Reply
1 2 3

Join Date: Jun 2008
Posts: 1
Reputation: fish88 is an unknown quantity at this point 
Solved Threads: 0
fish88 fish88 is offline Offline
Newbie Poster

Re: Can't access internet

 
0
  #11
Jun 17th, 2008
have you made sure that your TCP/IP is all working? you should be using dynamic(automatic IP adressing) have you tried ipconfig in command prompt. it think what should happen is that when your connected to the internet and you try ipconfig you should get one automaitcally with a subnet mask and a gateway.
Reply With Quote Quick reply to this message  
Join Date: Jun 2008
Posts: 15
Reputation: scop3r is an unknown quantity at this point 
Solved Threads: 0
scop3r scop3r is offline Offline
Newbie Poster

Re: Can't access internet

 
0
  #12
Jun 17th, 2008
here is the log for the MalwareBytes

Malwarebytes' Anti-Malware 1.17
Database version: 863

11:11:35 AM 6/17/2008
mbam-log-6-17-2008 (11-11-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 172420
Time elapsed: 50 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3feca576-7ad2-4e11-a6ad-6b59d4fb5db9} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\f02WtR (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Temp\nswC2.tmp\System.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinTouch\wintouch.cfg (Adware.WinPop) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlkkj.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk.disabled (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\yazzlesnet.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,034
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 761
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Can't access internet

 
0
  #13
Jun 17th, 2008
Originally Posted by crunchie View Post

Post new HJT log.
.............
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Jun 2008
Posts: 15
Reputation: scop3r is an unknown quantity at this point 
Solved Threads: 0
scop3r scop3r is offline Offline
Newbie Poster

Re: Can't access internet

 
0
  #14
Jun 17th, 2008
sorry, didn't see that

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:56 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\pmnllli.dll,avgrsstx.dll,
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\appyh32.exe (file missing)

--
End of file - 5469 bytes
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,034
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 761
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Can't access internet

 
0
  #15
Jun 18th, 2008
Scan with HijackThis and then place a check next to all the following, if present:


O20 - AppInit_DLLs: c:\windows\system32\pmnllli.dll,avgrsstx.dll,

O23 - Service: Remote Procedure Call (RPC) Helper ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\appyh32.exe (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

c:\windows\system32\pmnllli.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

====

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All    ,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt back onto the forum with
    a new HijackThis log
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Jun 2008
Posts: 15
Reputation: scop3r is an unknown quantity at this point 
Solved Threads: 0
scop3r scop3r is offline Offline
Newbie Poster

