« previous next »
Pages: [1] 2

Author Topic: cannot connect to the internet  (Read 2076 times)

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« on: October 31, 2008, 08:24:43 AM »
I get access to the internet through a small local service provider.  I cannot access the internet from my other computer, a laptop, and my service provider tells me that the reason I cannot do it is because the laptop "starts broadcasting" as soon as it tries to connect, effectively blocking out my connection.  I do not know what this means.  Is there a way for me to get rid of this virus?  Thank you for your help.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cannot connect to the internet
« Reply #1 on: October 31, 2008, 01:56:41 PM »
Can you do the following
Post a Hijackthis log,

You will have to do the following if you don't have Internet connection right now on the laptop
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE this installer to a CDRW or USB thumbdrive or similiar

Transfer it to the desktop of the Laptop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!

You will have to transfer that log to a computer with working Internet connection
A copy of the log should also be found in
C:\Program Files\trend micro folder
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« Reply #2 on: November 02, 2008, 05:48:52 AM »
Thank you for getting back to me. Sorry for the delay in replying, I was travelling. Here is the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:23, on 02-11-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rediff.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B6DB833-A2D2-4AD0-B6E2-E79925B310B9}: NameServer = 192.168.0.1,202.88.130.67,202.88.130.15,202.88.130.5
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Netbooster Client\Client\ventc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6320 bytes

Thanks!
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cannot connect to the internet
« Reply #3 on: November 02, 2008, 10:30:42 AM »
You don't show as a Virus showing
But you have Items disabled with msconfig that prevents me from seeing everything
Can you go back to msconfig
1. Click on the Vista start icon in the bottom left corner of your screen.

2. Type MSCONFIG in the search box and then either press enter on your keyboard or double-click on the MSCONFIG program that appears in the search results.

3. Approve the prompt to continue
follow the on-screen prompts to give Vista permission to continue.

4. Under the General tab select Normal Startup
Apply it and Restart the computer when prompted

Are you then back online?


Can you do the following
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.
  • RIGHT click on RSIT.exe and "Run as Administrator"
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open:  log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
Post both those logs please

NOTE: I see the following installed on your computer
Venturi Wireless

I'm not familiar with the client, whether you can try and disable it and use Windows wireless instead?
Is this something you installed, or was it provided by your Internet Service Provider?
Is the problem your having only Wireless?
Have you tried connecting Wired and see if you have connection
System Req. at their website recommends Service pack 1 for Vista

Additionally: I see remnants of Symantec's on your computer
Did you recently unininstall Norton's AV from your computer and install AVG
Is this when the problems started?
I'm going to suspect a problem with Winsock, but let's see the logs first
Let me know about Venturi also
« Last Edit: November 02, 2008, 11:24:04 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« Reply #4 on: November 02, 2008, 11:53:43 AM »
Thank you for your response again! I will try the MSconfig and get back to you.

Regarding venturi wireless, the only active wireless component on the laptop is what was provided with it, intel r pro wireless 3945BG network connection and that shows up under the HP wireless assistant.

Here I am using a cable to connect to the internet, I do not have a wireless connection. I had Norton on the system but the problems had started even when I used this anti virus, i recently installed AVG and it found some tracking cookies and nothing else.

I use the same cable to access the internet on my other laptop and it has been working perfectly fine. When i try to connect it on the other laptop though, it does connect but when i use firefox or explorer to open any sites it does not work, the number of bytes received and sent stays in the 20k range and does not move at all. I have also noticed the system is hanging a lot and takes a lot of time to respond to any commands.

I will try out the config now and get back to you soon.

Thanks again!
Logged

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« Reply #5 on: November 02, 2008, 12:08:27 PM »
Here is the info:

info.txt logfile of random's system information tool 1.04 2008-11-02 23:14:13

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.EXE -U -IwisR30B7.inf
Creative Jukebox Driver-->C:\Windows\UNWISE.EXE C:\Windows\JB3DRV.LOG
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Creative NOMAD Jukebox Zen Xtra-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}\SETUP.EXE" -l0x9
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9  /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9  /remove
Creative Zen Vision M-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}\SETUP.EXE" -l0x9  /remove
ESU for Microsoft Vista-->MsiExec.exe /X{88A548E6-4B09-43E7-AD55-3C7D1B37706D}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7\UIU32m.EXE -U -IwqcVenz.inf
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9  -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP DVD Play 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe"  -uninstall
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9  -removeonly
HP Help and Support-->MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Photosmart Essential 2.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0082-->MsiExec.exe /I{FCCC555E-166C-426A-A98C-39C80AE7C081}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Network Connections Drivers-->Prounstl.exe
Java(tm) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Administration Utility-->C:\Windows\IsUninst.exe -f"C:\Program Files\LiveUpdate Administration\Uninst.isu" -c"C:\Program Files\LiveUpdate Administration\ISLUA.DLL"
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /X{3FFB3B34-D639-4384-9AE9-DDE58430D86F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Need For Speed III-->C:\Windows\UNINST.EXE -f"C:\Program Files\Electronic Arts\Need For Speed III\DeIsL1.isu" -c"C:\Program Files\Electronic Arts\Need For Speed III\eauninst.dll"
Netbooster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C59FA2E-EEDA-41FA-90AC-F8FCBD032E85}\setup.exe" -l0x9  -vuninstall -removeonly
Nokia Connectivity Cable Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3D249F10-79EC-48D4-93E5-C470ABE523FA}
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
USB to Serial Cable Driver-->C:\Windows\unvise32.exe C:\Program Files\ArkMicro\uninstal.log
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZTE CDMA1X MODEM-->"C:\Program Files\ZTE CDMA1X MODEM\unins000.exe"

======Security center information======

AV: AVG Anti-Virus Free (outdated)
AV: Norton Internet Security (outdated)
FW: Norton Internet Security
AS: AVG Anti-Virus Free (disabled) (outdated)
AS: Windows Defender (outdated)
AS: Norton Internet Security (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OnlineServices"=Online Services
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PCBRAND"=PRESARIO
"PLATFORM"=MCD
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0e0c
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"USERPART"=E:
"windir"=%SystemRoot%

-----------------EOF-----------------
Logged

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« Reply #6 on: November 02, 2008, 12:11:20 PM »
Here is the log file:

Logfile of random's system information tool 1.04 (written by random/random)
Run by sunil at 2008-11-02 23:13:47
Microsoft® Windows Vistaâ„¢ Home Premium  
System drive C: has 103 GB (71%) free of 146 GB
Total RAM: 1013 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:10, on 02-11-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Netbooster Client\Configurator\ventcfg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Users\sunil\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\sunil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rediff.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Netbooster Client\Configurator\ventcfg.exe -nomsgbox
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B6DB833-A2D2-4AD0-B6E2-E79925B310B9}: NameServer = 192.168.0.1,202.88.130.67,202.88.130.15,202.88.130.5
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Netbooster Client\Client\ventc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7939 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{C203164B-CEC6-402C-8F72-1989ACCBF56A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-31 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-05-07 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-31 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-31 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-31 1234712]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-09-13 1006264]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-11 317128]
"Venturi Configurator"=C:\Program Files\Netbooster Client\Configurator\ventcfg.exe [2007-02-05 923272]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-05-07 77824]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-14 159744]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-02-26 133912]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-02-26 138008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-02 472776]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-13 50696]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-02-26 154392]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-08 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-02-22 200704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1093926c-a184-11dc-ba3a-001a6bbe6591}]
shell\Open(&O)\command - RECYCLED\appmgmt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56917166-6fdc-11dc-8b68-001a6bbe6591}]
shell\Open(&O)\command - RECYCLED\appmgmt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60aabc97-87ae-11dc-bb23-001a6bbe6591}]
shell\Open(&O)\command - RECYCLED\appmgmt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fa18d71-ee82-11dc-ae21-001a6bbe6591}]
shell\AutoRun\command - u18vxqle.com
shell\explore\command - u18vxqle.com
shell\open\command - u18vxqle.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c73a9a6-57a1-11dd-bb70-001b2483eae6}]
shell\Auto\command - F:\TunerSetup.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TunerSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f89697-d18a-11dc-9559-001a6bbe6591}]
shell\AutoRun\command - F:\1wod1.com
shell\explore\command - F:\1wod1.com
shell\open\command - F:\1wod1.com


======List of files/folders created in the last 1 months======

2008-11-02 23:13:47 ----D---- C:\rsit
2008-11-02 16:55:44 ----D---- C:\Program Files\Trend Micro
2008-11-02 01:00:00 ----D---- C:\Program Files\Electronic Arts
2008-11-02 00:59:49 ----A---- C:\Windows\uninst.exe
2008-10-31 18:09:14 ----HD---- C:\$AVG8.VAULT$
2008-10-31 17:23:12 ----A---- C:\Windows\system32\avgrsstx.dll
2008-10-31 17:21:52 ----D---- C:\ProgramData\avg8
2008-10-31 17:21:52 ----D---- C:\Program Files\AVG
2008-10-31 17:14:21 ----SHD---- C:\Config.Msi
2008-10-15 00:25:39 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-15 00:25:38 ----A---- C:\Windows\system32\ntoskrnl.exe

======List of files/folders modified in the last 1 months======

2008-11-02 23:14:10 ----D---- C:\Windows\Temp
2008-11-02 23:14:06 ----D---- C:\Windows\Prefetch
2008-11-02 23:11:42 ----D---- C:\Windows\SMINST
2008-11-02 23:08:28 ----D---- C:\Windows\pss
2008-11-02 22:11:36 ----SHD---- C:\System Volume Information
2008-11-02 18:21:58 ----D---- C:\Windows\System32
2008-11-02 18:21:58 ----D---- C:\Windows\inf
2008-11-02 18:21:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-02 16:55:44 ----RD---- C:\Program Files
2008-11-02 16:52:49 ----D---- C:\Windows\system32\catroot2
2008-11-02 02:55:52 ----D---- C:\Windows
2008-10-31 19:15:05 ----D---- C:\ProgramData\Symantec
2008-10-31 17:22:44 ----D---- C:\Windows\system32\drivers
2008-10-31 17:21:52 ----HD---- C:\ProgramData
2008-10-31 17:21:16 ----SHD---- C:\Windows\Installer
2008-10-31 17:21:16 ----D---- C:\Windows\winsxs
2008-10-31 17:20:56 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-31 17:20:15 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-31 17:19:13 ----D---- C:\Program Files\Symantec
2008-10-31 17:19:09 ----D---- C:\Program Files\Common Files
2008-10-31 17:17:45 ----RSD---- C:\Windows\assembly
2008-10-31 17:15:18 ----D---- C:\Windows\Tasks
2008-10-31 17:11:57 ----SD---- C:\Users\sunil\AppData\Roaming\Microsoft
2008-10-28 04:44:39 ----D---- C:\Windows\system32\catroot
2008-10-14 23:58:01 ----D---- C:\Users\sunil\AppData\Roaming\LimeWire
2008-10-08 00:49:40 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-10-31 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-10-31 26824]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2007-09-11 395312]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-16 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 8192]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2007-01-02 80688]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-03-07 14208]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-12-12 148992]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-07 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-07 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-22 1662464]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-09-13 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-07 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-03-07 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 E100B;Intel® PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-22 1662464]
S3 Jukebox3;Jukebox3; C:\Windows\system32\DRIVERS\ctpdusb.sys [2003-10-23 16848]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2007-02-08 1786880]
S3 Nokia USB Generic;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2005-05-27 7288]
S3 Nokia USB Modem;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2005-05-27 11001]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2005-05-27 128295]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\zteusbser.sys [2007-08-20 98432]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-31 231704]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-15 62984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-03 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-15 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 VenturiClient;Venturi Client; C:\Program Files\Netbooster Client\Client\ventc.exe [2007-02-05 2410080]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-28 386560]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-10 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cannot connect to the internet
« Reply #7 on: November 02, 2008, 12:20:46 PM »
So if I understand correctly, Venturi Client was not installed by yourself?
And right now you are wired connection to the laptop?

And you have no Internet connection at all with this laptop, correct?

I see some problems in the RSIT logs, may very well be why you are having connection issues
But answer the above first, so I know what route to take here
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« Reply #8 on: November 02, 2008, 12:24:20 PM »
Just to clarify..I am in India and venturi wireless maybe a part of the wireless data card I use here to connect to the internet at times. When I am not travelling I use the wire to connect to the internet. Venturi wireless shows up under net booster which i think is a part of the data card i use to connect wireless.
Logged

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« Reply #9 on: November 02, 2008, 12:32:12 PM »
Well like i mentioned venturi wireless may very well be a part of the data card used for wireless connection. The laptop i am using now has no problem at all connecting to the net but if i use this cable to connect with the other laptop it does connect but does not open any sites at all. So the internet connection is established but thats it, you cannot surf at all. So one laptop connects and i am able to surf and the other problematic one also connects but you cannot surf.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cannot connect to the internet
« Reply #10 on: November 02, 2008, 12:42:08 PM »
I see Netbooster in your uninstall list, I'm hoping it's not the reason you can't get online wired

But for now, I see other problems in your log
Can you do the following
You will need to download and transfer the following to your laptop

First can you download download Malwarebytes' Anti-Malware from Here or Here
Save the installer to transfer to the laptop without connection

Also, let's ensure MBAM has the latest updates
Go to the following link
http://www.gt500.org/malwarebytes/database.jsp
Download the latest database files >>mbam-rules.exe
save them to tranfer to the laptop

Transfer both installers to your Desktop of the laptop
First Install Malwarebytes' Anti-Malware
At the prompt, Uncheck Both
Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware

I want to ensure MBAM is closed for the next step
Now install mbam-rules.exe

Afterwards: It's possible that an external flash drive(s) you are using
Such as an external thumbdrive are infected
Can you insert any thumbdrive into your laptop, close out any autostart, just leave it inserted for now

RIGHT CLICK on Malwarebytes' Anti-Malware shortcut on your desktop t
Choose to "Run as Administrtator"
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
       
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
       
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
       
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Also, can you run RSIT.exe again and post the log that opens
I don't need to see the minimized one
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« Reply #11 on: November 02, 2008, 03:58:40 PM »
I have installed the malware applications and am running the scan now. Since its almost 2 AM here I will send you the results tomorrow.

Thanks!
Logged

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« Reply #12 on: November 02, 2008, 05:13:02 PM »
The scan using malware just finished, no infections were found. I have attached the log for this and RSIT below. Regarding net booster, i confirmed now that is a part of the software for the data card for wireless internet, Venturi Wireless is a part of that as well. But right now I am only using the wired connection and not wireless.

Log for mbam:

Malwarebytes' Anti-Malware 1.30
Database version: 1348
Windows 6.0.6000

03-11-2008 03:33:45
mbam-log-2008-11-03 (03-33-45).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 139794
Time elapsed: 1 hour(s), 43 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Log for RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by sunil at 2008-11-03 03:36:40
Microsoft® Windows Vistaâ„¢ Home Premium  
System drive C: has 103 GB (71%) free of 146 GB
Total RAM: 1013 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:37:05, on 03-11-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Netbooster Client\Configurator\ventcfg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\sunil\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\sunil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rediff.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Netbooster Client\Configurator\ventcfg.exe -nomsgbox
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B6DB833-A2D2-4AD0-B6E2-E79925B310B9}: NameServer = 192.168.0.1,202.88.130.67,202.88.130.15,202.88.130.5
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Netbooster Client\Client\ventc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7906 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{C203164B-CEC6-402C-8F72-1989ACCBF56A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-31 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-05-07 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-31 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-31 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-31 1234712]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-09-13 1006264]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-11 317128]
"Venturi Configurator"=C:\Program Files\Netbooster Client\Configurator\ventcfg.exe [2007-02-05 923272]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-05-07 77824]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-14 159744]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-02-26 133912]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-02-26 138008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-02 472776]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-13 50696]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-02-26 154392]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-08 44128]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-02-22 200704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1093926c-a184-11dc-ba3a-001a6bbe6591}]
shell\Open(&O)\command - RECYCLED\appmgmt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56917166-6fdc-11dc-8b68-001a6bbe6591}]
shell\Open(&O)\command - RECYCLED\appmgmt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60aabc97-87ae-11dc-bb23-001a6bbe6591}]
shell\Open(&O)\command - RECYCLED\appmgmt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fa18d71-ee82-11dc-ae21-001a6bbe6591}]
shell\AutoRun\command - u18vxqle.com
shell\explore\command - u18vxqle.com
shell\open\command - u18vxqle.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c73a9a6-57a1-11dd-bb70-001b2483eae6}]
shell\Auto\command - F:\TunerSetup.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TunerSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f89697-d18a-11dc-9559-001a6bbe6591}]
shell\AutoRun\command - F:\1wod1.com
shell\explore\command - F:\1wod1.com
shell\open\command - F:\1wod1.com


======List of files/folders created in the last 3 months======

2008-11-03 01:29:38 ----D---- C:\Users\sunil\AppData\Roaming\Malwarebytes
2008-11-03 01:29:31 ----D---- C:\ProgramData\Malwarebytes
2008-11-03 01:29:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-02 23:13:47 ----D---- C:\rsit
2008-11-02 16:55:44 ----D---- C:\Program Files\Trend Micro
2008-11-02 01:00:00 ----D---- C:\Program Files\Electronic Arts
2008-11-02 00:59:49 ----A---- C:\Windows\uninst.exe
2008-10-31 18:09:14 ----HD---- C:\$AVG8.VAULT$
2008-10-31 17:23:12 ----A---- C:\Windows\system32\avgrsstx.dll
2008-10-31 17:21:52 ----D---- C:\ProgramData\avg8
2008-10-31 17:21:52 ----D---- C:\Program Files\AVG
2008-10-31 17:14:21 ----SHD---- C:\Config.Msi
2008-10-15 00:25:39 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-15 00:25:38 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-09-25 22:29:15 ----A---- C:\Windows\system32\wups2.dll
2008-09-25 22:29:15 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-25 22:29:14 ----A---- C:\Windows\system32\wucltux.dll
2008-09-25 22:29:14 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-25 22:28:13 ----A---- C:\Windows\system32\wups.dll
2008-09-25 22:28:13 ----A---- C:\Windows\system32\wudriver.dll
2008-09-25 22:28:13 ----A---- C:\Windows\system32\wuapi.dll
2008-09-25 22:27:54 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-25 22:27:54 ----A---- C:\Windows\system32\wuapp.exe
2008-09-21 00:37:35 ----A---- C:\Windows\system32\gameux.dll
2008-09-21 00:37:33 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-21 00:37:31 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-13 22:23:58 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-06 00:44:04 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-09-06 00:44:02 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-09-06 00:43:37 ----A---- C:\Windows\system32\NlsData0009.dll
2008-09-06 00:43:37 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-09-06 00:43:36 ----A---- C:\Windows\system32\NlsData000c.dll
2008-09-06 00:43:35 ----A---- C:\Windows\system32\NlsData000a.dll
2008-09-06 00:43:34 ----A---- C:\Windows\system32\NlsData000d.dll
2008-09-06 00:43:33 ----A---- C:\Windows\system32\NlsData0027.dll
2008-09-06 00:43:33 ----A---- C:\Windows\system32\NlsData0011.dll
2008-09-06 00:43:33 ----A---- C:\Windows\system32\NlsData0001.dll
2008-09-06 00:43:30 ----A---- C:\Windows\system32\NlsData0007.dll
2008-09-06 00:43:29 ----A---- C:\Windows\system32\NlsData003e.dll
2008-09-06 00:43:28 ----A---- C:\Windows\system32\NlsData002a.dll
2008-09-06 00:43:28 ----A---- C:\Windows\system32\NlsData0022.dll
2008-09-06 00:43:28 ----A---- C:\Windows\system32\NlsData0021.dll
2008-09-06 00:43:28 ----A---- C:\Windows\system32\NlsData0002.dll
2008-09-06 00:43:27 ----A---- C:\Windows\system32\NlsData0024.dll
2008-09-06 00:43:27 ----A---- C:\Windows\system32\NlsData001a.dll
2008-09-06 00:43:27 ----A---- C:\Windows\system32\NlsData0018.dll
2008-09-06 00:43:27 ----A---- C:\Windows\system32\NlsData000f.dll
2008-09-06 00:43:26 ----A---- C:\Windows\system32\NlsData0019.dll
2008-09-06 00:43:25 ----A---- C:\Windows\system32\NlsData001d.dll
2008-09-06 00:43:25 ----A---- C:\Windows\system32\NlsData0010.dll
2008-09-06 00:43:24 ----A---- C:\Windows\system32\NlsData0816.dll
2008-09-06 00:43:23 ----A---- C:\Windows\system32\NlsData0013.dll
2008-09-06 00:43:21 ----A---- C:\Windows\system32\NlsData0049.dll
2008-09-06 00:43:21 ----A---- C:\Windows\system32\NlsData0039.dll
2008-09-06 00:43:20 ----A---- C:\Windows\system32\NlsData0020.dll
2008-09-06 00:43:19 ----A---- C:\Windows\system32\NlsData0416.dll
2008-09-06 00:43:18 ----A---- C:\Windows\system32\NlsData0414.dll
2008-09-06 00:43:17 ----A---- C:\Windows\system32\NlsData004c.dll
2008-09-06 00:43:17 ----A---- C:\Windows\system32\NlsData004a.dll
2008-09-06 00:43:17 ----A---- C:\Windows\system32\NlsData0047.dll
2008-09-06 00:43:16 ----A---- C:\Windows\system32\NlsData081a.dll
2008-09-06 00:43:15 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-09-06 00:43:15 ----A---- C:\Windows\system32\NlsData001b.dll
2008-09-06 00:43:15 ----A---- C:\Windows\system32\NlsData0000.dll
2008-09-06 00:43:14 ----A---- C:\Windows\system32\NlsData004b.dll
2008-09-06 00:43:14 ----A---- C:\Windows\system32\NlsData0046.dll
2008-09-06 00:43:14 ----A---- C:\Windows\system32\NlsData0045.dll
2008-09-06 00:43:13 ----A---- C:\Windows\system32\NlsData004e.dll
2008-09-06 00:43:13 ----A---- C:\Windows\system32\NlsData0026.dll
2008-09-06 00:43:13 ----A---- C:\Windows\system32\NlsData0003.dll
2008-09-06 00:42:44 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-09-06 00:42:43 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-09-06 00:42:42 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-09-06 00:42:41 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-09-06 00:42:40 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-09-06 00:42:38 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-09-06 00:42:37 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-09-06 00:42:36 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-09-06 00:42:35 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-09-06 00:42:33 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-09-06 00:42:32 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-09-06 00:42:31 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-09-06 00:42:29 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-09-06 00:42:29 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-09-06 00:42:28 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-09-06 00:42:27 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-09-06 00:42:26 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-09-06 00:42:25 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-09-06 00:42:23 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-09-06 00:42:22 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-09-06 00:42:21 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-09-06 00:42:21 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-09-06 00:42:20 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-09-06 00:42:18 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-09-06 00:42:17 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-09-06 00:42:15 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-09-06 00:42:14 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-09-06 00:42:13 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-09-06 00:42:12 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-09-06 00:42:12 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-09-06 00:42:12 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-09-06 00:42:11 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-09-06 00:42:11 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-09-06 00:42:11 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-09-06 00:42:10 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-09-06 00:42:10 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-09-06 00:42:09 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-09-06 00:42:09 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-09-02 17:09:26 ----A---- C:\Windows\system32\tzres.dll
2008-09-02 16:51:28 ----A---- C:\Windows\system32\mshtml.dll
2008-09-02 16:51:26 ----A---- C:\Windows\system32\ieframe.dll
2008-09-02 16:51:25 ----A---- C:\Windows\system32\urlmon.dll
2008-09-02 16:51:24 ----A---- C:\Windows\system32\wininet.dll
2008-09-02 16:51:23 ----A---- C:\Windows\system32\mshtmled.dll
2008-09-02 16:51:22 ----A---- C:\Windows\system32\mstime.dll
2008-09-02 16:51:22 ----A---- C:\Windows\system32\ieui.dll
2008-09-02 16:51:22 ----A---- C:\Windows\system32\ieapfltr.dll
2008-09-02 16:51:22 ----A---- C:\Windows\system32\ie4uinit.exe
2008-09-02 16:51:22 ----A---- C:\Windows\system32\advpack.dll
2008-09-02 16:51:21 ----A---- C:\Windows\system32\pngfilt.dll
2008-09-02 16:51:21 ----A---- C:\Windows\system32\jsproxy.dll
2008-09-02 16:51:21 ----A---- C:\Windows\system32\ieUnatt.exe
2008-09-02 16:51:21 ----A---- C:\Windows\system32\iesetup.dll
2008-09-02 16:51:21 ----A---- C:\Windows\system32\iernonce.dll
2008-09-02 16:51:21 ----A---- C:\Windows\system32\icardie.dll
2008-09-02 16:51:21 ----A---- C:\Windows\system32\dxtrans.dll
2008-09-02 16:51:21 ----A---- C:\Windows\system32\dxtmsft.dll
2008-09-02 16:46:34 ----A---- C:\Windows\system32\winipsec.dll
2008-09-02 16:46:34 ----A---- C:\Windows\system32\polstore.dll
2008-09-02 16:46:34 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-09-02 16:46:34 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-09-02 16:46:28 ----A---- C:\Windows\system32\INETRES.dll
2008-09-02 16:46:28 ----A---- C:\Windows\system32\inetcomm.dll
2008-09-02 16:39:28 ----A---- C:\Windows\system32\es.dll

======List of files/folders modified in the last 3 months======

2008-11-03 03:37:04 ----D---- C:\Windows\Temp
2008-11-03 02:26:52 ----D---- C:\Windows\Prefetch
2008-11-03 01:30:51 ----D---- C:\Windows\system32\drivers
2008-11-03 01:29:31 ----RD---- C:\Program Files
2008-11-03 01:29:31 ----HD---- C:\ProgramData
2008-11-03 01:28:55 ----D---- C:\Windows\System32
2008-11-03 01:28:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-03 01:28:54 ----D---- C:\Windows\inf
2008-11-03 01:24:25 ----D---- C:\Windows\SMINST
2008-11-02 23:08:28 ----D---- C:\Windows\pss
2008-11-02 22:11:36 ----SHD---- C:\System Volume Information
2008-11-02 16:52:49 ----D---- C:\Windows\system32\catroot2
2008-11-02 02:55:52 ----D---- C:\Windows
2008-10-31 19:15:05 ----D---- C:\ProgramData\Symantec
2008-10-31 17:21:16 ----SHD---- C:\Windows\Installer
2008-10-31 17:21:16 ----D---- C:\Windows\winsxs
2008-10-31 17:20:56 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-31 17:20:15 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-31 17:19:13 ----D---- C:\Program Files\Symantec
2008-10-31 17:19:09 ----D---- C:\Program Files\Common Files
2008-10-31 17:17:45 ----RSD---- C:\Windows\assembly
2008-10-31 17:15:18 ----D---- C:\Windows\Tasks
2008-10-31 17:11:57 ----SD---- C:\Users\sunil\AppData\Roaming\Microsoft
2008-10-28 04:44:39 ----D---- C:\Windows\system32\catroot
2008-10-14 23:58:01 ----D---- C:\Users\sunil\AppData\Roaming\LimeWire
2008-10-08 00:49:40 ----A---- C:\Windows\system32\mrt.exe
2008-10-01 19:39:09 ----D---- C:\Windows\system32\en-US
2008-09-21 01:30:19 ----D---- C:\Windows\AppPatch
2008-09-06 22:40:00 ----D---- C:\Windows\ehome
2008-09-04 23:22:50 ----D---- C:\Program Files\Mozilla Firefox
2008-09-02 22:51:54 ----D---- C:\Program Files\Internet Explorer
2008-09-02 22:51:53 ----D---- C:\Windows\system32\migration
2008-09-02 17:07:46 ----D---- C:\Program Files\Windows Mail
2008-09-01 18:05:30 ----D---- C:\Users\sunil\AppData\Roaming\Creative
2008-09-01 17:59:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-01 17:55:45 ----D---- C:\Program Files\Creative

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-10-31 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-10-31 26824]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2007-09-11 395312]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-16 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 8192]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2007-01-02 80688]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-03-07 14208]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-12-12 148992]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-07 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-07 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-22 1662464]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-09-13 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-07 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-03-07 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 E100B;Intel® PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-22 1662464]
S3 Jukebox3;Jukebox3; C:\Windows\system32\DRIVERS\ctpdusb.sys [2003-10-23 16848]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2007-02-08 1786880]
S3 Nokia USB Generic;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2005-05-27 7288]
S3 Nokia USB Modem;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2005-05-27 11001]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2005-05-27 128295]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\zteusbser.sys [2007-08-20 98432]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-31 231704]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-15 62984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-03 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-15 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 VenturiClient;Venturi Client; C:\Program Files\Netbooster Client\Client\ventc.exe [2007-02-05 2410080]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-28 386560]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-10 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cannot connect to the internet
« Reply #13 on: November 02, 2008, 07:00:03 PM »
Can you try the following

Download a couple tools and transfer them to the laptop's desktop
Don't run them from a USB thumbdrive, etc

Download the Norton Removal tool from Step 3
from the following link
http://service1.symantec.com/SUPPORT/norto...&view=docid

Transfer it to the desktop of the laptop

In addition:
Download this file - Combofix.exe and tranfer it  ONLY to your desktop of the laptop

Right click on the Norton Removal tool on desktop and "run as Administrator"
Follow the prompts, reboot when prompted

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix
open the AVG Control Center program -> double-click on the "AVG Resident Shield" component by the clock -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from ComboFix and include a fresh Hijackthis log
Let me know if your now back online, this may help narrow it down
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« Reply #14 on: November 03, 2008, 04:47:26 AM »
Here is the log for combofix:

ComboFix 08-11-02.04 - sunil 2008-11-03 15:00:10.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium   6.0.6000.0.1252.1.1033.18.364 [GMT 5.5:30]
Running from: C:\Users\sunil\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64

.
(((((((((((((((((((((((((   Files Created from 2008-10-03 to 2008-11-03  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 09:16    ---------    d-----w    C:\Program Files\Common Files\Symantec Shared
2008-11-03 09:13    ---------    d-----w    C:\ProgramData\NortonInstaller
2008-11-02 20:00    ---------    d-----w    C:\Program Files\Malwarebytes' Anti-Malware
2008-11-02 19:59    ---------    d-----w    C:\Users\sunil\AppData\Roaming\Malwarebytes
2008-11-02 19:59    ---------    d-----w    C:\ProgramData\Malwarebytes
2008-11-02 11:25    ---------    d-----w    C:\Program Files\Trend Micro
2008-11-01 19:30    ---------    d-----w    C:\Program Files\Electronic Arts
2008-10-31 11:53    10,520    ----a-w    C:\Windows\System32\avgrsstx.dll
2008-10-31 11:52    97,928    ----a-w    C:\Windows\system32\drivers\avgldx86.sys
2008-10-31 11:51    ---------    d-----w    C:\ProgramData\avg8
2008-10-31 11:51    ---------    d-----w    C:\Program Files\AVG
2008-10-22 10:40    38,496    ----a-w    C:\Windows\system32\drivers\mbamswissarmy.sys
2008-10-22 10:40    15,504    ----a-w    C:\Windows\system32\drivers\mbam.sys
2008-10-14 18:28    ---------    d-----w    C:\Users\sunil\AppData\Roaming\LimeWire
2008-09-18 04:35    3,505,208    ----a-w    C:\Windows\System32\ntkrnlpa.exe
2008-09-18 04:35    3,470,904    ----a-w    C:\Windows\System32\ntoskrnl.exe
2008-07-17 17:07    174    --sha-w    C:\Program Files\desktop.ini
2008-03-14 17:07    4,506,256    ----a-w    C:\Users\sunil\LimeWireWin.exe
2008-04-27 16:47    16,384    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-27 16:47    32,768    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-27 16:47    16,384    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-09-27 17:34    22    --sha-w    C:\Windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-31 1234712]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 317128]
"Venturi Configurator"="C:\Program Files\Netbooster Client\Configurator\ventcfg.exe" [2007-02-05 923272]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-05-07 77824]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-14 159744]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-02-26 133912]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-02-26 138008]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-02 472776]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-13 50696]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-02-26 154392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-08 44128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CB3978FB-F35C-46AC-A5A6-B4E668379EBB}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{C20B22A1-85AA-4701-8F7D-E3433BF407B0}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{114D994F-2081-4DD3-95FC-661AC929A3A4}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{B86011A9-F95C-4F7C-8372-ABCBF00E3DD8}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{5DDD1ED1-51C5-4344-92EB-B98098202725}"= UDP:C:\Users\sunil\Desktop\LimeWire\LimeWire.exe:LimeWire
"{0106340B-7AC4-4543-A7F8-C3D2F891E7C1}"= TCP:C:\Users\sunil\Desktop\LimeWire\LimeWire.exe:LimeWire
"{F5BDE7C9-41AE-4097-94DE-5361C16F93E9}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8ADD27E4-6B37-4E69-A854-96A4AECE6F2B}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4C46E6C7-675A-425A-8686-29D2E5E8A3C1}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B284396E-7480-4B47-8636-DF412D59DB76}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{61532E5F-9C12-4281-BE4C-C9EE48F331D5}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{5CFD0BB4-7DA6-4613-B1D0-75264F1C39AE}"= UDP:C:\Users\sunil\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{7FF742D7-1BC0-4D79-ACA1-F87D82CF5806}"= TCP:C:\Users\sunil\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-10-31 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-31 231704]
R2 VenturiClient;Venturi Client;C:\Program Files\Netbooster Client\Client\ventc.exe [2007-02-05 2410080]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\DRIVERS\btwavdt.sys [2007-01-02 80688]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;C:\Windows\system32\DRIVERS\zteusbser.sys [2007-08-20 98432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1093926c-a184-11dc-ba3a-001a6bbe6591}]
\Shell\Open(&O)\command - RECYCLED\appmgmt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56917166-6fdc-11dc-8b68-001a6bbe6591}]
\Shell\Open(&O)\command - RECYCLED\appmgmt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60aabc97-87ae-11dc-bb23-001a6bbe6591}]
\Shell\Open(&O)\command - RECYCLED\appmgmt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fa18d71-ee82-11dc-ae21-001a6bbe6591}]
\shell\AutoRun\command - u18vxqle.com
\shell\explore\Command - u18vxqle.com
\shell\open\Command - u18vxqle.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c73a9a6-57a1-11dd-bb70-001b2483eae6}]
\shell\Auto\command - F:\TunerSetup.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TunerSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f89697-d18a-11dc-9559-001a6bbe6591}]
\shell\AutoRun\command - F:\1wod1.com
\shell\explore\Command - F:\1wod1.com
\shell\open\Command - F:\1wod1.com

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-03 C:\Windows\Tasks\User_Feed_Synchronization-{C203164B-CEC6-402C-8F72-1989ACCBF56A}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 15:15]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\sunil\AppData\Roaming\Mozilla\Firefox\Profiles\usdxb4q5.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 15:04:56
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-03 15:07:09
ComboFix-quarantined-files.txt  2008-11-03 09:37:02

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 108,721,770,496 bytes free

146    --- E O F ---    2008-10-27 23:14:43
Logged

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« Reply #15 on: November 03, 2008, 04:48:53 AM »
Here is the new log for hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:00, on 03-11-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Netbooster Client\Configurator\ventcfg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rediff.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Netbooster Client\Configurator\ventcfg.exe -nomsgbox
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B6DB833-A2D2-4AD0-B6E2-E79925B310B9}: NameServer = 192.168.0.1,202.88.130.67,202.88.130.15,202.88.130.5
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Netbooster Client\Client\ventc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6492 bytes
Logged

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« Reply #16 on: November 03, 2008, 06:38:09 AM »
I tried to connect to the internet today after all the scans but again same problem, the connection is established but I am unable to surf. It does not open any websites. i also noticed that LAN was disabled but after enabling it the connection got established and thats it. The bytes sent and received were between 16-17k.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cannot connect to the internet
« Reply #17 on: November 03, 2008, 09:50:03 AM »
Can you do the following
    * Please download Flash_Disinfector and save it to the laptops desktop
   
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]File::
F:\TunerSetup.exe
F:\1wod1.com
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000000
"InternetSettingsDisableNotify"=dword:00000000
"AutoUpdateDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5CFD0BB4-7DA6-4613-B1D0-75264F1C39AE}"=-
"{7FF742D7-1BC0-4D79-ACA1-F87D82CF5806}"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1093926c-a184-11dc-ba3a-001a6bbe6591}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56917166-6fdc-11dc-8b68-001a6bbe6591}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60aabc97-87ae-11dc-bb23-001a6bbe6591}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fa18d71-ee82-11dc-ae21-001a6bbe6591}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c73a9a6-57a1-11dd-bb70-001b2483eae6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f89697-d18a-11dc-9559-001a6bbe6591}]

[/color]
Save this as txtfile on your laptops desktop, with the exact name of
CFScript

* Right click on Flash_Disinfector.exe and select Run As Administrator to run it. If you receive a prompt, please allow it.
    * You will be prompted to plug in your flash drive. Plug it in.
    * Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
    * When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
    * Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Leave any flash drive or external harddrives connected
Then

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the same name C:\ComboFix.txt..

I'll need to see that log again later

A troubleshooting step
Can you boot to "Safe Mode with Networking"
Tap the F8 key as the system is restarting to get you to the Advanced options menu
and select "Safe mode with Networking"
are you able to access the Net?

Another troubleshooting step, just to help narrow it down
Can you uninstall AVG8, as it didn't appear to be running properly from your first logs
After removal, reboot the computer
Any luck?
If not, we'll check DNS server addy's and possibly a conflict with Netbooster

Please post the new Combofix log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« Reply #18 on: November 03, 2008, 12:25:04 PM »
I tried to run the flash disinfector on the laptop but the program does not run. Each time I click on it and allow the program, a few minutes later a window pops up saying program may not have installed correctly and gives me 2 options: 1. to re install and 2nd says program is installed correctly. But if i choose the 2nd option it does not work.

Also today I tried working on that laptop using my data card and I was able to connect and surf without any problems! But when i tried using the cable I had the same problem, connection established but no surfing was possible. My ISP customer service person also came today for a regular check and said the same thing , laptop has a problem and is broadcasting. And then i did see, when the connection to the net is established using the cable even though no programs are running, the number of bytes sent and received keeps going up. So he says thats what shows some program is sending data each time you connect to the internet and is choking the connection.

I also downloaded the flash disinfector using the data card directly onto the problematic laptop but still the flash disinfector did not work and gave the same error.

I have removed AVG and then tried connecting but had the same problem.

I started the laptop in safe mode with networking but i cant even connect to the internet in it as it says no broadband connection found and it does not let me set up a connection either.

Let me know what to do since flash disinfectant is not working on it.

I have a desktop as well and have problems on that as well. I will start a new thread for it. Would be great if you could help me clean that up as well!

Thanks a ton for all your help!
Logged

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
cannot connect to the internet
« Reply #19 on: November 03, 2008, 12:51:05 PM »
I anyway ran a scan with combofix again after doing the drag and drop of that file. Here it is :

ComboFix 08-11-02.04 - sunil 2008-11-03 23:10:36.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium   6.0.6000.0.1252.1.1033.18.447 [GMT 5.5:30]
Running from: C:\Users\sunil\Desktop\ComboFix.exe
Command switches used :: C:\Users\sunil\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
F:\1wod1.com
F:\TunerSetup.exe
.

