Author Topic: connection issue (Read 667 times)

eye_opener · « **on:** May 05, 2008, 01:41:45 PM »

just about whatever i do i cannot connect to the internet in normal mode
yesterday i could
now all a recieve is a connection problem
i've turned my firewall off what do i do

please help

guestolo · « **Reply #1 on:** May 05, 2008, 09:59:38 PM »

What do you use for Firewall protection?
Normally, when I see this problem, it's Security software related

If you have anything like Norton's or McAfee's security suite install, and it's outdated or possibly blocking IE or Firefox, or corrupt
That could be the problem

eye_opener · « **Reply #2 on:** June 11, 2008, 11:51:17 AM »

i believe Norton

guestolo · « **Reply #3 on:** June 11, 2008, 11:54:57 AM »

Is Norton's outdated?

As a test, can you connect in Safe mode with Networking?

eye_opener · « **Reply #4 on:** June 11, 2008, 04:38:28 PM »

when i do that everything works okay

guestolo · « **Reply #5 on:** June 11, 2008, 05:00:16 PM »

Is your Norton's out of date??

Also, can you do the following
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!

eye_opener · « **Reply #6 on:** June 11, 2008, 10:51:31 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:35 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-581438453-3531947903-4118515476-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Owner')
O4 - HKUS\S-1-5-21-581438453-3531947903-4118515476-1003\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized (User 'Owner')
O4 - HKUS\S-1-5-21-581438453-3531947903-4118515476-1009\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Owner\My Documents\LimeWire\LimeWire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7855 bytes

guestolo · « **Reply #7 on:** June 12, 2008, 12:36:08 AM »

It would really help me to know if your subscription to Norton's is out of date
We can replace it if needed with free alternatives

eye_opener · « **Reply #8 on:** June 12, 2008, 12:08:43 PM »

when i try to open it all i get is this

and it goes off without uploading anything

guestolo · « **Reply #9 on:** June 12, 2008, 12:21:29 PM »

I think your copy of Norton's is corrupt

Let me ask again, do you think your subscription has expired?
How long have you had Norton's installed?

We can get you free software to replace it, just answer the above please

eye_opener · « **Reply #10 on:** June 12, 2008, 12:36:12 PM »

yes i think my subscribtion is expired

guestolo · « **Reply #11 on:** June 12, 2008, 12:54:54 PM »

OK, let's try the following,
Again, you may have to go to Safe mode with Networking
and download a new AV and a couple other tools

Remain in safe mode with networking only for limited time

Download and save to desktop the Norton Removal tool from STEP 3
Don't run it yet, just save it to desktop for now

This tool is good for

Quote

The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Don't run this yet either

Download and save to your Desktop
> [color=\"#FF0000\"]Avira AntiVir[/color] <
Again, Do Not install this yet

Reboot back to Normal Windows
It's important that we remove Norton's before trying to install Avira

First: Access your Add and Remove programs and
Uninstall the following
Norton Internet Security, this includes Norton AV
You should be prompted to reboot the computer

Back in Windows
Run the Norton Removal Tool from desktop
Follow all the prompts, reboot one more time, or more if needed
Ensure to have it enable Windows Firewall when removing, or enable it manually after removal
NOTE: If at anytime, you have trouble Removing any of Norton Internet Security (Incl. AV)
Go to the next step and use the Norton Removal tool
After those first 2 steps, I'm going to assume you will have Internet connection in Normal Windows

Install Avira AntiVir from desktop
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time

NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it

A scan of your System should then start
If a scan does not start after updating, double click on the Avast icon by the clock (the red/white umbrella)
and select "Scan system now"

Quarantine or delete everything it finds
When the scan is finished
Reboot the computer one last time

Back in Windows

Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

eye_opener · « **Reply #12 on:** June 12, 2008, 01:25:41 PM »

i went to the add and remove programs and there was nothing to say remove nortorn av it was just blank

guestolo · « **Reply #13 on:** June 12, 2008, 01:28:18 PM »

Let me take a look at the following please

supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

guestolo · « **Reply #14 on:** June 12, 2008, 01:51:05 PM »

I may not have time to wait for that uninstall list from Hijackthis, I must leave for awhile

Why don't you go back up to my previous instructions and follow them closely
Here's what I said earlier

Quote

NOTE: If at anytime, you have trouble Removing any of Norton Internet Security (Incl. AV)
Go to the next step and use the Norton Removal tool
After those first 2 steps, I'm going to assume you will have Internet connection in Normal Windows

eye_opener · « **Reply #15 on:** June 13, 2008, 01:38:08 PM »

main.txt

Deckard's System Scanner v20071014.68
Run by Chris on 2008-06-13 13:37:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
86: 2008-06-13 18:37:40 UTC - RP437 - Deckard's System Scanner Restore Point
85: 2008-06-13 04:21:10 UTC - RP436 - Avira AntiVir Personal - 6/12/2008 23:21
84: 2008-06-12 19:29:02 UTC - RP435 - System Checkpoint
83: 2008-06-11 18:54:37 UTC - RP434 - System Checkpoint
82: 2008-06-10 08:10:04 UTC - RP433 - System Checkpoint

-- First Restore Point --
1: 2008-03-20 21:16:06 UTC - RP352 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]Total Physical Memory: 510 MiB (512 MiB recommended).[/color]

-- HijackThis (run as Chris.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:28 PM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Documents and Settings\Owner\My Documents\LimeWire\LimeWire.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Desktop\dss.exe
C:\DOCUME~1\Chris\Desktop\Chris.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Owner\My Documents\LimeWire\LimeWire.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7034 bytes

-- File Associations -----------------------------------------------------------

[color=\"red\"].reg - regfile - shell\open\command - regedit.exe"%1" %*[/color]
[color=\"red\"].scr - scrfile - shell\open\command - "%1" %*[/color]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 MotoSwitchService (MotoSwitch Service) - c:\windows\system32\drivers\motswch.sys <Not Verified; Motorola INC.; Motorola Switching Filter Driver>
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal â€“ Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-13 03:30:00 386 --a------ C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job
2008-06-10 14:55:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-06-21 09:13:19 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job

-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 00:46:38 0 d-------- C:\WINDOWS\LastGood
2008-06-12 23:21:24 0 d-------- C:\Program Files\Avira
2008-06-12 23:21:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-11 23:19:27 0 d-------- C:\downloads
2008-06-11 23:19:27 0 d-------- C:\Documents and Settings\Chris\Application Data\GrabPro
2008-06-11 23:19:06 0 d-------- C:\Documents and Settings\Chris\Application Data\Orbit
2008-06-11 23:19:02 0 d-------- C:\Program Files\Orbitdownloader
2008-06-11 16:50:21 0 d-------- C:\Documents and Settings\Chris\Application Data\U3
2008-06-10 21:11:17 0 d-------- C:\Documents and Settings\Chris\Application Data\uTorrent
2008-06-07 10:47:44 0 d-------- C:\Documents and Settings\Chris\Shared
2008-06-07 10:47:42 0 d-------- C:\Documents and Settings\Chris\Incomplete
2008-06-07 10:47:24 0 d-------- C:\Documents and Settings\Chris\Application Data\LimeWire
2008-06-07 02:10:47 0 d-------- C:\Documents and Settings\Chris\Application Data\WinRAR
2008-06-04 23:05:06 0 d-------- C:\Documents and Settings\Owner\Application Data\VoipBuster
2008-06-04 08:20:26 0 d-------- C:\Program Files\VoipBuster.com
2008-06-03 22:47:58 0 d-------- C:\Program Files\directx
2008-06-03 22:45:57 0 d-------- C:\Program Files\Rockstar Games
2008-05-30 19:56:27 234417 --a------ C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_5031.exe <Not Verified; Karlis Blumentals; Easy Gif Animator>
2008-05-30 19:56:24 0 d-------- C:\Program Files\Easy Gif Animator Extension
2008-05-30 19:56:13 0 d-------- C:\Program Files\Easy GIF Animator
2008-05-26 17:33:51 0 d-------- C:\WINDOWS\system32\js
2008-05-26 17:33:51 0 d-------- C:\WINDOWS\system32\images
2008-05-26 17:33:51 0 d-------- C:\WINDOWS\system32\html
2008-05-26 17:33:51 0 d-------- C:\WINDOWS\system32\css
2008-05-26 17:33:51 0 d-------- C:\Program Files\Business Objects
2008-05-26 17:21:27 0 d-------- C:\Program Files\Microsoft SQL Server
2008-05-26 17:20:21 0 d-------- C:\Program Files\Microsoft Device Emulator
2008-05-26 17:17:19 0 d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
2008-05-26 17:14:57 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-26 17:14:57 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-26 16:59:19 0 d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-05-26 16:46:31 0 d-------- C:\WINDOWS\symbols
2008-05-26 16:40:41 0 d-------- C:\Program Files\Microsoft SDKs
2008-05-26 16:40:41 0 d-------- C:\Program Files\HTML Help Workshop
2008-05-26 16:40:41 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-05-26 16:40:40 0 d-------- C:\Program Files\CE Remote Tools
2008-05-26 16:40:39 0 d-------- C:\Program Files\Microsoft.NET
2008-05-26 16:40:38 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-26 16:36:32 0 d-------- C:\Program Files\Microsoft Web Designer Tools
2008-05-26 16:36:13 0 dr-h----- C:\MSOCache
2008-05-26 16:33:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-26 16:28:41 0 d-------- C:\Program Files\MSBuild
2008-05-26 16:28:26 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-05-26 16:28:12 0 d-------- C:\Program Files\Reference Assemblies
2008-05-26 16:16:57 0 d-------- C:\Program Files\MSXML 6.0
2008-05-19 21:36:57 0 d-------- C:\Documents and Settings\Chris\Application Data\Move Networks

-- Find3M Report ---------------------------------------------------------------

2008-06-13 00:08:38 0 d-------- C:\Program Files\HTV
2008-06-13 00:03:00 0 d-------- C:\Program Files\BPK
2008-06-12 17:32:46 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-03 22:45:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-26 16:45:24 0 d-------- C:\Program Files\Common Files
2008-05-24 14:16:56 0 d-------- C:\Documents and Settings\Chris\Application Data\Adobe
2008-05-10 19:30:41 0 d-------- C:\Program Files\FrostWire
2008-05-10 19:25:18 0 d-------- C:\Program Files\AskSBar
2008-05-02 18:14:24 32 --a------ C:\WINDOWS\VMPipe32.dll
2008-04-14 17:07:14 0 d-------- C:\Program Files\Hacker Evolution

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
05/10/2008 07:25 PM 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [05/10/2008 07:25 PM 267592]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= C:\Program Files\Orbitdownloader\GrabPro.dll [06/10/2008 10:47 AM 457848]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[-HKEY_CLASSES_ROOT\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [01/19/2006 11:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/30/2007 10:45 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]
LimeWire On Startup.lnk - C:\Documents and Settings\Owner\My Documents\LimeWire\LimeWire.exe [8/22/2006 10:45:55 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [6/11/2008 11:19:03 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Music Now]
"C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:_program files_wordperfe3a]
C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch /r="SOFTWARE\Corel\WordPerfect Suite\12"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
C:\Program Files\Common Files\Dell\EUSW\Support.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegSweep]
C:\Program Files\RegSweep\RegSweep.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemWeb]
C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\All Users\Application Data\SystemWeb\SystemWeb.dll" rdl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63e0651d-37d9-11dd-a30b-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB

-- End of Deckard's System Scanner: finished at 2008-06-13 13:43:03 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.60GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 510 MiB / 181.2 MiB
Pagefile Memory (total/avail): 1247.51 MiB / 940.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.02 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 70.97 GiB total, 33.54 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 70.97 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: ZoneAlarm Security Suite Antivirus v7.0.408.000 (Check Point, LTD.) [color=\"RED\"]Disabled[/color] [color=\"RED\"]Outdated[/color]
AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\America Online 9.0\\wEmail Removedexe"="C:\\Program Files\\America Online 9.0\\wEmail Removedexe:*:Enabled:America Online 9.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\\Program Files\\PopCap Games\\BookWorm Deluxe\\BookWorm.exe"="C:\\Program Files\\PopCap Games\\BookWorm Deluxe\\BookWorm.exe:*:Enabled:BookWorm"
"C:\\Program Files\\Yahoo! Games\\Flip Words\\FlipWords.exe"="C:\\Program Files\\Yahoo! Games\\Flip Words\\FlipWords.exe:*:Enabled:FlipWords"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\America Online 9.0\\wEmail Removedexe"="C:\\Program Files\\America Online 9.0\\wEmail Removedexe:*:Enabled:America Online 9.0"
"C:\\Documents and Settings\\Owner\\My Documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Owner\\My Documents\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ÂµTorrent"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chris\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DG72F061
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chris
LOGONSERVER=\\DG72F061
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
TMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
USERDOMAIN=DG72F061
USERNAME=Chris
USERPROFILE=C:\Documents and Settings\Chris
VS90COMNTOOLS=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Owner (admin)
Crystal (admin)
Chris (admin)
Administrator.DG72F061.001 (admin)

-- Add/Remove Programs ---------------------------------------------------------

ÂµTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
Avira AntiVir Personal â€“ Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Crystal Reports Basic for Visual Studio 2008 --> MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
Easy GIF Animator 4.7 --> "C:\Program Files\Easy GIF Animator\unins000.exe"
Easy Gif Animator Extension --> "C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_5031.exe" _?=C:\Program Files\Easy Gif Animator Extension
[censored] Mail Bomber 2.3 --> "C:\Program Files\AntoSoft\[censored] Mail Bomber\unins000.exe"
GrabPro - Toolbar --> regsvr32 /u /s "C:\Program Files\Orbitdownloader\GrabPro.dll"
GTA2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9
Hacker Evolution (1.00.0089) (remove only) --> "C:\Program Files\Hacker Evolution\uninstall.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Chris\Desktop\HijackThis.exe" /uninstall
Java(tm) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.12.6 --> "C:\Documents and Settings\Owner\My Documents\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Device Emulator version 3.0 - ENU --> MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2008 --> C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008 --> MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007 --> MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007 --> MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU --> MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.2 --> MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools --> MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense --> MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools --> MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools --> MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MP3 Player Utilities 4.10 --> MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Opera 9.24 --> MsiExec.exe /X{16913489-B5E3-403E-AFD3-2B19BBE464D4}
Orbit Downloader --> "C:\Program Files\Orbitdownloader\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Visual Studio 2005 Tools for Office Second Edition Runtime --> c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
VoipBuster --> "C:\Program Files\VoipBuster.com\VoipBuster\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Mobile 5.0 SDK R2 for Pocket PC --> MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone --> MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
XML Paper Specification Shared Components Pack 1.0 -->

-- Application Event Log -------------------------------------------------------

Event Record #/Type4585 / Error
Event Submitted/Written: 06/12/2008 11:53:49 AM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Norton WMI Update -- A product that requires Norton WMI Update is still installed on this system.

Event Record #/Type4584 / Warning
Event Submitted/Written: 06/12/2008 11:53:16 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{1526D87C-A955-4FAB-BF18-697BA457E352}', feature 'ccWebWindow' failed during request for component '{EEE2295C-E02C-4CA0-A700-1BF3AFA60DDC}'

Event Record #/Type4583 / Warning
Event Submitted/Written: 06/12/2008 11:53:16 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{1526D87C-A955-4FAB-BF18-697BA457E352}', feature 'Complete', component '{0858BF75-0C73-4EA3-8384-5D66A426A6B9}' failed. The resource 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1526D87C-A955-4FAB-BF18-697BA457E352}\DisplayIcon' does not exist.

Event Record #/Type4581 / Error
Event Submitted/Written: 06/11/2008 00:06:14 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Norton WMI Update -- A product that requires Norton WMI Update is still installed on this system.

Event Record #/Type4580 / Warning
Event Submitted/Written: 06/11/2008 00:05:40 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{1526D87C-A955-4FAB-BF18-697BA457E352}', feature 'ccWebWindow' failed during request for component '{EEE2295C-E02C-4CA0-A700-1BF3AFA60DDC}'

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type7301 / Warning
Event Submitted/Written: 06/13/2008 00:57:58 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type7281 / Warning
Event Submitted/Written: 06/12/2008 11:40:41 PM / 06/12/2008 11:40:42 PM
Event ID/Source: 18 / avgntflt
Event Description:
TIMEOUT<AcroRd32.exe> C:\...5cf844d2\msvcp80.dll

Event Record #/Type7204 / Error
Event Submitted/Written: 06/12/2008 01:24:02 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type7201 / Error
Event Submitted/Written: 06/12/2008 01:10:59 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
KLIF
SAVRTPEL

Event Record #/Type7200 / Error
Event Submitted/Written: 06/12/2008 01:10:06 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

-- End of Deckard's System Scanner: finished at 2008-06-13 13:43:03 ------------

unistall list from hijack this

Adobe Reader 8.1.0
Ask Toolbar
Avira AntiVir Personal â€“ Free Antivirus
Crystal Reports Basic for Visual Studio 2008
Easy GIF Animator 4.7
Easy Gif Animator Extension
[censored] Mail Bomber 2.3
GrabPro - Toolbar
GTA2
Hacker Evolution (1.00.0089) (remove only)
HijackThis 2.0.2
Java(tm) 6 Update 5
LimeWire 4.12.6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Mozilla Firefox (2.0.0.9)
Mozilla Thunderbird (2.0.0.12)
MP3 Player Utilities 4.10
MSXML 6.0 Parser (KB933579)
Opera 9.24
Orbit Downloader
Security Update for Windows XP (KB943460)
SpywareBlaster 4.0
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VoipBuster
Windows Imaging Component
Windows Installer Clean Up
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone

guestolo · « **Reply #16 on:** June 13, 2008, 01:54:12 PM »

I take it your back online in Normal Windows?

I suggest that you do the following
I see the ASK TOOLBAR installed, I don't recommend this toolbar
It get's installed with other software, unless you uncheck it during installation
You must remove it manually

Close down your browser windows
Access your Add and Remove Programs
and Remove Ask toolbar

Please go to Start >> Run and type or copy/paste the following in the run box:

[color=\"#FF0000\"]"%userprofile%\desktop\dss.exe" /daft[/color]
Then press Enter

* Click on the Scan button.
* Select everything it is displaying there
* Click the Fix button.
* Then rescan with DAFT again - it should say now that "All associations are OK"
* Close DAFT if you receive that message. This means that it is fixed now.

Afterwards, you have a lot of invalid entries disabled in msconfig
Can you go to START>>RUN>>type the following

msconfig
Hit OK

When the System Configuration Utility opens
Select NORMAL STARTUP under the General tab
APPLY and CLOSE, but choose NOT to Restart the computer yet

Instead, come back here and run a fresh scan and save logfile with hijackthis and post it's new log
We'll clear some entries this way first, then you can later disable what you prefer

guestolo · « **Reply #17 on:** July 06, 2008, 08:14:05 PM »

I'll lock this topic as your problems appear resolved
Take care

TheTechGuide Forum

News:

Author Topic: connection issue (Read 667 times)

eye_opener

connection issue

guestolo

connection issue

eye_opener

connection issue

guestolo

connection issue

eye_opener

connection issue

guestolo

connection issue

eye_opener

connection issue

guestolo

connection issue

eye_opener

connection issue

guestolo

connection issue

eye_opener

connection issue

guestolo

connection issue

eye_opener

connection issue

guestolo

connection issue

guestolo

connection issue

eye_opener

connection issue

guestolo

connection issue

guestolo

connection issue