Re: Can't access internet

 
0
  #16
Jun 18th, 2008
The SDFix report

SDFix: Version 1.194
Run by Owner on Wed 06/18/2008 at 10:23 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Owner\Desktop\SDFix\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\tmp109.tmp.dll - Deleted
C:\WINDOWS\system32\tmp11B.tmp.dll - Deleted
C:\WINDOWS\system32\tmp36.tmp.dll - Deleted
C:\WINDOWS\system32\tmpD1.tmp.dll - Deleted
C:\WINDOWS\system32\TFTP1024 - Deleted
C:\WINDOWS\system32\TFTP1792 - Deleted
C:\WINDOWS\system32\TFTP2244 - Deleted
C:\WINDOWS\system32\TFTP2304 - Deleted
C:\WINDOWS\system32\TFTP3020 - Deleted
C:\WINDOWS\system32\TFTP3096 - Deleted
C:\WINDOWS\system32\TFTP3148 - Deleted
C:\WINDOWS\system32\TFTP3160 - Deleted
C:\WINDOWS\system32\TFTP3688 - Deleted
C:\WINDOWS\system32\TFTP3728 - Deleted
C:\WINDOWS\system32\TFTP4060 - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 10:35:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Owner\My Documents\Converted Videos\iPod\H264\Family Guy : Stewie Griffin The Untold Story.mp4 429654982 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exeisabled:BackWeb-137903"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:Enabled:AOL Instant Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:Enabled:LimeWire"
"C:\\Documents and Settings\\Owner\\My Documents\\download\\sportmasta957\\New Folder\\cs2d\\CounterStrike2D.exe"="C:\\Documents and Settings\\Owner\\My Documents\\download\\sportmasta957\\New Folder\\cs2d\\CounterStrike2D.exe:Enabled:CounterStrike2D"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:Enabled:AIM"
"C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d\\CounterStrike2D.exe"="C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d\\CounterStrike2D.exe:Enabled:CounterStrike2D"
"C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d_0103\\CounterStrike2D.exe"="C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d_0103\\CounterStrike2D.exe:Enabled:CounterStrike2D"
"C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d_0104\\CounterStrike2D.exe"="C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d_0104\\CounterStrike2D.exe:Enabled:CounterStrike2D"
"C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d_0104\\CounterStrike 2D.exe"="C:\\Documents and Settings\\Owner\\My Documents\\download\\nicko9579\\cs2d_0104\\CounterStrike 2D.exe:Enabled:CounterStrike 2D"
"C:\\Program Files\\Steam\\SteamApps\\scop3r957\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\scop3r957\\counter-strike source\\hl2.exe:Enabled:hl2"
"C:\\Documents and Settings\\Owner\\Application Data\\tmp14.tmp.exe"="C:\\Documents and Settings\\Owner\\Applic"
"C:\\Documents and Settings\\Owner\\Application Data\\tmp1B.tmp.exe"="C:\\Documents and Settings\\Owner\\Applic"
"C:\\Documents and Settings\\Owner\\Application Data\\tmp18.tmp.exe"="C:\\Documents and Settings\\Owner\\Applic"
"C:\\WINDOWS\\system32\\eulrlkwy.exe"="C:\\WINDOWS\\system32\\eul"
"C:\\Documents and Settings\\Owner\\Application Data\\tmp29.tmp.exe"="C:\\Documents and Settings\\Owner\\Applic"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:Enabledteam"
"C:\\Documents and Settings\\Owner\\Application Data\\tmp25.tmp.exe"="C:\\Documents and Settings\\Owner\\Applic"
"C:\\Documents and Settings\\Owner\\Application Data\\tmp2E.tmp.exe"="C:\\Documents and Settings\\Owner\\Applic"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:Enabledfire"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:Enabled:mIRC"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exeisabled:AOL Loader"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exeisabled:BitTorrent"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exeisabled:BitTorrent DNA"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:Enabled:avgemc.exe"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:Enabled:uTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:enabledxpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\DOCUME~1\Owner\Desktop\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 3 Aug 2004 196 A.SHR --- "C:\BOOT.BAK"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 6 Nov 2007 6,473 A.SH. --- "C:\WINDOWS\system32\llnmp.bak1"
Tue 20 Nov 2007 438,368 A.SH. --- "C:\WINDOWS\system32\llnmp.bak2"
Wed 12 Sep 2007 6,448 A.SH. --- "C:\WINDOWS\system32\stutv.bak1"
Thu 20 Sep 2007 1,979,794 A.SH. --- "C:\WINDOWS\system32\stutv.bak2"
Thu 27 Jul 2006 209,639 A.SH. --- "C:\WINDOWS\system32\ututv.bak1"
Mon 7 Aug 2006 441,314 A.SH. --- "C:\WINDOWS\system32\ututv.bak2"
Mon 9 Aug 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 9 Aug 2004 782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
Wed 2 Jun 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak"

Finished!

---

The HJT report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:23 AM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\tmpD1.tmp.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{293BE57A-2433-4323-9468-2CC774303307}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\appyh32.exe (file missing)

--
End of file - 5426 bytes
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,034
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 761
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Can't access internet

 
0
  #17
Jun 18th, 2008
Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\tmpD1.tmp.dll (file missing)

O23 - Service: Remote Procedure Call (RPC) Helper ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\appyh32.exe (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===========

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktop
You'll see a black screen flash,thats normal.

@echo off
sc stop RPC
sc delete RPC
Restart your PC.

===========

Download and run Winsockfix from here http://www.softpedia.com/get/Tweak/N...nSockFix.shtml

===========

How is the pc now?
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Jun 2008
Posts: 15
Reputation: scop3r is an unknown quantity at this point 
Solved Threads: 0
scop3r scop3r is offline Offline
Newbie Poster

Re: Can't access internet

 
0
  #18
Jun 18th, 2008
The internet still wont work in the normal mode. When i first start-up the computer in the normal mode, I can access the internet for about 30 seconds. So I'll open it and it will show my homepage (google), then i will go to a random website (lets say yahoo), then after that, it just doesn't do anything if i try to do anything else. After about 5 minutes of not loading or doing anything, it just says Cannot Find Server.

I'm going to download that AVAST anti-virus even though I have AVG, because AVG can't update in safe mode w/ networking, or run for that matter.
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,034
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 761
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Can't access internet

 
0
  #19
Jun 19th, 2008
Download LSPfix from here
On the opening screen, click the "I know what I'm doing" checkbox and then click Finish.

==========

Open up a command prompt and type in ipconfig /flushdns and hit enter.

Reboot and check again.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Jun 2008
Posts: 15
Reputation: scop3r is an unknown quantity at this point 
Solved Threads: 0
scop3r scop3r is offline Offline
Newbie Poster

Re: Can't access internet

 
0
  #20
Jun 19th, 2008
that website doesn't work for me, it said HTTP not acceptable, i'll check downloads.com
Reply With Quote Quick reply to this message  
Reply
1 2 3

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm yahoo
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC