Free Malware Removal Forum

[Olan]

Hi, i hope you can help. I can reach many web sites from my PC. If I connect a different Pc to the same router it's fine. Both are dhcp so I'm taking that DNS is not the issue. I tried a fixed ip but that did not help. Also tried Skybot and AD-Adware.

Hijackthis log attached.

Thanks in advance,
O

============
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37:10, on 28/09/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
G:\WIN2003\System32\smss.exe
G:\WIN2003\system32\winlogon.exe
G:\WIN2003\system32\services.exe
G:\WIN2003\system32\lsass.exe
G:\WIN2003\system32\Ati2evxx.exe
G:\WIN2003\system32\svchost.exe
G:\Program Files\Windows Defender\MsMpEng.exe
G:\WIN2003\System32\svchost.exe
G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
G:\WIN2003\system32\LEXBCES.EXE
G:\WIN2003\system32\LEXPPS.EXE
G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
G:\PROGRA~1\NETSUP~1\client32.exe
G:\WIN2003\system32\CTsvcCDA.exe
G:\WIN2003\System32\svchost.exe
G:\WIN2003\system32\inetsrv\inetinfo.exe
G:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
G:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
G:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
G:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
G:\WIN2003\system32\Ati2evxx.exe
G:\WIN2003\Explorer.EXE
G:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
G:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
G:\WIN2003\system32\MsPMSPSv.exe
G:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
G:\WIN2003\System32\svchost.exe
G:\WIN2003\system32\PRISMSVR.EXE
G:\PROGRA~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Offline Course Player\OlpSynch.exe
G:\PROGRA~1\MICROS~4\wcescomm.exe
G:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Documents and Settings\Olan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
G:\Program Files\Skype\Phone\Skype.exe
G:\WIN2003\system32\ctfmon.exe
G:\PROGRA~1\MICROS~4\rapimgr.exe
G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
G:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
G:\WIN2003\System32\svchost.exe
G:\WIN2003\system32\oobechk.exe
G:\WIN2003\system32\spoolsv.exe
G:\WIN2003\system32\mshta.exe
G:\WIN2003\System32\svchost.exe
G:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
G:\Program Files\Skype\Plugin Manager\skypePM.exe
G:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
G:\Documents and Settings\Olan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\Olan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ie/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PRISMSVR.EXE] "G:\WIN2003\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OLPSYNCH] G:\Program Files\Offline Course Player\OlpSynch.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "G:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "G:\Documents and Settings\Olan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "G:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] G:\WIN2003\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WIN2003\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WIN2003\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WIN2003\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WIN2003\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = G:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://firepass.rte.ie/vdesk/terminal/ ... ,0,51230,1
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - https://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://firepass.rte.ie/vdesk/terminal/ ... 60116,2328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8145838127
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://66.133.171.82/VMRCActiveXClient.cab
O16 - DPF: {8B0F07E1-00F9-4B1B-9A2F-456DC0F54EBF} (PortDetector Control) - http://vlab1se-ekt2.elementk.com/vlab/ax/PortTester.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://msdn.demoservers.com/msrdp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://firepass.rte.ie/vdesk/terminal/urxshost.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://firepass.rte.ie/vdesk/terminal/ ... ,0,51124,1
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DE22FEC-DADE-47E6-B934-5819F8FBDEF8}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7035122-CBA4-4BB4-8B6F-ECAB8BE1C93F}: NameServer = 192.168.2.1,192.168.2.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - G:\WIN2003\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WIN2003\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WIN2003\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Client32 - NetSupport Ltd - G:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WIN2003\system32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - G:\WIN2003\system32\LEXBCES.EXE
O23 - Service: Olans File Watcher - - c:\projects\timesheets\filewatcherservice\olansfilewatcher.exe

--
End of file - 10742 bytes

[Shaba]

Hi Olan

Please read what it says in User Rules

"Make sure you have one of the desktop versions of Windows, i.e. Win98, Win98SE, WinMe, Win2000, Windows XP, Windows Media, Vista.
We CANNOT HELP remove malware from any of the Windows Server editions, like Windows 2003."

This thread is now closed.