Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Possible Infection, blocked internet downloads

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Possible Infection, blocked internet downloads

Unread postby Garfielduk » March 9th, 2008, 2:08 pm

Sorry but not sure of infection but am suspicious becuase of the following :

Zonealarm client will not update Antivirus but will update Anti spyware
Wireless connection to internet is fine and google homepage appears fairly quickly as do home pages of other sites e.g. Merijn.org
Try and download anything at all and it is slower than a perverbial snail and would take 2 days to do something that should take 5 minutes

Found a line in zonealarm program control that said "Remove Serivce" notice the spelling error of service and the properties calls it RemSvc

Oh by the way I have cleaned up some items using CCleaner and wanted to use Spybot but could not get it installed off a copy I did to CD from my other pc

Son has Guild Wars installed, not sure if this is a contributor to problems :?

Anyway here is my HJT Log, hope someone can help on this - am writing this from my other computer (the one not working is my sons and he's going mad )

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:42, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1445269031
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 2951 bytes


Thanks to any of the Experts who may respond
User avatar
Garfielduk
Regular Member
 
Posts: 21
Joined: February 21st, 2006, 5:48 am
Top
Advertisement
Register to Remove

Re: Possible Infection, blocked internet downloads

Unread postby Carolyn » March 12th, 2008, 2:17 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please reply to this thread, do not start another.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

As I am still in training, everything that I post to you must be checked by one of the teachers. Thus, there may be a bit of a delay between posts, but it shouldn't be too long.

If you follow these instructions, everything should go smoothly.

we are currently looking at your log now and will be back as soon as possible with your instructions.
while you are waiting one other thing that can be of good use is an uninstall list so please do the following

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Top

Re: Possible Infection, blocked internet downloads

Unread postby Carolyn » March 12th, 2008, 3:32 pm

Rename HijackThis.exe to bluedog.exe by doing the following;

  • Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
  • Right-click on the HijackThis.exe
  • Choose from the pull-down menu; "Rename"
  • And now Rename HijackThis.exe to bluedog.exe
  • When you've renamed HijackThis, open HijackThis again.
  • Take a fresh HijackThis log (click Do a system scan and save a log file)
  • Post the fresh HijackThis log here along with the uninstall list I requested in my previous post.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Top

Re: Possible Infection, blocked internet downloads

Unread postby Garfielduk » March 12th, 2008, 4:32 pm

Hi Carolyn,

Thanks for coming to my rescue :D

Here is the first item you asked for, the uninstall list

Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 7.0
ASUS WLAN Card Utilities/Driver
Crysis(R)
FireWarrior
GameSpy Arcade
Guild Wars
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Microsoft .NET Framework 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB936181)
muveeNow 2.1
NVIDIA Drivers
NVIDIA WDM Drivers
PunkBuster Services
RealPlayer
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
VIA Rhine-Family Fast Ethernet Adapter
ViewSonic Monitor Drivers
ViewSonic Windows XP Signed Files
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Xbox 360 Controller for Windows
XpertVision 5.5
ZoneAlarm Security Suite

And here is the New Hijack this log file after renaming the program:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:39, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\bluedog.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1445269031
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3791 bytes

Why did you rename the HJT program file ?

Thanks

Gary
User avatar
Garfielduk
Regular Member
 
Posts: 21
Joined: February 21st, 2006, 5:48 am
Top

Re: Possible Infection, blocked internet downloads

Unread postby Carolyn » March 13th, 2008, 3:54 pm

Hi Gary,

Why did you rename the HJT program file ?


Some malware recognizes the name HijackThis and eludes the scan. Renaming HijackThis is a work-around. Unfortunately, doing so did not help us this time. :)

BLACKLIGHT
  • Please download F-Secure Blacklight (fsbl.exe) from here
  • Save into C:\ with a name of fsbl.exe
  • Go to Start > Run
  • Copy and paste the contents of the below codebox into the run box
    Code: Select all
    C:\fsbl.exe /expert

  • Click OK
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next>
  • Click Exit
  • A logfile will have been created in the C:\ drive
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic together with a new HijackThis log.

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.

