DaniWeb IT Discussion Community
1 2 Last »
Show 40 post(s) from this thread on one page

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   www.007guard.com ???? slow internet :( (http://www.daniweb.com/forums/thread157176.html)

g3nX Nov 13th, 2008 5:06 pm
www.007guard.com ???? slow internet :(
 
Hi, this morning I noticed that my internet was barely working. Internet pages would load forever and mIRC kept disconnecting. Tried restarting my modem and the router, but that didn't make any difference. Then I called the ISP technical support service, the guy ran a packet test and he said that 62% of the packets get lost. So he couldn't help me much and scheduled a technician to come to my house.... I don't think he will help much either, because after talking with support service I checked 'netstat' in cmd and discovered something very weird. Bunch of connections from www.007guard.com , here's a shot of it:
http://img529.imageshack.us/img529/2194/55022814bq6.jpg
I scanned my computer with Spybot - Search & Destroy, Malwarebytes' Anti-Malware and it didn't find anything wrong. But after half a day later my internet started working again, but I still have bunch of www.007guard.com connections... Here is the hijackthis log:
Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:29 PM, on 11/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\TDK Systems\Bluetooth Software\BTTray.exe
C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\TVersity\Media Server\web\admin\TVersity.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobio...ne/install.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5035/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7168 bytes

g3nX Nov 16th, 2008 6:55 pm
Re: www.007guard.com ???? slow internet :(
 
Please, can anyone help me???

jholland1964 Nov 16th, 2008 6:59 pm
Re: www.007guard.com ???? slow internet :(
 
Sorry we seemed to have overlooked you. Did you add those trusted sites?
One thing to do is turn off that Spybot TeaTimer as it will interfere when you try to do fixes.
Open the program, choose Advanced Mode, Tools, Resident and take the check mark out of TeaTimer.
Also please update Malwarebytes, your anti-virus program and also your Spybot too.
Then reboot to Safe Mode. First run Spybot and fix all found, then run your anti-virus and do the same. Then run Malwarebytes' and do the same and save the log.
Reboot to normal mode and run a new HJT scan. Post back here with the MBA-M log and the new HJT log. If your anti-virus or Spybot found anything please get the names and locations for those too.
Sorry again about the delay.
Judy

jholland1964 Nov 16th, 2008 7:35 pm
Re: www.007guard.com ???? slow internet :(
 
Your www.007GUARD.COM is registered as The Planet Internet Services, Inc.
Ottawa, ON K1M 2H9 CA.
Is this familiar to you?

The three listed in your trusted sites are registered to;
Micro-Star Int'l Co., Ltd.
Jung-He City,Taipei Hsien,Taiwan,R.O.C.

g3nX Nov 16th, 2008 11:02 pm
Re: www.007guard.com ???? slow internet :(
 
jholland1964, I appreciate for noticing my thread :) So I did what you told me to, here are the logs:
Quote:
mbam-log-2008-11-16
Malwarebytes' Anti-Malware 1.30
Database version: 1402
Windows 5.1.2600 Service Pack 3

11/16/2008 9:51:30 PM
mbam-log-2008-11-16 (21-51-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 167288
Time elapsed: 26 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Quote:
hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:53 PM, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TDK Systems\Bluetooth Software\BTTray.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobio...ne/install.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5035/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6811 bytes

