Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91803 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Slow internet to No internet


  • This topic is locked This topic is locked
12 replies to this topic

#1 dbaum

dbaum

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 04 October 2009 - 06:37 PM

Internet access has been agonizingly slow and now I can't connect at all on my desktop. Using the same router, I have no problems with a wireless connection on my laptop. I ran CCleaner, Malwarbytes, Adaware, Spybot with no improvements. Can't download RootRepeal at this point. I was able to run ERUNT and DDS before the desktop connection completely ground to a halt. At this point, trying to connect just says "Website found, connecting" but then nothing happens - no timeout or anything. The progress bar stops at 2-3 bars. DDS.txt log is pasted here and Attach.txt is attached. I don't even know where to start. Any help would be appreciated. Thanks. DDS (Ver_09-06-26.01) - NTFSx86 Run by Family at 10:13:13.09 on Sun 09/27/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.171 [GMT -6:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Winamp3\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\ctfmon.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\88I2V1SK\dds[1].scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1;*.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll TB: MSN Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar\01.01.2607.0\en-us\msntb.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: {90C61707-C8F8-43DB-A25C-C1F4B18EE41E} - No File uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [RealPlayer] "c:\program files\real\realplayer\realplay.exe" /RunUPGToolCommandReBoot uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [WinampAgent] "c:\program files\winamp3\winampa.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe" mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\family\startm~1\programs\startup\memoni~1.lnk - c:\program files\verizon wireless\v cast music manager\MEMonitor.exe StartupFolder: c:\documents and settings\family\start menu\programs\startup\PowerReg Scheduler.exe StartupFolder: c:\docume~1\family\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL Trusted Zone: aol.com\free Trusted Zone: plaxo.com\www DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/276f396f5f9f83ac7a04/netzip/RdxIE601.cab DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37873.7278819444 DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL Notify: igfxcui - igfxsrvc.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-16 64160] R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-1-13 72992] R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2005-12-12 1078560] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456] S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2007-2-12 43024] S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2007-2-12 77104] S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2007-2-12 60816] =============== Created Last 30 ================ 2009-09-19 15:51 <DIR> --d----- c:\docume~1\family\applic~1\Malwarebytes 2009-09-19 15:51 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-19 15:51 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-19 15:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-19 15:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes ==================== Find3M ==================== 2009-07-11 07:07 69,048 a------- c:\docume~1\family\applic~1\GDIPFONTCACHEV1.DAT 2009-05-01 19:52 34 a------- c:\documents and settings\family\jagex_runescape_preferences.dat 2008-03-23 17:18 0 a---h--- c:\documents and settings\family\hpothb07.dat 2008-03-23 17:18 164 a---h--- c:\documents and settings\all users\hpothb07.dat 2003-11-05 16:16 1,619 a------- c:\program files\INSTALL.LOG ============= FINISH: 10:14:16.29 ===============

Attached Files


    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 08 October 2009 - 11:06 AM

Hi dbaum,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

You may have to download this tool and transfer to your computer is you are unable to attach to the internet.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 dbaum

dbaum

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 10 October 2009 - 09:39 AM

Thanks for looking at this and helping. Here is the log from CombFix.

ComboFix 09-10-08.04 - Family 10/10/2009 9:21.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.215 [GMT -6:00]
Running from: E:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\57546148.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\poPCaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\Installer\2a6a359.msi
c:\windows\lsito.dat
c:\windows\nwbxi.dat
c:\windows\patch.exe
c:\windows\system32\dbxDgrevCheck.dll
c:\windows\system32\fszqo.dat
c:\windows\system32\winkq32.dll

----- BITS: Possible infected sites -----

hxxp://updates.smithmicro.com
.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-09-27 16:11 . 2009-09-27 16:11 -------- d-----w- c:\program files\ERUNT
2009-09-19 21:51 . 2009-09-19 21:51 -------- d-----w- c:\documents and settings\Family\Application Data\Malwarebytes
2009-09-19 21:51 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 21:51 . 2009-09-19 21:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 21:51 . 2009-09-19 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-19 21:51 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 02:01 . 2006-02-27 04:03 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2009-09-28 21:00 . 2007-04-27 19:49 -------- d-----w- c:\program files\Starcraft
2009-09-27 18:14 . 2007-12-22 04:07 -------- d-----w- c:\program files\Google
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-18 68856]
"RealPlayer"="c:\program files\Real\RealPlayer\realplay.exe" [2006-11-12 1003520]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"WinampAgent"="c:\program files\Winamp3\winampa.exe" [2002-07-23 12288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-28 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\Family\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-10-18 947544]
PowerReg Scheduler.exe [2008-5-18 256000]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\BitPim\\bitpim.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/16/2009 8:58 PM 64160]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [1/13/2009 5:39 PM 72992]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [12/12/2005 3:19 PM 1078560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 1:06 PM 1029456]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2/12/2007 5:02 PM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2/12/2007 5:02 PM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2/12/2007 5:03 PM 60816]
.
Contents of the 'Scheduled Tasks' folder

2009-09-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:59]

2009-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-10-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-09-10 18:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: plaxo.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Starcraft - c:\windows\SCunin.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 09:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\System32\NavLogon.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2009-10-10 9:30
ComboFix-quarantined-files.txt 2009-10-10 15:30

Pre-Run: 2,502,975,488 bytes free
Post-Run: 2,465,177,600 bytes free

139

#4 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 10 October 2009 - 10:32 AM

dbaum, Have you checked your network settings?

