah...at $15, I don't even look for any particular brand.
     
    broni,
    #15
  17. 2010/01/04
    Nikos88

    Nikos88 Guest Thread Starter

    Joined:
    2008/07/01
    Messages:
    55
    Likes Received:
    0
    Hi Broni,

    Just an update. Bought a card today, slapped it in and all is well. Thanks again for everything!

    Nick
     
    Nikos88,
    #16
  18. 2010/01/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Haha....nice going :)
     
    broni,
    #17

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...