Quote:
ComboFix log
ComboFix 08-11-12.01 - ¤0wner 2008-11-16 21:52:26.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.727 [GMT -5:00]
Running from: c:\documents and settings\¤0wner\Desktop\Cleaners\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-12 22:49 . 2008-04-14 05:42 16,384 --a------ c:\windows\system32\ipsink.ax
2008-11-12 22:49 . 2008-04-14 05:42 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2008-11-12 22:49 . 2008-04-14 00:16 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys
2008-11-12 22:49 . 2008-04-14 00:16 15,232 --a--c--- c:\windows\system32\dllcache\streamip.sys
2008-11-12 22:49 . 2008-04-14 00:16 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2008-11-12 22:49 . 2008-04-14 00:16 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2008-11-12 22:49 . 2008-04-14 00:16 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-11-12 22:49 . 2008-04-14 00:16 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2008-11-12 22:46 . 2008-11-12 22:46 <DIR> d-------- c:\program files\TDK Systems
2008-11-06 02:07 . 2008-11-16 21:51 <DIR> dr-h----- c:\documents and settings\¤0wner\Recent
2008-11-06 02:07 . 2008-11-16 21:51 <DIR> dr-h----- c:\documents and settings\¤0wner\Recent
2008-11-05 13:18 . 2008-11-16 21:52 9,699,328 --a------ c:\documents and settings\¤0wner\ntuser.dat
2008-11-05 13:18 . 2008-11-16 21:52 9,699,328 --a------ c:\documents and settings\¤0wner\ntuser.dat
2008-11-03 20:36 . 2008-11-03 20:36 36,363 --a------ c:\windows\CSTBox.INI
2008-10-26 12:36 . 2008-10-26 12:36 <DIR> d-------- c:\program files\TightVNC
2008-10-23 19:23 . 2008-11-13 17:24 <DIR> d-------- c:\program files\FlashGet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 02:10 266,240 ----a-w c:\documents and settings\NetworkService\NTUSER.DAT
2008-11-17 02:09 --------- d-----w c:\documents and settings\¤0wner\Application Data\uTorrent
2008-11-17 02:09 --------- d-----w c:\documents and settings\¤0wner\Application Data\Skype
2008-11-17 02:05 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-15 00:17 --------- d-----w c:\documents and settings\¤0wner\Application Data\Canon
2008-11-14 06:33 --------- d-----w c:\program files\mIRC
2008-11-12 16:22 --------- d-----w c:\documents and settings\¤0wner\Application Data\OpenOffice.org2
2008-11-11 10:50 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-06 07:07 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-06 07:05 98,304 ----a-w c:\windows\DUMP5052.tmp
2008-11-06 06:54 98,304 ----a-w c:\windows\DUMP5042.tmp
2008-11-06 06:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-06 03:45 --------- d-----w c:\program files\Spyware Doctor
2008-11-04 15:13 --------- d-----w c:\program files\Opera
2008-10-30 00:37 --------- d-----w c:\program files\Steam
2008-10-22 21:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 21:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-14 02:21 --------- d-----w c:\program files\Tracker Checker 2
2008-10-10 18:10 --------- d-----w c:\program files\SRS Labs
2008-10-10 18:10 --------- d-----w c:\documents and settings\All Users\Application Data\SRS Labs
2008-10-08 19:17 --------- d-----w c:\documents and settings\¤0wner\Application Data\uniblue
2008-10-08 19:14 --------- dc-h--w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-10-08 19:14 --------- d-----w c:\program files\Uniblue
2008-10-08 18:51 --------- d-----w c:\program files\MSI
2008-10-07 15:51 361,344 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2008-10-07 15:51 361,344 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2008-10-04 13:24 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2008-10-03 22:49 51,520 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2008-10-03 22:49 38,208 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2008-10-03 22:49 33,088 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2008-10-03 22:49 12,608 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2008-09-28 06:42 --------- d-----w c:\program files\ApexDC++
2008-09-27 02:11 --------- d-----w c:\program files\TVersity Codec Pack
2008-09-27 02:11 --------- d-----w c:\program files\ffdshow
2008-09-23 22:37 --------- d-----w c:\program files\Total Video Converter
2008-09-23 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\Soulseek
2008-09-22 20:19 --------- d-----w c:\program files\SoulseekNS
2008-09-18 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-18 22:49 --------- d-----r c:\program files\Skype
2008-09-18 16:49 --------- d-----w c:\program files\RealVNC
2008-09-17 04:55 --------- d-----w c:\documents and settings\¤0wner\Application Data\skypePM
2008-09-17 00:17 --------- d-----w c:\program files\Common Files\PC Tools
2008-09-17 00:16 81,288 ----a-w c:\windows\system32\drivers\iksyssec.sys
2008-09-17 00:16 66,952 ----a-w c:\windows\system32\drivers\iksysflt.sys
2008-09-17 00:16 40,840 ----a-w c:\windows\system32\drivers\ikfilesec.sys
2008-09-17 00:16 160,792 ----a-w c:\windows\system32\drivers\pctfw2.sys
2008-09-17 00:13 --------- d-----w c:\documents and settings\¤0wner\Application Data\PC Tools
2008-09-02 15:18 356,352 ----a-w c:\windows\eSellerateEngine.dll
2008-06-15 20:55 56 --sha-w c:\documents and settings\All Users\Application Data\dc64vg9.sys
2008-03-05 03:06 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2008-06-09 3215360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-10 83968]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-13 13500416]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-13 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"nwiz"="nwiz.exe" [2008-02-13 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"CTHelper"="CTHELPER.EXE" [2008-02-20 c:\windows\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 c:\windows\system32\Ctxfihlp.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\TDK Systems\Bluetooth Software\BTTray.exe [2003-11-17 503869]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
backup=c:\windows\pss\Nokia Nseries PC Suite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 16:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-09-16 19:16 1168264 c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 15:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 08:59 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher]
--a------ 2007-10-11 18:12 94208 c:\program files\SimpleCenter\bin\win\sclauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
--a------ 2008-06-09 14:43 3215360 c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
--a------ 2007-05-07 18:28 589824 c:\program files\TightVNC\WinVNC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Bonjour Service"=2 (0x2)
"WinVNC4"=2 (0x2)
"ServiceLayer"=3 (0x3)
"winvnc"=2 (0x2)
"ThreatFire"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\g3n3rationx\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Cerberus\\Cerberus.exe"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-10-03 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-10-03 38208]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2005-04-24 13225]
R3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [2004-07-30 56576]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
S1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-09-16 160792]
S2 CTAudSvcService;Creative Audio Service;c:\program files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 417792]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-04 3584]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2008-02-25 1172504]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-10-03 33088]
S4 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\¤0wner\Application Data\Mozilla\Firefox\Profiles\ebelque3.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 21:54:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-16 21:55:13
ComboFix-quarantined-files.txt 2008-11-17 02:55:10
ComboFix2.txt 2008-11-14 06:30:40
ComboFix3.txt 2008-11-14 06:22:48
ComboFix4.txt 2008-08-29 18:42:39