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#5 dbaum

dbaum

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 10 October 2009 - 11:47 AM

Network settings appear to be ok. Anything specific you want to know?

#6 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 10 October 2009 - 02:47 PM

dbaum,

I was just wondering mostly about DNS settings. I'm not seeing the reason for you not being able to connect to the internet.

Please click start, then select run

In the box - copy/past the following:
cmd /c ipconfig /all>"c:\documents and settings\family\desktop\ipconfig.txt"
Then click OK

This will put a text file on your desktop called ipconfig.txt. Double click it and paste the results here.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#7 dbaum

dbaum

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 11 October 2009 - 08:06 PM

Here is the ipconfig.txt: Windows IP Configuration Host Name . . . . . . . . . . . . : delldesktop Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-08-74-0A-A7-52 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.102 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 205.171.3.25 205.171.2.25 Lease Obtained. . . . . . . . . . : Sunday, October 11, 2009 7:48:02 PM Lease Expires . . . . . . . . . . : Monday, October 12, 2009 7:48:02 PM

#8 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 11 October 2009 - 09:34 PM

dbaum, When you run Malwarebytes', does it find anything at all?

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#9 dbaum

dbaum

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 17 October 2009 - 11:50 AM

I've run Malwarybytes several times and it doesn't find any problems. We have 2 laptops that work fine wirelessly. The desktop worked fine until a month ago, with no apparent changes or software. I've cleaned up the hard drive, used CCleaner to remove intenet history, cookies, etc and the desktop is still a problem. The internet connection is still there but it is so slow that it can take 10 minutes to load a page, if at all. I assume there is a virus because of the way it is acting.

#10 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 18 October 2009 - 11:58 PM

dbaum, Please run DDS again and post the logs.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#11 dbaum

dbaum

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 20 October 2009 - 07:48 PM

Here is the new DDS file and the Attach file. Thanks. DDS (Ver_09-06-26.01) - NTFSx86 Run by Family at 19:40:38.81 on Tue 10/20/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.200 [GMT -6:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Winamp3\winampa.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\SpywareGuard\sgmain.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1;*.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll TB: MSN Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar\01.01.2607.0\en-us\msntb.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [RealPlayer] "c:\program files\real\realplayer\realplay.exe" /RunUPGToolCommandReBoot uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [WinampAgent] "c:\program files\winamp3\winampa.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe" mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\family\startm~1\programs\startup\memoni~1.lnk - c:\program files\verizon wireless\v cast music manager\MEMonitor.exe StartupFolder: c:\documents and settings\family\start menu\programs\startup\PowerReg Scheduler.exe StartupFolder: c:\docume~1\family\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL Trusted Zone: aol.com\free Trusted Zone: plaxo.com\www DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37873.7278819444 DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL Notify: igfxcui - igfxsrvc.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-16 64160] R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-1-13 72992] R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2005-12-12 1078560] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456] S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2007-2-12 43024] S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2007-2-12 77104] S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2007-2-12 60816] =============== Created Last 30 ================ 2009-10-10 09:18 229,888 a------- c:\windows\PEV.exe 2009-10-10 09:18 161,792 a------- c:\windows\SWREG.exe 2009-10-10 09:18 98,816 a------- c:\windows\sed.exe ==================== Find3M ==================== 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-07-11 07:07 69,048 a------- c:\docume~1\family\applic~1\GDIPFONTCACHEV1.DAT 2009-05-01 19:52 34 a------- c:\documents and settings\family\jagex_runescape_preferences.dat 2008-03-23 17:18 0 a---h--- c:\documents and settings\family\hpothb07.dat 2008-03-23 17:18 164 a---h--- c:\documents and settings\all users\hpothb07.dat ============= FINISH: 19:41:38.68 ===============

Attached Files



#12 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 20 October 2009 - 08:03 PM

dbaum,

Your Java is out of date and you have other old versions still on your computer, those old versions are now a security vulnerability:

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer - Version 6 update 16

Download HostsXpert v4.3 and unzip it to your computer, somewhere where you can find it.
  • Double click on HostsXpert.exe to launch the program.
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
  • Click on Make ReadOnly to secure it against further infection.
  • Exit the program.
Visit the Website for more information.

Then let me know if you notice any difference.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#13 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 26 October 2009 - 11:12 AM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users