More Computer Security & Viruses Answers
Question Library
Ask a question about Computer Security & Viruses
Volunteer
Experts of the Month
Expert Login
Awards
About Us
Tell friends
Link to Us
Disclaimer
|
| |
|
|
| |
| | | |
About Brian Benosky
Expertise
I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (including Vista) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.
Experience
I have over 25 years experience in using, building, and repairing computers. I have helped over a thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here:
http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm
I am also a Top Contributer of General Computing answers in Yahoo! Questions.
Education/Credentials
College Educated
Self-taught Computer Skills
| | |
| |
You are here: Experts > Computing/Technology > Internet/Network Security > Computer Security & Viruses > Computer hangs when i connect to internet
Expert: Brian Benosky - 10/28/2009
Question
My Computer hangs 5 minutes after connecting to the internet.
A message appears showing "Generic host process for windows has closed. we are sorry for incovenience".
Here is my Hijackthis and combofix log file ;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:08 PM, on 6/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
E:\Program Files\eXPert PDF 5\vspdfprsrv.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\TypingMaster\KBOOST.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - E:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - F:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Vistadrv] E:\PROGRAMS\SYSTEM UTILITY\Vista Drive Status\vsdrv.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] E:\Program Files\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TypingSatellite] "E:\Program Files\TypingMaster\KBOOST.EXE"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - E:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - E:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8D8972A9-FFFA-11D4-9CC7-00902761BD36} (JSControl Class) - http://mailjol.com/dev/cab/jscntrl.cab
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
--
End of file - 7291 bytes
combofix log file
ComboFix 09-06-04.09 - happy 06/06/2009 22:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1562 [GMT 5.5:30]
Running from: e:\programs\SECURITY\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\clofghls.dll
c:\windows\system32\dbfb.dll
c:\windows\system32\mdm.exe
c:\windows\system32\netjr32.dll
c:\windows\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.
2009-10-28 14:34 . 2009-05-08 08:43 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-10-28 14:34 . 2009-03-30 05:03 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-28 14:34 . 2009-02-24 07:36 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-10-28 14:34 . 2009-02-13 06:59 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-28 14:34 . 2009-02-13 06:47 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-28 14:34 . 2009-10-28 14:34 -------- d-----w- c:\program files\Avira
2009-10-28 14:15 . 2009-10-28 14:15 198064 ----a-w- c:\documents and settings\happy\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-10-28 14:14 . 2009-10-28 14:19 -------- d-----w- c:\documents and settings\happy\Application Data\IDM
2009-10-28 14:14 . 2009-10-28 14:14 -------- d-----w- c:\program files\Internet Download Manager
2009-10-21 12:13 . 2009-10-21 12:19 1024 ----a-w- c:\windows\system32\dwg2pdf_win.dat
2009-10-21 08:31 . 2009-10-21 08:31 0 ----a-w- c:\windows\nsreg.dat
2009-10-21 08:31 . 2009-10-21 08:31 -------- d-----w- c:\documents and settings\happy\Local Settings\Application Data\Mozilla
2009-10-20 12:55 . 2009-10-23 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\eXPert PDF 5
2009-10-20 12:54 . 2009-10-23 13:55 -------- d-----w- c:\documents and settings\happy\Application Data\eXPert PDF 5
2009-10-20 12:53 . 2009-10-20 12:55 -------- d-----w- c:\documents and settings\happy\Application Data\eXPert PDF Editor
2009-10-20 12:53 . 2005-06-02 07:10 14336 ----a-w- c:\windows\system32\vsmon1.dll
2009-10-20 12:53 . 2009-10-20 12:53 -------- d-----w- c:\windows\My Documents
2009-10-20 12:53 . 2009-10-20 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\eXPert PDF Jobs
2009-10-20 12:53 . 2009-10-20 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\eXPert PDF
2009-10-19 07:48 . 2009-10-19 07:49 -------- d-----w- c:\program files\Contact DataBase
2009-10-08 06:05 . 2009-10-08 06:04 38841 ----a-w- C:\sm.dat
2009-10-08 06:03 . 2009-10-08 06:03 -------- d-----w- c:\documents and settings\happy\Application Data\GlobalSCAPE
2009-10-08 06:02 . 2009-10-08 06:02 -------- d-----w- c:\program files\AutoPlay Menu Studio 3.0
2009-10-03 05:18 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\happy\Application Data\RhinoSoft.com
2009-09-17 05:47 . 2009-09-17 05:47 -------- d-----w- c:\documents and settings\happy\Local Settings\Application Data\Mindjet
2009-09-17 05:34 . 2007-12-24 04:45 585728 ------w- c:\windows\system32\AReadyLB.dll
2009-09-17 05:34 . 2007-12-24 04:45 229376 ------w- c:\windows\system32\AudDevicePlugin.dll
2009-09-17 05:22 . 2009-09-17 05:22 -------- d-----w- c:\documents and settings\happy\Local Settings\Application Data\Flock
2009-09-17 05:20 . 2009-09-17 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-17 03:35 . 2009-09-17 03:35 -------- d--h--w- c:\windows\system32\CyberInstallerUninstallerSystem
2009-09-16 12:26 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-09-09 04:18 . 2009-09-09 04:19 -------- d-----w- c:\windows\system32\NtmsData
2009-08-18 13:45 . 2009-10-28 11:42 25 ----a-w- c:\windows\popcinfot.dat
2009-08-18 02:23 . 2009-08-18 02:42 -------- d-----w- c:\program files\sound
2009-08-18 02:22 . 2009-08-18 02:52 -------- d-----w- c:\program files\data
2009-08-12 13:31 . 2009-08-12 13:31 8 ----a-w- c:\windows\system32\F73859.bin
2009-08-12 13:30 . 2009-08-12 13:30 8 ----a-w- c:\windows\system32\e9243f.bin
2009-08-11 04:29 . 2009-08-11 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-08-10 09:21 . 2009-08-10 09:21 192512 ----a-w- c:\windows\system32\srkey.exe
2009-08-04 07:25 . 2005-10-09 18:30 2169344 ----a-w- c:\windows\system32\pdfutil.dll
2009-07-30 01:14 . 2009-07-30 01:14 -------- d-----w- c:\documents and settings\happy\Local Settings\Application Data\cald3
2009-07-30 01:14 . 2009-07-30 01:14 -------- d-----w- c:\documents and settings\happy\Application Data\cald3
2009-07-20 16:13 . 2009-07-20 16:13 1078 ----a-r- c:\documents and settings\happy\Application Data\Microsoft\Installer\{E1A7D87D-B193-44EC-A3C8-D080B442D4E1}\_c6a6a59.exe
2009-07-20 15:31 . 2009-07-20 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskshare
2009-07-20 15:31 . 2009-07-20 15:31 -------- d-----w- c:\documents and settings\happy\Local Settings\Application Data\Xenocode
2009-07-18 09:10 . 2009-09-17 05:51 -------- d-----w- c:\windows\system32\MAGIX
2009-07-18 09:10 . 2007-07-11 06:23 697560 ----a-w- c:\windows\system32\mgxoschk.dll
2009-07-18 09:08 . 2009-07-18 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\newsreader_images
2009-07-12 14:33 . 2009-07-12 14:33 -------- d-----w- c:\documents and settings\happy\Local Settings\Application Data\Electronic Arts
2009-07-12 02:21 . 2009-07-12 02:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-05 10:16 . 2009-07-05 10:16 -------- d-sh--w- c:\documents and settings\happy\IECompatCache
2009-07-03 10:35 . 2009-07-03 10:35 -------- d-sh--w- c:\documents and settings\happy\PrivacIE
2009-07-03 10:29 . 2009-07-03 10:31 -------- dc-h--w- c:\windows\ie8
2009-07-03 10:25 . 2009-07-03 10:25 -------- d-sh--w- c:\documents and settings\happy\IETldCache
2009-07-03 07:36 . 2009-07-03 07:36 -------- d-----w- c:\documents and settings\happy\Local Settings\Application Data\WMTools Downloaded Files
2009-07-02 08:06 . 2009-07-02 08:06 18 ----a-w- c:\windows\system32\LRPTLRI.DAT
2009-06-29 01:59 . 1994-03-10 18:30 38400 ----a-w- c:\windows\system\DDEML.DLL
2009-06-29 01:59 . 1994-03-10 18:30 14128 ----a-w- c:\windows\system\TOOLHELP.DLL
2009-06-29 01:27 . 2009-06-29 01:27 -------- d-----w- c:\documents and settings\happy\Local Settings\Application Data\Xara
2009-06-29 01:25 . 2009-06-29 01:26 -------- d-----w- c:\program files\Common Files\Xara
2009-06-29 01:25 . 2009-06-29 01:25 -------- d-----w- c:\program files\Xara
2009-06-28 16:41 . 2009-09-09 11:58 475513 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-06-28 16:41 . 2009-09-03 10:54 237940 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-06-28 16:41 . 2009-09-03 10:54 127346 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-06-28 16:41 . 2009-08-18 09:32 1921400 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-06-28 16:41 . 2009-07-14 12:38 430452 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2009-06-28 16:41 . 2009-06-17 10:02 196987 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
2009-06-28 16:41 . 2009-05-27 12:40 401783 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-06-28 16:41 . 2009-04-30 10:03 106868 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-06-28 16:41 . 2009-09-09 11:58 364916 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-06-28 16:41 . 2009-09-03 10:54 184692 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-06-28 16:41 . 2008-10-15 06:19 393588 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2009-06-28 16:41 . 2008-10-15 06:19 53618 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aebb.dll
2009-06-22 08:23 . 2009-06-22 08:23 -------- d-----w- c:\documents and settings\happy\Local Settings\Application Data\Microsoft Help
2009-06-22 08:22 . 2009-06-22 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-19 10:02 . 2009-06-19 10:02 -------- d-----w- c:\documents and settings\happy\Application Data\Axialis
2009-06-19 10:02 . 2009-10-28 07:30 -------- d-----w- c:\documents and settings\happy\Local Settings\Application Data\Axialis
2009-06-18 09:53 . 2002-08-06 07:09 45056 ----a-w- c:\windows\JSStub.exe
2009-06-18 09:53 . 2002-08-06 07:08 24576 ----a-w- c:\windows\MJInstaller.exe
2009-06-18 09:53 . 2002-08-06 07:10 307200 ----a-w- c:\windows\JSInstaller.exe
2009-06-18 09:31 . 2009-06-18 09:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-18 09:31 . 2009-06-18 09:31 152576 ----a-w- c:\documents and settings\happy\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-15 03:39 . 2009-10-05 07:10 -------- d-----w- c:\documents and settings\happy\Application Data\eBookPro6
2009-06-14 10:16 . 2009-06-14 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-06-14 09:59 . 2009-06-14 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-14 09:44 . 2009-06-14 09:45 -------- d-----w- c:\documents and settings\happy\Application Data\EBookSys
2009-06-14 09:13 . 2009-10-19 12:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-14 07:03 . 2009-06-14 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2009-06-10 10:08 . 2009-10-28 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-07 03:08 . 2009-03-24 10:38 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-05 08:28 . 2009-06-07 03:46 -------- d-----w- c:\documents and settings\happy\Application Data\FileZilla
2009-06-02 04:41 . 2009-06-02 04:41 -------- d-----w- c:\documents and settings\happy\Application Data\.purple
2009-05-31 14:38 . 2009-05-31 14:38 -------- d-----w- c:\windows\Supermarket Mania
2009-05-31 02:39 . 2009-05-31 02:39 -------- d-----w- c:\windows\Cache
2009-05-30 12:35 . 2009-05-30 12:35 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-05-30 12:35 . 2009-07-20 16:05 -------- d-----w- c:\program files\Common Files\DeskShare Shared
2009-05-30 12:33 . 2006-04-03 12:46 339968 ----a-w- c:\windows\system32\MP3Enc.dll
2009-05-30 09:34 . 2004-08-03 19:26 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-30 09:32 . 2009-08-18 02:20 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-30 09:32 . 2009-05-30 09:32 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-30 09:32 . 2009-05-30 09:32 -------- d-----w- c:\windows\system32\LogFiles
2009-05-30 07:57 . 2009-05-30 07:57 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-05-22 04:58 . 2009-05-22 04:58 -------- d-----w- c:\documents and settings\happy\Application Data\Gaijin Ent
2009-05-19 06:00 . 2009-07-01 01:29 -------- d-----w- c:\windows\A4W_DATA
2009-05-19 05:59 . 2009-05-19 05:59 -------- d-----w- c:\windows\APW_DATA
2009-05-19 05:45 . 1999-05-28 04:45 86016 ----a-w- c:\windows\unvise32qt.exe
2009-05-18 09:46 . 1995-08-09 00:00 536048 ----a-w- c:\windows\system32\Oc25.dll
2009-05-18 09:46 . 2009-05-18 09:46 -------- d-----w- c:\program files\Common Files\Asymetrix
2009-05-16 07:22 . 2009-05-16 07:22 169984 ----a-w- c:\windows\system32\P2D.DLL
2009-05-16 07:22 . 2009-05-16 07:22 161552 ----a-w- c:\windows\system32\ASYCPICT.DLL
2009-05-16 07:19 . 2009-10-19 12:02 249856 ------w- c:\windows\Setup1.exe
2009-05-16 06:42 . 2009-05-16 06:42 68840 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 06:42 . 2009-05-16 06:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\HP
2009-05-13 05:35 . 1999-08-05 11:30 1802240 ----a-w- c:\windows\system32\Jetpack6.dll
2009-05-13 04:52 . 1997-01-15 18:30 71680 ----a-w- c:\windows\ST5UNST.EXE
2009-05-12 15:48 . 2009-05-22 11:29 -------- d-----w- c:\documents and settings\happy\Application Data\MiniDm
2009-05-12 15:18 . 2009-05-12 15:18 -------- d-----w- c:\documents and settings\happy\Application Data\MxBoost
2009-05-12 15:11 . 2009-06-05 01:29 -------- d-----w- c:\documents and settings\happy\Application Data\IEPro
2009-05-12 11:43 . 2009-05-12 11:43 -------- d-----w- c:\documents and settings\happy\Local Settings\Application Data\Identities
2009-05-08 02:46 . 2009-05-08 02:46 -------- d-----w- c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 16:38 . 2009-04-30 09:16 -------- d-----w- c:\documents and settings\happy\Application Data\DMCache
2009-10-27 12:27 . 2009-04-24 01:50 -------- d-----w- c:\documents and settings\happy\Application Data\vlc
2009-10-20 12:51 . 2009-04-22 12:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-20 05:28 . 2009-04-23 13:02 105416 ----a-w- c:\documents and settings\happy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-19 12:02 . 2009-04-24 08:27 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-09 07:24 . 2009-05-03 05:56 142698 ----a-w- c:\windows\Help\hhcolreg.dat
2009-10-09 07:22 . 2009-04-23 08:36 -------- d-----w- c:\program files\Web Publish
2009-10-08 06:51 . 2009-10-08 06:51 103 ----a-w- c:\windows\~ACROBAT.TMP
2009-09-26 09:08 . 2009-04-24 01:51 -------- d-----w- c:\documents and settings\happy\Application Data\dvdcss
2009-08-11 04:51 . 2009-04-22 05:51 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-04 07:26 . 2009-08-04 07:25 1024 ----a-w- c:\documents and settings\All Users\Application Data\sowdp88.dat
2009-08-01 15:04 . 2009-08-01 15:04 5120 --sha-w- c:\program files\Thumbs.db
2009-06-24 06:24 . 2009-05-01 02:27 -------- d-----w- c:\documents and settings\happy\Application Data\Downloaded Installations
2009-06-21 07:30 . 2009-04-24 01:24 -------- d-----w- c:\documents and settings\happy\Application Data\HP
2009-06-18 09:31 . 2009-04-24 06:38 -------- d-----w- c:\program files\Java
2009-05-30 12:33 . 2009-05-30 12:26 66 ----a-w- c:\documents and settings\happy\Application Data\isfree4_1.tmp
2009-05-30 12:17 . 2009-05-30 12:15 2818 ----a-w- c:\documents and settings\happy\Application Data\isfree4_0.tmp
2009-05-05 16:17 . 2009-05-05 16:17 168168 ----a-w- c:\documents and settings\happy\Application Data\INSTALL.EXE
2009-05-05 16:17 . 2009-05-05 16:17 168168 ----a-w- c:\documents and settings\happy\Application Data\INSTALL.EXE
2009-05-05 03:28 . 2009-05-05 03:28 -------- d-----w- c:\documents and settings\happy\Application Data\Vso
2009-05-05 03:28 . 2009-05-05 03:28 81920 ----a-w- c:\documents and settings\happy\Application Data\ezpinst.exe
2009-05-05 03:28 . 2009-05-05 03:28 81920 ----a-w- c:\documents and settings\happy\Application Data\ezpinst.exe
2009-05-05 03:28 . 2009-05-05 03:28 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-05 03:28 . 2009-05-05 03:28 47360 ----a-w- c:\documents and settings\happy\Application Data\pcouffin.sys
2009-05-05 03:28 . 2009-05-05 03:28 47360 ----a-w- c:\documents and settings\happy\Application Data\pcouffin.sys
2009-05-03 14:31 . 2009-05-03 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2009-05-03 14:29 . 2009-05-03 14:29 -------- d-----w- c:\program files\Siber Systems
2009-05-01 01:52 . 2009-05-01 01:52 -------- d-----w- c:\documents and settings\happy\Application Data\JAM Software
2009-04-30 09:34 . 2009-04-30 09:34 32 ----a-w- c:\windows\system32\ieui.dat
2009-04-30 09:33 . 2009-04-30 09:33 3638 ----a-r- c:\documents and settings\happy\Application Data\Microsoft\Installer\{6AB0F510-9D89-4CD9-8799-208EE59B38D6}\_74b71861.exe
2009-04-30 07:59 . 2009-04-30 07:59 128000 ----a-w- c:\windows\system32\Dsslji.dat
2009-04-26 04:03 . 2009-04-26 04:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-24 08:09 . 2009-04-23 07:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-04-24 06:38 . 2009-04-24 06:38 -------- d-----w- c:\program files\Common Files\Java
2009-04-24 01:25 . 2009-04-24 01:19 116946 ----a-w- c:\windows\HPHins10.dat
2009-04-24 01:24 . 2009-04-24 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-04-24 01:22 . 2009-04-24 01:22 -------- d-----w- c:\program files\Common Files\HP
2009-04-24 01:22 . 2009-04-24 01:15 -------- d-----w- c:\program files\HP
2009-04-24 01:16 . 2009-04-24 01:16 -------- d-----w- c:\program files\Hewlett-Packard
2009-04-23 09:06 . 2009-04-23 09:06 4096 ----a-w- c:\windows\d3dx.dat
2009-04-23 09:03 . 2009-04-23 09:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-23 08:46 . 2009-04-23 08:46 -------- d-----w- c:\program files\NotesSQL
2009-04-23 08:31 . 2009-04-23 08:31 2678 ----a-w- c:\windows\java\Packages\Data\PZDBHVZX.DAT
2009-04-23 08:31 . 2009-04-23 08:31 2678 ----a-w- c:\windows\java\Packages\Data\JV3TZ317.DAT
2009-04-23 08:31 . 2009-04-23 08:31 2678 ----a-w- c:\windows\java\Packages\Data\GL3NJH7H.DAT
2009-04-23 08:31 . 2009-04-23 08:31 2678 ----a-w- c:\windows\java\Packages\Data\DN17LNLR.DAT
2009-04-23 08:31 . 2009-04-23 08:31 2678 ----a-w- c:\windows\java\Packages\Data\BBLV7FFF.DAT
2009-04-23 08:28 . 2009-04-22 08:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-23 07:57 . 2009-04-23 07:57 16 ----a-w- c:\windows\popcinfo.dat
2009-04-23 07:47 . 2009-04-23 07:47 -------- d-----w- c:\program files\ReflexiveArcade
2009-04-23 07:05 . 2009-04-23 07:05 -------- d-----w- c:\documents and settings\happy\Application Data\Nero
2009-04-22 13:16 . 2009-04-22 13:11 -------- d-----w- c:\program files\Common Files\Nero
2009-04-22 13:11 . 2009-04-22 13:11 -------- d-----w- c:\program files\Nero
2009-04-22 13:11 . 2009-04-22 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-04-22 13:06 . 2009-04-22 13:06 -------- d-----w- c:\program files\Shabdkosh 1.0
2009-04-22 13:03 . 2009-04-22 13:03 -------- d-----w- c:\program files\Common Files\L&H
2009-04-22 13:03 . 2009-04-22 13:03 -------- d-----w- c:\program files\Microsoft.NET
2009-04-22 13:02 . 2009-04-22 13:02 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-04-22 13:02 . 2009-04-22 13:02 -------- d-----w- c:\program files\Microsoft Works
2009-04-22 12:56 . 2009-04-22 12:56 -------- d-----w- c:\program files\VIA
2009-04-22 08:13 . 2009-04-22 08:13 -------- d-----w- c:\program files\microsoft frontpage
2009-04-22 08:10 . 2009-04-22 08:10 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-22 05:52 . 2009-04-22 05:52 -------- d-----w- c:\program files\Intel
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"TypingSatellite"="e:\program files\TypingMaster\KBOOST.EXE" [2007-08-14 1243152]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-16 3118512]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-10-28 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-17 141848]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]
"Vistadrv"="e:\programs\SYSTEM UTILITY\Vista Drive Status\vsdrv.exe" [2006-07-29 121089]
"vspdfprsrv.exe"="e:\program files\eXPert PDF 5\vspdfprsrv.exe" [2007-07-02 1179648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^stle.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\stle.exe
backup=c:\windows\pss\stle.exeCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"NMIndexingService"=3 (0x3)
"gusvc"=3 (0x3)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\PDF Editor\\PDFEdit.exe"=
"f:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"e:\\Program Files\\IEPro\\MiniDM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3131:TCP"= 3131:TCP:qdvwoe
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [10/28/2009 08:04 PM 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [10/28/2009 08:04 PM 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [10/28/2009 08:04 PM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/28/2009 08:04 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [10/28/2009 08:04 PM 434945]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [10/28/2009 08:04 PM 69632]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [4/22/2009 06:26 PM 238080]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
svuzrcnp
wymifkw
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-28 c:\windows\Tasks\User_Feed_Synchronization-{51820272-0D74-4864-8780-FAEAA6A6D3C0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:01]
.
- - - - ORPHANS REMOVED - - - -
BHO-{A1811817-EE5A-4D44-ADBF-B7FAD7430D78} - (no file)
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - e:\program files\IEPro\iepro.dll
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: {8D8972A9-FFFA-11D4-9CC7-00902761BD36} - hxxp://mailjol.com/dev/cab/jscntrl.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 22:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1757981266-2049760794-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3b,49,2c,c4,3c,a0,0b,00,e6,e4,a1,e0,6d,d7,cd,f6,ea,b2,8a,e2,ef,
27,25,f5,72,ef,e3,3e,27,fc,d9,85,aa,68,a6,e5,b5,78,15,51,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):2f,52,87,b4,6f,22,77,d2,c8,ed,c3,34,8f,85,9a,ee,36,3f,f2,be,86,
7b,4d,4a,1f,12,db,39,1d,f8,ea,12,5f,3d,54,f9,f5,82,7c,50,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{93ffba41-5dda-4a64-8b60-1f79252b4ebb}]
@Denied: (Full) (Everyone)
"Model"=dword:00000094
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ae749551-9377-4939-bf4c-cfd4c3f38bdf}]
@Denied: (Full) (Everyone)
"Model"=dword:000000da
"Therad"=dword:00000022
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,27,85,0d,4c,f7,1b,0f,39,db,66,fd,49,04,2f,f7,a2,5f,70,74,df,3c,0c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\idmmbc.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-06-06 22:15
ComboFix-quarantined-files.txt 2009-06-06 16:45
Pre-Run: 8,669,278,208 bytes free
Post-Run: 8,700,903,424 bytes free
329
Answer
Hello Suyash
Your HJT file is clean of infections. The error you are experiencing may be caused by your HP Digital Imaging program. I suggest uninstalling it, reboot the computer, then see if the internet is working again. See Microsoft Bulletin:
http://support.microsoft.com/kb/821690
Brian
Add to this Answer Ask a Question
|
|