Pre-Run: 4,868,177,920 bytes free
Post-Run: 4,886,720,512 bytes free

208
And no, I'm not familiar with The Planet Internet Services :-/

jholland1964 Nov 16th, 2008 11:18 pm
Re: www.007guard.com ???? slow internet :(
 
You didn't answer my questions.
Quote:
Your www.007GUARD.COM is registered as The Planet Internet Services, Inc.
Ottawa, ON K1M 2H9 CA.
Is this familiar to you?
Quote:
Did you add those trusted sites?
The three listed in your trusted sites are registered to;
Micro-Star Int'l Co., Ltd.
Jung-He City,Taipei Hsien,Taiwan,R.O.C.
Where are you located?

g3nX Nov 16th, 2008 11:21 pm
Re: www.007guard.com ???? slow internet :(
 
If i added those trusted sites? No, I didn't add any trusted sites, not sure how to do that.

g3nX Nov 16th, 2008 11:25 pm
Re: www.007guard.com ???? slow internet :(
 
Micro-Star Int'l Co., Ltd. is MSI, gets me updates for my motherboard, etc... and I believe MSI is from Taiwan.
I am located in New York.

jholland1964 Nov 16th, 2008 11:41 pm
Re: www.007guard.com ???? slow internet :(
 
If you personally didn't add those trusted sites then they shouldn't be there. As long as you know where the updates come from then you can easily go back there without having these sites listed in the Trusted Zone. There is no reason for them to be there, especially since you did not personally put them there.
Run HJT again and place check marks next to those three entries once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot the computer and see how things are working.
One other suggestion, in your first post you said
Quote:
Tried restarting my modem and the router, but that didn't make any difference.
Can you connect directly to the internet without using the router? Try this and see if it makes a difference too.
Judy

g3nX Nov 17th, 2008 3:30 am
Re: www.007guard.com ???? slow internet :(
 
Ok, I removed those 3 links from trusted zone and restarted the computer. Also unplugged the router and ran straight wire to pc from modem. Nothing changed, still getting bunch of those 007guard.com links :(


All times are GMT -4. The time now is 12:52 am.
1 2 Last »
Show 40 post(s) from this thread on one page

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC