Oorwullie
2007-01-30, 17:27
Recently had a bad problem with my network. It seems i get disconnected anytime i attempt to contact the internet whether it be goin on google or checkin mail. I've done several different anti-virus tests to find that there is somethin nasty lurking in my system volume information. Any time i've attempted to update an anti-virus or anti-spyware program it will not let me stay connected to the update server for more than 2 seconds before disconnecting the internet. I've tried many times to reinstall the drivers for my wireless USB adapter to no avail, so im pretty sure someones got my pc "by the balls" If anyone could offer any advice it would be greatly appreciated.
HJT Log
file of HijackThis v1.99.1
Scan saved at 11:15:48 AM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.torrentleech.org/browse.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6E9EF4A-75C5-4499-AA55-CAAE8A300546}: NameServer = 192.168.0.1,192.168.1.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS.0\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.0\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
HJT Log
HJT Log
file of HijackThis v1.99.1
Scan saved at 11:15:48 AM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.torrentleech.org/browse.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6E9EF4A-75C5-4499-AA55-CAAE8A300546}: NameServer = 192.168.0.1,192.168.1.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS.0\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.0\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
HJT Log