Weird problems...

M

Morox

New Member
First of all, my internet in my computer upstairs is not working (hence why I am downstairs on THIS computer). Anyways, I received a virus or two in the past few days and now my internet doesn't work. I got a few pop-ups through Internet Explorer (I use Firefox) and now neither browser works. The pop-ups are reocurring and I don't know how to get everything in working order again. I tried using AVG, Ad-Aware and Spybot. While all three programs found and deleted a few threats, it still didn't fix my internet. I tried doing a System Restore, it wouldn't "restore" itself (I don't know why). I also had a program that showed my registry files and ones that possibly had been changed. I deleted a few and it's possible that I got rid of something that I wasn't supposed to.

Now, here is something really weird. My internet connection will "send" packets, but will not "receive" them. If I open a program like X-Fire (a program to talk to fellow pc gamers), it will start to "receive" packets and I can play my games over the internet, but I still can not use any internet browser or MSN.

I am clueless as what to do. Any ideas?
 
Edit: Here's a Hijack Log:

Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Rylan\HiJackThis_v2.exe

O2 - BHO: (no name) - {A416D604-EAA3-4618-958C-2ECA22414616} - C:\WINDOWS\system32\yayyxuv.dll
O2 - BHO: (no name) - {A7469022-18A7-4B37-825B-259D9E4880F6} - C:\WINDOWS\system32\vtstq.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\kadwshpa.dll
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\cdbtnvbd.dll",realset
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll
O20 - Winlogon Notify: yayyxuv - C:\WINDOWS\SYSTEM32\yayyxuv.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
 
It looks like you're running 2 anti-virus programs, AVG and Avast. This can cause a conflict, decide which to keep and either disable or uninstall the other.

You've got 2 instances of Vundo showing, we might need to re-do these steps again.

Download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • In case it says that nothing was been found, Right click the list box (white box) in the main VundoFix window.
  • Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window.
  • In the Window: copy and paste next in the first field: C:\WINDOWS\system32\yayyxuv.dll
  • Copy and paste next in the second field: C:\WINDOWS\system32\vuxyyay
  • Click the “Add Files” button.
  • Click the "Close Window" button.
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
 
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Rylan\HiJackThis_v2.exe

O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\cdbtnvbd.dll",realset
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)





VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 10:36:03 PM 4/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\afnudllu.dll
C:\WINDOWS\system32\cdbtnvbd.dll
C:\WINDOWS\system32\dbvntbdc.ini
C:\WINDOWS\system32\dxjoctuc.dll
C:\WINDOWS\system32\dxripnpk.dll
C:\WINDOWS\system32\gpjjmrew.dll
C:\WINDOWS\system32\ikfeatqi.ini
C:\WINDOWS\system32\iqtaefki.dll
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\kadwshpa.dll
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mtyulwcq.dll
C:\WINDOWS\system32\mvxeftgf.dll
C:\WINDOWS\system32\nrkhsixy.dll
C:\WINDOWS\system32\osqhntpo.dll
C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.bak2
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\qtstv.tmp
C:\WINDOWS\system32\tjjpgyge.dll
C:\WINDOWS\system32\ufwewddd.dll
C:\WINDOWS\system32\vcbevktt.dll
C:\WINDOWS\system32\vettiaxc.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\xrdluvgw.dll
C:\WINDOWS\system32\xytrqkro.dll
C:\WINDOWS\system32\yayyxuv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\afnudllu.dll
C:\WINDOWS\system32\afnudllu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cdbtnvbd.dll
C:\WINDOWS\system32\cdbtnvbd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dbvntbdc.ini
C:\WINDOWS\system32\dbvntbdc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dxjoctuc.dll
C:\WINDOWS\system32\dxjoctuc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dxripnpk.dll
C:\WINDOWS\system32\dxripnpk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gpjjmrew.dll
C:\WINDOWS\system32\gpjjmrew.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ikfeatqi.ini
C:\WINDOWS\system32\ikfeatqi.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\iqtaefki.dll
C:\WINDOWS\system32\iqtaefki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kadwshpa.dll
C:\WINDOWS\system32\kadwshpa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mljjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mtyulwcq.dll
C:\WINDOWS\system32\mtyulwcq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mvxeftgf.dll
C:\WINDOWS\system32\mvxeftgf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nrkhsixy.dll
C:\WINDOWS\system32\nrkhsixy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\osqhntpo.dll
C:\WINDOWS\system32\osqhntpo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtstv.bak2
C:\WINDOWS\system32\qtstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\qtstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtstv.tmp
C:\WINDOWS\system32\qtstv.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\tjjpgyge.dll
C:\WINDOWS\system32\tjjpgyge.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ufwewddd.dll
C:\WINDOWS\system32\ufwewddd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vettiaxc.dll
C:\WINDOWS\system32\vettiaxc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtstq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xrdluvgw.dll
C:\WINDOWS\system32\xrdluvgw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xytrqkro.dll
C:\WINDOWS\system32\xytrqkro.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayyxuv.dll
C:\WINDOWS\system32\yayyxuv.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtstq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayyxuv.dll
C:\WINDOWS\system32\yayyxuv.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
 
That's good, took it out in one go! :)

You're still running 2 AV's...

We'll fix the rest of the log, then try to fix your internet problem.

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\cdbtnvbd.dll",realset

Close all open windows and browsers, and hit "Fix Checked".

Delete this file.

C:\WINDOWS\system32\cdbtnvbd.dll

Download LSPfix from here:
http://www.downloads.subratam.org/lspfix.zip
Unzip it to the desktop and run it. Check "I know what I'm doing", and then select each instance of "nwprovau.dll" in the left-hand panel and click >> to move it to the right-hand panel. Then click Finish to allow LSPfix to rebuild the LSP chain.

Then restart the computer and post a new Hijackthis log, and say how things are now.
 
I uninstalled Avast right after doing this Hijack Log. So now, I am just using AVG. I haven't seen any IE popups yet, so progress so far seems to be successful. No signs of the internet working yet though. I should note that when I open Xfire or Steam (both are gaming programs), my internet will start to receive packets (which allows me to play online games). But it still doesn't let me use MSN or any internet browser. Anyways, here's the Hijack log.

Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Rylan\HiJackThis_v2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)

--
 
What have you disabled in msconfig?
Avast is still running, stop the process in task manager then delete the folder C:\Program Files\Alwil Software

The rest of the log's clean :)

For the internet problem, try Winsockxpfix, if that doesn't work, I'm out of ideas, start a new topic in the Internet section.

http://www.majorgeeks.com/download4372.html
 
You must log in or register to reply here.
Back
Top