Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Unable to access internet  (Read 6569 times)

0 Members and 1 Guest are viewing this topic.

NOT ADMIN :P

    Topic Starter


    Intermediate

    Unable to access internet
    « on: June 19, 2008, 06:44:39 PM »
    Ive got the 3 logs... what do i do next?

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/19/2008 at 05:57 PM

    Application Version : 4.15.1000

    Core Rules Database Version : 3469
    Trace Rules Database Version: 1460

    Scan type : Complete Scan
    Total Scan Time : 01:45:05

    Memory items scanned : 398
    Memory threats detected : 1
    Registry items scanned : 5480
    Registry threats detected : 52
    File items scanned : 181901
    File threats detected : 14

    Adware.Vundo Variant/Resident
    C:\WINDOWS\SYSTEM32\OPNKLJCY.DLL
    C:\WINDOWS\SYSTEM32\OPNKLJCY.DLL

    Adware.webHancer
    HKLM\Software\Classes\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}
    HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}
    HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}
    HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32
    HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32#ThreadingModel
    HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\ProgID
    HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\Programmable
    HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\VersionIndependentProgID
    C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}
    HKCR\WhIeHelperObj.WhIeHelperObj
    HKCR\WhIeHelperObj.WhIeHelperObj\CurVer
    HKCR\WhIeHelperObj.WhIeHelperObj.1
    HKCR\WhIeHelperObj.WhIeHelperObj.1\CLSID
    HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}
    HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid
    HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid32
    HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib
    HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib#Version
    HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}
    HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0
    HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0
    HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0\win32
    HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\FLAGS
    HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\HELPDIR
    HKLM\Software\WebHancer
    HKLM\Software\WebHancer#BaseDir
    HKLM\Software\WebHancer\CC
    HKLM\Software\WebHancer\CC#DistTag
    HKLM\Software\WebHancer\CC#DWLLTM
    HKLM\Software\WebHancer\CC#SLNTIND
    HKLM\Software\WebHancer\CC#ACCPTPS
    HKLM\Software\WebHancer\ESO
    HKLM\Software\WebHancer\ESO#aa
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent#DisplayName
    C:\Program Files\WEBHANCER\Programs\license.txt
    C:\Program Files\WEBHANCER\Programs\readme.txt
    C:\Program Files\WEBHANCER\Programs\sporder.dll
    C:\Program Files\WEBHANCER\Programs\whagent.ini
    C:\Program Files\WEBHANCER\Programs
    C:\Program Files\WEBHANCER
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6B5957BF-BA84-49A1-A324-D5FF8FFCC687}\RP241\A0118724.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6B5957BF-BA84-49A1-A324-D5FF8FFCC687}\RP241\A0118734.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6B5957BF-BA84-49A1-A324-D5FF8FFCC687}\RP241\A0118735.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6B5957BF-BA84-49A1-A324-D5FF8FFCC687}\RP241\A0118736.EXE

    Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}
    HKCR\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}
    HKCR\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}
    HKCR\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}\InprocServer32
    HKCR\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}\InprocServer32#ThreadingModel
    HKCR\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}\ProgID
    HKCR\CLSID\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}\TypeLib
    SOCKINS32.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}

    Trojan.Vundo-Variant/Small
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67D33942-8B34-4F8E-99B0-4A8C2B989C30}
    HKCR\CLSID\{67D33942-8B34-4F8E-99B0-4A8C2B989C30}
    HKCR\CLSID\{67D33942-8B34-4F8E-99B0-4A8C2B989C30}\InprocServer32
    HKCR\CLSID\{67D33942-8B34-4F8E-99B0-4A8C2B989C30}\InprocServer32#ThreadingModel

    Adware.Vundo Variant/Rel
    HKLM\SOFTWARE\Microsoft\aoprndtws
    HKLM\SOFTWARE\Microsoft\FCOVM
    HKLM\SOFTWARE\Microsoft\RemoveRP
    HKU\S-1-5-21-1220945662-2052111302-725345543-1004\Software\Microsoft\rdfa

    Adware.Tracking Cookie
    www.googleadservices.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    .winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    .winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    .winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    .winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    .winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    .winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    .winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    .winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    .winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    .winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    .winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    shop.winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    shop.winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    shop.winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    shop.winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    shop.winanonymous.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]
    .adnetserver.com [ C:\Documents and Settings\Ste\Application Data\Mozilla\Firefox\Profiles\arm6k7ow.default\cookies.txt ]

    Trojan.Downloader-Gen
    C:\WINDOWS\SYSTEM32\SFT.RES

    Number 2:

    Malwarebytes' Anti-Malware 1.17
    Database version: 846

    8:38:27 PM 19/06/2008
    mbam-log-6-19-2008 (20-38-27).txt

    Scan type: Full Scan (C:\|I:\|)
    Objects scanned: 230726
    Time elapsed: 57 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 8
    Registry Values Infected: 4
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 10

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\ftyfgmmu.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\opnklJcY.dll (Trojan.Vundo) -> Unloaded module successfully.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d97396f-ead1-4144-a594-b35c497add05} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{5d97396f-ead1-4144-a594-b35c497add05} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c4e5b160 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebProxy (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Installer (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMc7d682fc (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnkljcy -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnkljcy -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\ftyfgmmu.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\ummgfytf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ummgfytf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnklJcY.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\YcJlknpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\YcJlknpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6B5957BF-BA84-49A1-A324-D5FF8FFCC687}\RP240\A0117677.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6B5957BF-BA84-49A1-A324-D5FF8FFCC687}\RP241\A0118743.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wbacnvtt.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

    and the hijack this log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:44:51 PM, on 19/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\webhancer\programs\webhdll.dll' missing
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00B0AFA.dat
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Symantec

    Am i broken much?
    « Last Edit: June 24, 2008, 08:26:37 PM by NOT ADMIN :P »
    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: Unable to access internet
    « Reply #1 on: June 19, 2008, 06:49:53 PM »
    Download SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Now then reboot your computer in Safe Mode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard).
    • Finally copy and paste the contents of the results file Report.txt with a NEW HijackThis log in your next reply.
    If SDFix won't run or you get errors, follow the link for instructions on running SDFix. How to use SDFix
    Logged

    NOT ADMIN :P

      Topic Starter


      Intermediate

      Re: Unable to access internet
      « Reply #2 on: June 19, 2008, 07:04:43 PM »
       :D that was quick.

      ill get on it asap.

      post back later today.

      thanks a lot
      Logged

      NOT ADMIN :P

        Topic Starter


        Intermediate

        Re: Unable to access internet
        « Reply #3 on: June 24, 2008, 08:25:20 PM »
        SDFix: Version 1.194
        Run by Ste on Fri 20/06/2008 at 07:06 PM

        Microsoft Windows XP [Version 5.1.2600]
        Running From: C:\SDFix

        Restoring Windows Registry Values
        Restoring Windows Default Hosts File

        Checking Files :

        Trojan Files Found:

        C:\WINDOWS\index.html - Deleted

        Final Check :

        catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-06-20 19:16:21
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden services & system hive ...

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
        "p0"="C:\Program Files\DAEMON Tools\"
        "h0"=dword:00000000
        "khjeh"=hex:c2,fb,61,a1,d3,95,ca,a6,05,e9,47,76,bf,3b,c3,bb,f5,1d,8a,e2,42,..

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
        "a0"=hex:20,01,00,00,1a,3b,96,dd,43,65,67,d7,ee,ca,44,ad,2a,f1,9c,a4,1c,..
        "khjeh"=hex:77,5e,6e,e6,cc,99,d7,62,14,bf,d1,8e,9e,eb,47,8c,90,fc,d1,49,c9,..

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
        "khjeh"=hex:a0,50,c9,b6,e9,d3,a2,b1,bf,d0,3a,03,a4,c3,7d,90,74,64,13,03,df,..

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
        "khjeh"=hex:04,89,f2,50,f2,58,35,23,6f,1f,06,fa,6b,5c,4b,3d,dc,9e,13,b5,33,..

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
        "khjeh"=hex:ac,27,c6,17,c0,4a,65,2e,52,08,95,2a,47,95,fe,5d,6a,17,1a,5f,5b,..
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
        "s1"=dword:2df9c43f
        "s2"=dword:110480d0
        "h0"=dword:00000001

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
        "p0"="C:\Program Files\DAEMON Tools\"
        "h0"=dword:00000000
        "khjeh"=hex:c2,fb,61,a1,d3,95,ca,a6,05,e9,47,76,bf,3b,c3,bb,f5,1d,8a,e2,42,..

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
        "a0"=hex:20,01,00,00,1a,3b,96,dd,43,65,67,d7,ee,ca,44,ad,2a,f1,9c,a4,1c,..
        "khjeh"=hex:77,5e,6e,e6,cc,99,d7,62,14,bf,d1,8e,9e,eb,47,8c,90,fc,d1,49,c9,..

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
        "khjeh"=hex:a0,50,c9,b6,e9,d3,a2,b1,bf,d0,3a,03,a4,c3,7d,90,74,64,13,03,df,..

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
        "khjeh"=hex:04,89,f2,50,f2,58,35,23,6f,1f,06,fa,6b,5c,4b,3d,dc,9e,13,b5,33,..

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
        "khjeh"=hex:ac,27,c6,17,c0,4a,65,2e,52,08,95,2a,47,95,fe,5d,6a,17,1a,5f,5b,..
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
        "p0"="C:\Program Files\DAEMON Tools\"
        "h0"=dword:00000000
        "khjeh"=hex:c2,fb,61,a1,d3,95,ca,a6,05,e9,47,76,bf,3b,c3,bb,f5,1d,8a,e2,42,..

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
        "a0"=hex:20,01,00,00,1a,3b,96,dd,43,65,67,d7,ee,ca,44,ad,2a,f1,9c,a4,1c,..
        "khjeh"=hex:77,5e,6e,e6,cc,99,d7,62,14,bf,d1,8e,9e,eb,47,8c,90,fc,d1,49,c9,..

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
        "khjeh"=hex:a0,50,c9,b6,e9,d3,a2,b1,bf,d0,3a,03,a4,c3,7d,90,74,64,13,03,df,..

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
        "khjeh"=hex:04,89,f2,50,f2,58,35,23,6f,1f,06,fa,6b,5c,4b,3d,dc,9e,13,b5,33,..

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
        "khjeh"=hex:ac,27,c6,17,c0,4a,65,2e,52,08,95,2a,47,95,fe,5d,6a,17,1a,5f,5b,..
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
        "p0"="C:\Program Files\DAEMON Tools\"
        "h0"=dword:00000000
        "khjeh"=hex:c2,fb,61,a1,d3,95,ca,a6,05,e9,47,76,bf,3b,c3,bb,f5,1d,8a,e2,42,..

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
        "a0"=hex:20,01,00,00,1a,3b,96,dd,43,65,67,d7,ee,ca,44,ad,2a,f1,9c,a4,1c,..
        "khjeh"=hex:77,5e,6e,e6,cc,99,d7,62,14,bf,d1,8e,9e,eb,47,8c,90,fc,d1,49,c9,..

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
        "khjeh"=hex:a0,50,c9,b6,e9,d3,a2,b1,bf,d0,3a,03,a4,c3,7d,90,74,64,13,03,df,..

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
        "khjeh"=hex:04,89,f2,50,f2,58,35,23,6f,1f,06,fa,6b,5c,4b,3d,dc,9e,13,b5,33,..

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
        "khjeh"=hex:ac,27,c6,17,c0,4a,65,2e,52,08,95,2a,47,95,fe,5d,6a,17,1a,5f,5b,..

        scanning hidden registry entries ...

        [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D58D1DA8-8627-E12A-CDEE-90E322F20B12}]
        "abcldaggfohelnlbeoijeomdnhdcicbdle"=hex:66,62,63,6c,69,70,64,6d,6d,68,6d,61,65,6d,6d,70,61,63,6d,6a,6c,..
        "bbcldaggfohelnlbeonjnahngndalhjicfkn"=hex:61,62,68,69,68,63,66,64,66,6d,63,66,6d,68,66,6d,68,63,6b,66,67,..

        scanning hidden files ...

        scan completed successfully
        hidden processes: 0
        hidden services: 0
        hidden files: 0


        Authorized Application Key Export:

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\EA Games\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA Games\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
        "C:\\Program Files\\EA Games\\Battlefield Vietnam\\BfVietnam.exe"="C:\\Program Files\\EA Games\\Battlefield Vietnam\\BfVietnam.exe:*:Enabled:BfVietnam"
        "C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
        "C:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"="C:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king"
        "C:\\Program Files\\Team17 Software Ltd\\Worms Forts Under Siege\\WF.exe"="C:\\Program Files\\Team17 Software Ltd\\Worms Forts Under Siege\\WF.exe:*:Enabled:WF"
        "C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"="C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
        "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
        "C:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"="C:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe:*:Enabled:Rome: Total War"
        "C:\\Program Files\\Port Royale\\PortRoyale.exe"="C:\\Program Files\\Port Royale\\PortRoyale.exe:*:Enabled:Port Royale"
        "C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"="C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe:*:Enabled:Sid Meier's Railroads!"
        "C:\\Program Files\\EA Games\\MOHAA\\Mohaa.exe"="C:\\Program Files\\EA Games\\MOHAA\\Mohaa.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
        "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
        "C:\\Program Files\\The Creative Assembly\\Rome - Total War\\rometw-alx.exe"="C:\\Program Files\\The Creative Assembly\\Rome - Total War\\rometw-alx.exe:*:Enabled:Rome: Total War - Alexander"
        "C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
        "C:\\Program Files\\BitComet\\plugin_emule\\plugin_eMule.exe"="C:\\Program Files\\BitComet\\plugin_emule\\plugin_eMule.exe:*:Enabled:eMule plugin host for BitComet"
        "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
        "C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe:*:Enabled:D-Link AirPlus Utility"
        "C:\\Program Files\\Paradox Interactive\\Europa Universalis III\\eu3game.exe"="C:\\Program Files\\Paradox Interactive\\Europa Universalis III\\eu3game.exe:*:Enabled:Europa Universalis III"
        "C:\\Program Files\\Vietcong2\\vietcong2.exe"="C:\\Program Files\\Vietcong2\\vietcong2.exe:*:Enabled:Vietcong 2"
        "C:\\Documents and Settings\\Ste\\My Documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Ste\\My Documents\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
        "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
        "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
        "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
        "C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad"
        "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
        "C:\\Program Files\\Flying Lab Software\\Pirates of the Burning Sea\\PlayPOTBS.exe"="C:\\Program Files\\Flying Lab Software\\Pirates of the Burning Sea\\PlayPOTBS.exe:*:Enabled:Pirates of the Burning Sea"
        "C:\\Program Files\\Flying Lab Software\\Pirates of the Burning Sea\\PotBS.exe"="C:\\Program Files\\Flying Lab Software\\Pirates of the Burning Sea\\PotBS.exe:*:Enabled:PotBS"
        "C:\\Program Files\\Westwood Chat\\WCHAT.DAT"="C:\\Program Files\\Westwood Chat\\WCHAT.DAT:*:Enabled:Westwood Online for Windows"
        "C:\\Program Files\\EA Games\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm)\\RA95.EXE"="C:\\Program Files\\EA Games\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm)\\RA95.EXE:*:Enabled:RA95"
        "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
        "C:\\Program Files\\SSI\\Close Combat Invasion Normandy\\CC5.exe"="C:\\Program Files\\SSI\\Close Combat Invasion Normandy\\CC5.exe:*:Enabled:Close Combat(tm)V: Invasion Normandy"
        "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
        "C:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
        "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
        "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
        "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
        "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

        Remaining Files :


        File Backups: - C:\SDFix\backups\backups.zip

        Files with Hidden Attributes :

        Sun 15 Jun 2008 1,580,208 ..SH. --- "C:\WINDOWS\system32\ummgfytf.tmp"
        Sat 29 Sep 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
        Fri 6 Aug 2004 1,949,696 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"
        Fri 6 Aug 2004 53,760 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"
        Sat 12 Jun 2004 94,208 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"
        Sat 3 Jul 2004 35,328 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"
        Sat 22 Nov 2003 20,480 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"
        Mon 1 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
        Fri 9 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT3.tmp"
        Sat 3 Sep 2005 4,348 A..H. --- "C:\Documents and Settings\Ste\My Documents\My Music\License Backup\drmv1key.bak"
        Sat 3 Sep 2005 20 A..H. --- "C:\Documents and Settings\Ste\My Documents\My Music\License Backup\drmv1lic.bak"
        Sat 3 Sep 2005 400 A..H. --- "C:\Documents and Settings\Ste\My Documents\My Music\License Backup\drmv2key.bak"
        Sat 3 Sep 2005 1,536 A..H. --- "C:\Documents and Settings\Ste\My Documents\My Music\License Backup\drmv2lic.bak"

        Finished!

        Logged

        NOT ADMIN :P

          Topic Starter


          Intermediate

          Re: Unable to access internet
          « Reply #4 on: June 24, 2008, 08:30:05 PM »
          and the Hijackthis log

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 7:23:10 PM, on 20/06/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\WINDOWS\system32\PnkBstrB.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
          C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\Program Files\DAEMON Tools\daemon.exe
          C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
          O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
          O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
          O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
          O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O10 - Broken Internet access because of LSP provider 'c:\program files\webhancer\programs\webhdll.dll' missing
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
          O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00B0AFA.dat
          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
          O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
          O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

          --
          End of file - 7222 bytes


          done and done, next?
          Logged

          evilfantasy

          • Malware Removal Specialist
          • Moderator


            • Genius
          • Calm like a bomb
            • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: Unable to access internet
          « Reply #5 on: June 24, 2008, 08:42:35 PM »
          Open Hijackthis and select Do a system scan only then place a check mark next to:

          O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

          Close all windows and click Fix checked.

          Exit Hijackthis and then run CCleaner.

          ----------

          A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

          • Please download LSPFix
          • Run the LSPFix.exe that you have just finished downloading.
          • Check the I know what I'm doing box.
          • In the Keep box you should see one or more instances of wsock3.dll.
          • Select every instance of webhdll.dll and move each one to the Remove box by clicking the >> button.
          • When you are done click Finish>>.
          .
          Restart the computer.

          If needed see Using LSP-Fix to remove Spyware & Hijackers for more detailed instructions.

          ----------

          I'm pretty sure there is a rootkit involved as well so we need to have a closer look.

          Download Combofix by sUBs from one of the below links.

          Important! Combofix.exe MUST be saved to and ran from the Desktop.
          • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
          • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
            • Click this link to see a list of security programs that should be disabled and how to disable them.
            • If yours is not listed and you don't know how to disable it, please ask.
          • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
          • Double click combofix.exe & follow the prompts.
            • Choose Yes to accept the Disclaimers.
          • When finished, it will produce a log for you.
          • Post that log in your next reply.
          Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall
          • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
          • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
          If needed, see this Combofix tutorial with screenshots that will detail more thoroughly the downloading and running of Combofix.

          ----------

          Next post add
          Combofix log
          Logged

          RolandGeron

          • Guest
          Re: Unable to access internet
          « Reply #6 on: June 02, 2009, 09:36:41 AM »
                      I want to learn this problem because i also incur this in try to call computer technician.


          _________________
          Thermostat
          Logged
          Pages: [1]   Go Up
          « previous next »