To summarize, please post the Blacklight log, the Kaspersky log and a fresh HijackThis log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Top

Re: Possible Infection, blocked internet downloads

Unread postby Garfielduk » March 13th, 2008, 4:43 pm

Hi,

I have run the Blacklight after downloading via my portable due to downloads not possible to desktop, here is the result:

03/13/08 20:17:34 [Info]: BlackLight Engine 1.0.67 initialized
03/13/08 20:17:34 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/13/08 20:17:35 [Note]: 7019 4
03/13/08 20:17:35 [Note]: 7005 0
03/13/08 20:17:39 [Note]: 7006 0
03/13/08 20:17:39 [Note]: 7022 0
03/13/08 20:17:39 [Note]: 7011 1816
03/13/08 20:17:40 [Note]: 7026 0
03/13/08 20:17:40 [Note]: 7026 0
03/13/08 20:17:41 [Note]: FSRAW library version 1.7.1024
03/13/08 20:21:39 [Note]: 7007 0

It said it found 0 items. then I tried to run Kaspersky but it would not run, IE Page came up with an error in the bottom left corner, a yellow triangle with a black exclamation mark; when I double clicked on it the error message was :

Problems with this webpage might prevent it displaying properly or functioning properly. Detail box said:
Line:753
Char:2
Error:null is null or not an object
Code:0
URL: as per your link to kaspersky

New HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:47, on 13/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\bluedog.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1445269031
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3646 bytes


PS : IE using Google can search and find stuff but takes ages to link through to any links or pages found

Gary
User avatar
Garfielduk
Regular Member
 
Posts: 21
Joined: February 21st, 2006, 5:48 am
Top

Re: Possible Infection, blocked internet downloads

Unread postby Carolyn » March 14th, 2008, 9:35 am

Hi Gary,


Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Please post the ComboFix log and a fresh HijackThis log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Top

Re: Possible Infection, blocked internet downloads

Unread postby Garfielduk » March 14th, 2008, 4:44 pm

Carolyn,

Sorry there is quite a long time between my answers, thats because I do have a day job away from home :)

Here is the Combofix and new HJT Logas requested; by the way Combofix ran smoothly and took only 5 minutes to run.

ComboFix 08-03-14.2 - Owner 2008-03-14 20:36:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.719 [GMT 0:00]
Running from: E:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.

