0

Hello,
I just joined daniweb today. Here goes my problem:
Whenever I start my pc, internet stops working same with the sound and strangely the taskbar turns grey(ike the one in windows 98). Everything works fine except for the sound and the internet. I tried using system restore but the option seems to be disabled....I use kaspersky 9 0 0 76 antivirus and it failed to detect anything wrong in my pc.I have also tried using antiviruses like quick heal,avast and mc afee. This is not the first time i faced this problem. Only solution i got was formatting the pc which seems to be tedious because the problem keeps on arising again after certain period of time like a few days or a week or so.

Here is the hijackThis log(it was unable to go through host files i think i tried running it as admin but it didnt seem to work):

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:33:19, on 08-06-2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Users\Laksh\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\Laksh\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-21-779827793-1404026540-3257383081-1000\..\Run: [googletalk] C:\Users\Laksh\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart (User '?')
O4 - HKUS\S-1-5-21-779827793-1404026540-3257383081-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-779827793-1404026540-3257383081-1000\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (User '?')
O4 - HKUS\S-1-5-21-779827793-1404026540-3257383081-1000\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User '?')
O4 - S-1-5-21-779827793-1404026540-3257383081-1000 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User '?')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A12ABB8-389F-4D68-9917-F7D26BDEE99E}: NameServer = 202.54.15.30 202.54.29.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A12ABB8-389F-4D68-9917-F7D26BDEE99E}: NameServer = 202.54.15.30 202.54.29.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A12ABB8-389F-4D68-9917-F7D26BDEE99E}: NameServer = 202.54.15.30 202.54.29.5
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

--
End of file - 6612 bytes

Also i've attached a screenshot of my desktop showing the grey taskbar...
Btw im using Windows 7 x86(32 bit)
Hope this helps.
PLEASE HELP ASAP :/

Attachments screenshot_gif.gif 400.74 KB
2
Contributors
3
Replies
4
Views
7 Years
Discussion Span
Last Post by jholland1964
0

How do you know it didn't go through Host Files?
You need to do the steps found in our Read Me Sticky http://www.daniweb.com/forums/thread134865.html
and post back with the requested logs. I insist that you especially read this and follow those instructions, otherwise no help will be offered:
Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:

P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.

0

If you don't stop the Limewire and other P2P programs, then you won't receive help.

Edited by jholland1964: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.