Can't Connect

[uposb4]

My daughters machine (Win XP) is on our wireless network, She's showing connected and the signal strength is very good but IE and Firefox will not go online. Iv'e disconnected and reconnected and nothing changes. Iv'e adjusted the firewall settings and nothing. IE shows cannot connect using http,https, or ftp and probably caused by firewall settings. Firefox shows proxy server is refusing connections. I had to chase out several trojans earlier, Could that be the cause of not connecting? I'm sure a complete wipe and restore would fix this but i dont want to have to do that. The problem just started and the virus problem was this morning. Any help would be greatly appreciated.

 

[deanj20]

Are you able to ping Google.com? (Start-->Run-->type 'cmd', <enter> -->at the command prompt type 'ping google.com')

Try this real quick: http://download.cnet.com/LSPFix/3000-2085_4-10417026.html

 

[johnb35]

Do you have a usb flash drive available so you can transfer a file from your computer to hers? If so download winsockxpfix.

http://majorgeeks.com/WinSock_XP_Fix_d4372.html

And most likely you are still infected. If that don't work then perform this step.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[uposb4]

sent 4 rec. 4 lost 0 Does this mean im getting out?

 

[deanj20]

sent 4 rec. 4 lost 0 Does this mean im getting out?

Yes. Please try the program I suggested or the one johnb35 suggested, and follow the steps in his post.

 

[uposb4]

I am, It ran and has rebooted and preparing the report.

 

[uposb4]

ComboFix 10-04-15.05 - Owner 04/16/2010 20:57:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.766.366 [GMT -4:00]
Running from: J:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\bOxxl.jpg
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\n61mkNOn.jpg
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Nbmb7.jpg
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\xY4b0km.jpg
c:\recycler\S-1-5-21-3951799384-1846226851-3539390815-1003
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-03-17 to 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-17 00:04 . 2010-04-17 00:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2010-04-16 00:38 . 2010-04-16 13:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ifshstvie
2010-04-15 23:31 . 2010-04-16 00:36 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-14 20:43 . 2010-04-14 20:43 -------- d-----w- C:\$AVG
2010-04-11 17:02 . 2010-04-11 17:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-11 17:02 . 2010-04-11 17:02 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-11 17:01 . 2010-04-11 17:01 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-11 17:01 . 2010-04-16 23:50 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-11 17:01 . 2010-04-11 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-04-11 17:00 . 2010-04-11 17:00 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-11 16:59 . 2010-04-11 16:59 -------- d-----w- c:\program files\AVG
2010-04-11 16:58 . 2010-04-11 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 00:40 . 2010-01-17 03:06 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2010-04-15 23:38 . 2010-02-09 00:23 410 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-04-14 20:40 . 2010-04-14 20:40 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-14 20:40 . 2010-04-14 20:40 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-14 20:40 . 2010-04-14 20:40 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-14 20:40 . 2010-04-14 20:40 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-14 20:40 . 2010-04-14 20:40 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-14 20:40 . 2010-04-14 20:40 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-14 20:40 . 2010-04-14 20:40 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-14 20:40 . 2010-04-14 20:40 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-14 20:39 . 2010-04-14 20:39 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-14 20:39 . 2010-04-14 20:39 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-14 20:39 . 2010-04-14 20:39 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-14 20:39 . 2010-04-14 20:39 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-14 20:34 . 2010-04-14 20:34 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-14 20:34 . 2010-04-14 20:34 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-11 17:07 . 2010-01-10 03:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-11 17:06 . 2010-04-11 17:06 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-11 16:44 . 2010-01-10 04:22 -------- d-----w- c:\program files\Symantec
2010-04-11 16:41 . 2010-01-10 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-30 04:46 . 2010-01-10 03:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-01-10 03:15 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 23:31 . 2010-01-10 04:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 03:37 . 2010-01-11 23:27 30304 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-11 12:38 . 2010-01-09 04:31 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2010-01-09 04:29 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2010-01-09 04:28 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2010-01-09 04:31 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 19:01 . 2003-03-18 22:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-03-04 19:01 . 2003-03-18 21:14 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-03-04 19:01 . 2003-02-21 05:42 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-03-02 11:45 . 2010-03-02 11:45 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2010-02-24 12:31 . 2010-01-09 04:30 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 18:04 . 2010-04-11 17:18 1664256 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-16 13:19 . 2010-01-09 04:30 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2010-01-10 04:01 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2010-01-09 04:28 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2010-01-09 04:31 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-17 17:42 . 2010-01-17 17:42 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HostManager"="c:\program files\Common Files\AOL\1263097960\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"SoundMan"="SOUNDMAN.EXE" [2003-12-09 67584]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-01-10 98304]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2010-1-10 1742384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-11 17:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1263097960\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/11/2010 1:00 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/11/2010 1:02 PM 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [4/11/2010 1:00 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/11/2010 1:00 PM 308064]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/9/2010 11:30 PM 311568]
R3 IPN2120;INPROCOMM IPN2120 Wireless LAN Card Driver;c:\windows\system32\drivers\i2120ntx.sys [1/10/2010 12:52 AM 116224]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4/11/2010 1:01 PM 369920]
S3 S3chipid;S3chipid;\??\c:\docume~1\Owner\LOCALS~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys --> c:\docume~1\Owner\LOCALS~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
uInternet Connection Wizard,ShellNext = hxxp://www.excite.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e6olufv8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5555
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-scnhsfpo - c:\documents and settings\Owner\Local Settings\Application Data\ifshstvie\lvhsixstssd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-16 21:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x830BAAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7654fc3
\Driver\ACPI -> ACPI.sys @ 0xf7467cb8
\Driver\atapi -> atapi.sys @ 0xf74077b4
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80576ce8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80576ce8
NDIS: INPROCOMM IPN2120 Wireless LAN Card -> SendCompleteHandler -> NDIS.sys @ 0xf72ceba0
PacketIndicateHandler -> NDIS.sys @ 0xf72dbb21
SendHandler -> NDIS.sys @ 0xf72b987b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(5740)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\progra~1\COMMON~1\AOL\126309~1\EE\AOLHOS~1.EXE
c:\progra~1\COMMON~1\AOL\126309~1\EE\AOLServiceHost.exe
.
**************************************************************************
.
Completion time: 2010-04-16 21:17:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-17 01:17

Pre-Run: 69,511,704,576 bytes free
Post-Run: 70,802,968,576 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9B4516B9975F4AAB173B797BA0947F09

 

[uposb4]

IE can connect but Firefox cannot. Running another malwarebytes and then an IOBIT 360.

 

[PurpleSnow]

hey there i got mostly the same problm. but on my machine I got IExplore, Firefox and chrome and only Firefox works the other 2 keep telling me:

Internet Explorer cannot display the webpage

What you can try:
Diagnose Connection Problems

I get that on both IE and Chrome.
Im using Win7 x64 sp1

 

[johnb35]

hey there i got mostly the same problm. but on my machine I got IExplore, Firefox and chrome and only Firefox works the other 2 keep telling me:

Internet Explorer cannot display the webpage

What you can try:
Diagnose Connection Problems

I get that on both IE and Chrome.
Im using Win7 x64 sp1

Have you scanned your system for malware/viruses? Follow this procedure.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If you continue to experience problems after doing this, please post a HijackThis log by doing the following:

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[PurpleSnow]

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.1.7601 Service Pack 1, v.153
Internet Explorer 8.0.7601.16537

2010/04/21 05:31:18 PM
mbam-log-2010-04-21 (17-31-12).txt

Scan type: Quick Scan
Objects scanned: 98987
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\winhost_app.winhost_appdll (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5e06398e-3017-467b-a399-18425a20f655} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5e06398e-3017-467b-a399-18425a20f655} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5e06398e-3017-467b-a399-18425a20f655} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e06398e-3017-467b-a399-18425a20f655} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\powermanager (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\winhost_app.dll (Trojan.FakeAlert) -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:44:37 PM, on 2010/04/21
Platform: Unknown Windows (WinNT 6.01.3505 SP1, v.153)
MSIE: Internet Explorer v8.00 (8.00.7601.16537)
Boot mode: Normal