2008-03-13 20:16 . 2008-03-13 20:10 916,072 --a------ C:\fsbl.exe
2008-03-10 13:37 . 2008-03-10 13:37 <DIR> dr-h----- C:\Documents and Settings\Owner\Application Data\SecuROM
2008-03-10 13:37 . 2008-03-10 13:37 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-10 13:34 . 2008-03-10 13:33 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-10 13:33 . 2008-03-10 13:33 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-03-10 13:33 . 2008-03-10 13:33 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-03-10 13:33 . 2008-03-10 13:33 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-03-10 13:33 . 2008-03-10 13:33 22,328 --a------ C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
2008-03-09 17:35 . 2008-03-09 17:35 <DIR> d-------- C:\Program Files\XBox 360 Controller for Windows Software
2008-03-09 17:23 . 2008-03-09 17:23 <DIR> d-------- C:\Program Files\Managed DirectX (0901)
2008-03-09 17:19 . 2008-03-09 17:12 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-03-09 17:13 . 2008-03-09 22:08 <DIR> d-------- C:\Program Files\FireWarrior
2008-03-09 17:05 . 2008-03-09 17:08 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-03-02 12:32 . 2008-03-02 12:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-03-02 12:29 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-02 12:21 . 2008-03-02 12:21 <DIR> d-------- C:\downloads
2008-03-01 21:05 . 2008-03-01 21:06 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-01 08:55 . 2008-03-01 13:04 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-29 20:18 . 2008-02-29 20:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 18:09 . 2008-02-29 18:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-20 18:22 . 2008-02-20 18:22 <DIR> d-------- C:\Program Files\GameSpy
2008-02-20 18:21 . 2008-03-09 17:22 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-02-20 18:07 . 2008-02-20 18:07 <DIR> d-------- C:\Program Files\Electronic Arts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 20:36 2,447,904 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-14 19:36 1,792,000 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-03-13 21:56 33,476 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-08 07:49 1,700,864 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-03-05 21:53 1,699,328 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-03-04 21:05 26,624 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-03-04 21:05 1,988,608 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-03-04 16:15 470,016 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-03-04 16:15 1,987,584 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-03-02 10:06 1,966,592 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-03-01 10:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 08:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-29 16:39 2,007,040 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-02-27 16:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailFrontier
2008-02-27 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-26 22:00 2,004,992 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-02-25 19:09 75,264 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-02-25 19:09 2,004,480 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-02-21 18:52 173,568 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-02-21 18:52 1,987,072 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-02-20 21:56 1,986,560 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-02-19 17:52 1,955,328 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-02-18 16:25 1,940,992 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-02-17 11:38 1,939,456 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-02-16 22:44 1,938,944 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-02-15 10:48 1,934,848 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-02-14 18:36 81,408 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-02-14 18:36 1,934,336 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-02-13 19:43 126,976 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-02-13 19:43 1,930,240 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-02-12 16:38 1,911,296 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-02-12 11:54 1,910,272 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-02-11 10:10 1,908,736 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-02-10 07:42 55,296 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-02-10 07:42 1,907,200 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-02-09 09:16 25,088 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-09 09:16 1,906,176 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-08 22:51 34,304 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-08 22:51 1,909,248 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-02-08 21:40 --------- d-----w C:\Program Files\Guild Wars
2008-02-07 22:39 1,899,008 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-07 07:21 49,152 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-07 07:21 1,889,792 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-06 22:52 591,360 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-06 22:52 1,885,696 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-04 22:09 1,883,136 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-02 15:22 1,880,064 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-01 18:44 1,878,528 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-31 17:47 1,871,360 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-29 18:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\Template
2008-01-29 18:56 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-01-29 18:56 --------- d-----w C:\Program Files\SonicWallES
2008-01-27 17:07 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-27 17:07 --------- d-----w C:\Program Files\Realtek
2008-01-27 16:09 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-27 16:09 --------- d-----w C:\Program Files\Real
2008-01-27 16:09 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-27 16:09 --------- d-----w C:\Program Files\Common Files\Real
2008-01-27 15:49 --------- d-----w C:\Program Files\Lavasoft
2008-01-27 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 15:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-27 15:31 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-27 14:49 --------- d-----w C:\Program Files\Microsoft Works
2008-01-27 14:35 --------- d-----w C:\Program Files\Zone Labs
2008-01-27 13:04 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-27 13:04 --------- d-----w C:\Program Files\ASUS
2008-01-27 12:50 --------- d-----w C:\Program Files\muvee Technologies
2008-01-27 12:50 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-01-27 12:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2008-01-27 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-01-27 12:45 --------- d-----w C:\Program Files\XpertVision
2008-01-27 12:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-27 12:37 --------- d-----w C:\Program Files\viewsonic
2008-01-27 12:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Leadertech
2008-01-27 12:17 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-14 11:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2002-09-11 14:26 63,730 ----a-w C:\Program Files\viewsonicinstruct_xp.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00 15360]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 21:10 1667584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 05:59 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 05:59 8491008]
"Gainward"="C:\Program Files\XpertVision\TBPanel.exe" [2007-10-02 12:18 2165256]
"SkyTel"="SkyTel.EXE" [2006-05-17 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-31 18:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-10-05 05:59 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 12:00 15360]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-01-27 12:36:40 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
S3 iMSPQMn;iMSPQMn;C:\DOCUME~1\Owner\LOCALS~1\Temp\iMSPQMn.sys [2006-05-10 11:31]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 20:37:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-14 20:37:45
.
2008-03-13 17:35:15 --- E O F ---


AND the HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:56, on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\bluedog.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1445269031
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3762 bytes

Look forward to your next instructions
Gary
User avatar
Garfielduk
Regular Member
 
Posts: 21
Joined: February 21st, 2006, 5:48 am
Top

Re: Possible Infection, blocked internet downloads

Unread postby Carolyn » March 17th, 2008, 9:52 am

Hello Gary,

The good news is that the scans indicate that your son's computer is clean. The problems you are experiencing with this computer are not malware related.

As this is a computer troubleshooting issue, not a malware issue, I suggest you use the following link to go to the CastleCops General Computer Problems forum for help from a CastleCops SRT...

http://www.castlecops.com/f120-General_ ... blems.html

I recommend that you register before posting your problem. Registered members can receive notification when there has been a reply to their topic. There is no way for CCSP to notify "guests" when they have received a reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Top

Re: Possible Infection, blocked internet downloads

Unread postby Garfielduk » March 18th, 2008, 4:54 pm

Okay thanks for your help Carolyn, will follow your advice. Thanks again, Gary
User avatar
Garfielduk
Regular Member
 
Posts: 21
Joined: February 21st, 2006, 5:48 am
Top

Re: Possible Infection, blocked internet downloads

Unread postby Elrond » March 21st, 2008, 7:56 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 121 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index