(((((((((((((((((((((((((   Files Created from 2008-10-03 to 2008-11-03  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 09:16    ---------    d-----w    C:\Program Files\Common Files\Symantec Shared
2008-11-03 09:13    ---------    d-----w    C:\ProgramData\NortonInstaller
2008-11-02 20:00    ---------    d-----w    C:\Program Files\Malwarebytes' Anti-Malware
2008-11-02 19:59    ---------    d-----w    C:\Users\sunil\AppData\Roaming\Malwarebytes
2008-11-02 19:59    ---------    d-----w    C:\ProgramData\Malwarebytes
2008-11-02 11:25    ---------    d-----w    C:\Program Files\Trend Micro
2008-11-01 19:30    ---------    d-----w    C:\Program Files\Electronic Arts
2008-10-31 11:51    ---------    d-----w    C:\Program Files\AVG
2008-10-22 10:40    38,496    ----a-w    C:\Windows\system32\drivers\mbamswissarmy.sys
2008-10-22 10:40    15,504    ----a-w    C:\Windows\system32\drivers\mbam.sys
2008-10-14 18:28    ---------    d-----w    C:\Users\sunil\AppData\Roaming\LimeWire
2008-09-18 04:35    3,505,208    ----a-w    C:\Windows\System32\ntkrnlpa.exe
2008-09-18 04:35    3,470,904    ----a-w    C:\Windows\System32\ntoskrnl.exe
2008-07-17 17:07    174    --sha-w    C:\Program Files\desktop.ini
2008-03-14 17:07    4,506,256    ----a-w    C:\Users\sunil\LimeWireWin.exe
2008-04-27 16:47    16,384    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-27 16:47    32,768    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-27 16:47    16,384    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-09-27 17:34    22    --sha-w    C:\Windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-11-03_15.06.26.84   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-03 09:17:11    1,660    ----a-w    C:\Windows\bthservsdp.dat
+ 2008-11-03 17:16:18    1,660    ----a-w    C:\Windows\bthservsdp.dat
- 2008-11-01 21:26:26    51,200    ----a-w    C:\Windows\inf\infpub.dat
+ 2008-11-03 17:11:55    51,200    ----a-w    C:\Windows\inf\infpub.dat
- 2008-11-01 21:26:26    86,016    ----a-w    C:\Windows\inf\infstrng.dat
+ 2008-11-03 17:11:54    86,016    ----a-w    C:\Windows\inf\infstrng.dat
- 2008-11-03 09:18:05    2,048    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-03 17:26:04    2,048    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-03 09:18:05    2,048    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-03 17:26:04    2,048    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-03 09:20:26    262,144    --sha-w    C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-11-03 17:28:13    262,144    --sha-w    C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-11-03 17:28:13    262,144    ---ha-w    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-03 09:20:57    262,144    --sha-w    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-11-03 17:28:44    262,144    --sha-w    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-11-03 17:28:44    262,144    ---ha-w    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-02 12:47:33    16,384    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-03 13:42:08    16,384    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-02 12:47:33    32,768    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-03 13:42:08    32,768    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-02 12:47:33    16,384    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-03 13:42:08    16,384    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-03 13:59:11    2,456    ----a-w    C:\Windows\System32\networklist\icons\{C7E7006D-6270-458A-90E3-EDEC83296DEE}_24.bin
+ 2008-11-03 13:59:11    4,280    ----a-w    C:\Windows\System32\networklist\icons\{C7E7006D-6270-458A-90E3-EDEC83296DEE}_32.bin
+ 2008-11-03 13:59:11    9,560    ----a-w    C:\Windows\System32\networklist\icons\{C7E7006D-6270-458A-90E3-EDEC83296DEE}_48.bin
+ 2008-11-03 13:33:16    2,456    ----a-w    C:\Windows\System32\networklist\icons\{CABB3DE3-FE77-4DDD-9F17-472F5B1646CB}_24.bin
+ 2008-11-03 13:33:16    4,280    ----a-w    C:\Windows\System32\networklist\icons\{CABB3DE3-FE77-4DDD-9F17-472F5B1646CB}_32.bin
+ 2008-11-03 13:33:16    9,560    ----a-w    C:\Windows\System32\networklist\icons\{CABB3DE3-FE77-4DDD-9F17-472F5B1646CB}_48.bin
- 2008-11-03 09:23:16    108,526    ----a-w    C:\Windows\System32\perfc009.dat
+ 2008-11-03 17:31:08    108,526    ----a-w    C:\Windows\System32\perfc009.dat
- 2008-11-03 09:23:16    623,342    ----a-w    C:\Windows\System32\perfh009.dat
+ 2008-11-03 17:31:08    623,342    ----a-w    C:\Windows\System32\perfh009.dat
- 2008-10-31 11:51:07    6,291,456    ----a-w    C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-11-03 15:35:54    6,291,456    ----a-w    C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-11-03 09:20:29    9,346    ----a-w    C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2410051080-4086888286-96072662-1000_UserData.bin
+ 2008-11-03 17:28:32    9,672    ----a-w    C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2410051080-4086888286-96072662-1000_UserData.bin
- 2008-11-03 09:20:29    72,154    ----a-w    C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-03 17:28:32    72,408    ----a-w    C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-03 09:20:27    39,478    ----a-w    C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-03 17:28:31    40,206    ----a-w    C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-02 16:12:16    286,186    ----a-w    C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-11-03 13:27:56    287,284    ----a-w    C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-10-31 11:51:16    127,229,525    ----a-w    C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-11-03 15:29:00    135,362,018    ----a-w    C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-02-22 05:01:41    64,512    ----a-w    C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\WininetPlugin.dll
+ 2007-09-13 02:21:28    2,455,488    ----a-w    C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585\ieapfltr.dat
+ 2007-09-13 02:21:28    2,455,488    ----a-w    C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3\ieapfltr.dat
+ 2008-01-19 07:34:31    180,736    ----a-w    C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec\ieui.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 317128]
"Venturi Configurator"="C:\Program Files\Netbooster Client\Configurator\ventcfg.exe" [2007-02-05 923272]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-05-07 77824]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-14 159744]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-02-26 133912]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-02-26 138008]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-02 472776]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-13 50696]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-02-26 154392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-08 44128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CB3978FB-F35C-46AC-A5A6-B4E668379EBB}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{C20B22A1-85AA-4701-8F7D-E3433BF407B0}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{114D994F-2081-4DD3-95FC-661AC929A3A4}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{B86011A9-F95C-4F7C-8372-ABCBF00E3DD8}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{5DDD1ED1-51C5-4344-92EB-B98098202725}"= UDP:C:\Users\sunil\Desktop\LimeWire\LimeWire.exe:LimeWire
"{0106340B-7AC4-4543-A7F8-C3D2F891E7C1}"= TCP:C:\Users\sunil\Desktop\LimeWire\LimeWire.exe:LimeWire
"{F5BDE7C9-41AE-4097-94DE-5361C16F93E9}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8ADD27E4-6B37-4E69-A854-96A4AECE6F2B}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4C46E6C7-675A-425A-8686-29D2E5E8A3C1}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B284396E-7480-4B47-8636-DF412D59DB76}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 VenturiClient;Venturi Client;C:\Program Files\Netbooster Client\Client\ventc.exe [2007-02-05 2410080]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\DRIVERS\btwavdt.sys [2007-01-02 80688]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;C:\Windows\system32\DRIVERS\zteusbser.sys [2007-08-20 98432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
.
Contents of the 'Scheduled Tasks' folder

2008-11-03 C:\Windows\Tasks\User_Feed_Synchronization-{C203164B-CEC6-402C-8F72-1989ACCBF56A}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 15:15]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 23:15:12
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-03 23:17:29
ComboFix-quarantined-files.txt  2008-11-03 17:47:13
ComboFix2.txt  2008-11-03 09:37:10

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 108,401,790,976 bytes free

155    --- E O F ---    2008-10-27 23:14:43
Logged
Pages: [1] 2
« previous next »