PDA

View Full Version : PC has lost Internet Connection


punkfan79
2009-07-18, 18:27
PC has lost Internet connection. It's asking for $50 to install some help for my computer. As you can imagine, I'm skeptical. Any help is greatly appreciated. Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:38 AM, on 7/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\18134064\18134064.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\csrss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com NetAssistant\NetAssistant.dll
R3 - URLSearchHook: (no name) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: C:\WINDOWS\system32\sdcvddd.dll - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\sdcvddd.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Bullseye Tool Bar - {6226BA26-C017-4007-928C-DE9715C6FA67} - C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: The Shield Deluxe 2009 Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\PCSecurityShield\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [cftmon] C:\WINDOWS\system32\eohap.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [18134064] C:\Documents and Settings\All Users.WINDOWS\Application Data\18134064\18134064.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\PCSecurityShield\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\PCSecurityShield\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\Owner\LOCALS~1\Temp\csrss.exe
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\g4gv4y.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\WINDOWS\TEMP\g4gv4y.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows System Recover!] C:\WINDOWS\TEMP\taskmgr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\g4gv4y.exe (User 'Default user')
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exe
O4 - Global Startup: BitComet SpeedUp Pro.lnk = C:\Program Files\BitComet SpeedUp Pro\BitComet SpeedUp Pro.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\sdcvddd.dll
O23 - Service: The Shield Deluxe 2009 Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: The Shield Deluxe 2009 Desktop Update Service (LIVESRV) - PCSecurityShield - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: The Shield Deluxe 2009 Virus Shield (VSSERV) - PCSecurityShield - C:\Program Files\PCSecurityShield\BitDefender 2009\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7762 bytes
Blade81
2009-07-19, 10:34
Hi,

There's infection there. Let's take a closer look.

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.
Blade81
2009-07-27, 23:37
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.