Running processes:
C:\Fraps\fraps.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files (x86)\Nimbuzz\Nimbuzz.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact 6\Iedit.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: winhost_app.winhost_appdll - {5E06398E-3017-467B-A399-18425A20F655} - C:\Windows\winhost_app.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Sky Downloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files (x86)\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [UPI11_COM] Regsvr32.exe /s "C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact 12\upiExtractImage.dll"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Nimbuzz] "C:\Program Files (x86)\Nimbuzz\Nimbuzz.exe" minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MeepSearchAssist] C:\Program Files (x86)\Meep\JixeySearchHelper\JixeySearchHelper.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files (x86)\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files (x86)\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dwayne\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files (x86)\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files (x86)\Propel Accelerator\pac-image.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files (x86)\Free Download Manager\FUM\fumiebtn.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{43E773B6-5662-4834-A333-AFBA373D91E6}: NameServer = 196.28.80.140 196.28.80.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{43E773B6-5662-4834-A333-AFBA373D91E6}: NameServer = 196.28.80.140 196.28.80.139
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i 3\uMgiSvr.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

[johnb35]

Did you have Malwarebytes remove those infections? Also, you need to update malwarebytes and perform another scan. Open malwarebytes, click on the update tab, click on check for updates. Hopefully it will update. Keep updating malwarebytes until it says you have the latest version. Let me know if it won't update.

 

[PurpleSnow]

cant update malwarebytes Error code: 732 (12029,0) did U see error in Hijack this for SVCHOST Ive had trouble with that 2.

IE and chrome still not working just Firefox

 

[johnb35]

Download this version of Malwarebytes as it is newer then the one you have.

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html Then run it and post the logfile from it.

 

[PurpleSnow]

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4017

Windows 6.1.7601 Service Pack 1, v.153
Internet Explorer 8.0.7601.16537

2010/04/22 09:38:39 AM
mbam-log-2010-04-22 (09-38-39).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 349244
Time elapsed: 1 hour(s), 4 minute(s), 11 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
C:\Windows\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\powermanager (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\Any Video Converter\mencoder.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Program Files (x86)\YouTube Downloader\FFMPEG.EXE (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
D:\Windows\System32\2421336.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Windows\System32\4171061.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Windows\System32\7555308.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Windows\System32\so.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDYOYCJS\aaa[1].htm (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDYOYCJS\fjnvpk[1].htm (Trojan.Backdoor) -> Quarantined and deleted successfully.
D:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDYOYCJS\fwevpovto[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDYOYCJS\hypwhc[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDYOYCJS\imwaic[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDYOYCJS\wzdcjrp[1].htm (Trojan.Backdoor) -> Quarantined and deleted successfully.
D:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOQ26UGI\aaa[1].htm (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L92Z9K4D\hypwhc[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L92Z9K4D\imwaic[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L92Z9K4D\rvqxfn[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L92Z9K4D\wzdcjrp[1].htm (Trojan.Backdoor) -> Quarantined and deleted successfully.
D:\Windows\System32\drivers\ezjebnk.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\Windows\Temp\~TM3919.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.





lets try agn....

 

[johnb35]

How is your system running now? Can you post a fresh hijackthis log?

 

[PurpleSnow]

Running processes:
C:\Fraps\fraps.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Sky Downloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Sky Downloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files (x86)\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Nimbuzz] "C:\Program Files (x86)\Nimbuzz\Nimbuzz.exe" minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files (x86)\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files (x86)\Propel Accelerator\pac-image.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{43E773B6-5662-4834-A333-AFBA373D91E6}: NameServer = 196.28.80.140 196.28.80.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{43E773B6-5662-4834-A333-AFBA373D91E6}: NameServer = 196.28.80.140 196.28.80.139
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i 3\uMgiSvr.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10860 bytes


Its a bit better but still IE and chrome not working and my downloads only go up to 1.1mb - 1.4mb regardless of size

 

[johnb35]

Ok, one more program to try. The thing is, your running a 64bit operating system which limits the programs we can use to scan for infections. Try downloading superantispyware free edition, fully update it before running it.

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

Post the log from it when done.

 

[PurpleSnow]

it finished found a lotta stuff but it didnt give me a log after.just asked 2 restart. Allas the problm persists...

 

[johnb35]

Open superantispyware click on preferences, click on statistics/logs, view the log that you just did and then copy and paste it back here. You might want to try reinstalling chrome.

As far as Internet explorer goes, go to internet options, click on the advanced tab and click on reset down toward the bottom. Also go to the connection tab, click on lan settings and make sure that use proxy server is unchecked.