Frozed Internet Connection!!!, Mostly trojan problems Options

[MinhDo]

Hi everyone,

The computer I'm using, which has WinNT recently infected by the whole bunch of virus and I don't know what to do. The problem is now more comlicated since the virus seem to change something in the registry that I couldn't get internet connection (This is the BIGGEST problem that I want to solve first) and therefore much harder for me to search for helpful information. After scanning with Norton Antivirus, this is what I get:

Date: 12/23/2005, Time: 1:18:16,
The file
C:\WINNT\system32\encodex.exe
is infected with the Download.Trojan virus.
Unable to repair this file.


Date: 12/23/2005, Time: 1:18:16,
The file
C:\WINNT\system32\encodex.exe
is infected with the Download.Trojan virus.
Access to the file was denied.


Date: 12/23/2005, Time: 1:18:18,
The file
C:\WINNT\system32\howiper.exe
is infected with the Trojan Horse virus.
Unable to repair this file.


Date: 12/23/2005, Time: 1:18:18,
The file
C:\WINNT\system32\howiper.exe
is infected with the Trojan Horse virus.
Access to the file was denied.


Date: 12/23/2005, Time: 1:18:24,
The file
C:\WINNT\system32\favset.exe
is infected with the Trojan.Favadd virus.
Unable to repair this file.


Date: 12/23/2005, Time: 1:18:24,
The file
C:\WINNT\system32\favset.exe
is infected with the Trojan.Favadd virus.
Access to the file was denied.


Date: 12/23/2005, Time: 1:18:26,
The file
C:\WINNT\system32\idemlog.exe
is infected with the Trojan.Adclicker virus.
Unable to repair this file.


Date: 12/23/2005, Time: 1:18:26,
The file
C:\WINNT\system32\idemlog.exe
is infected with the Trojan.Adclicker virus.
Access to the file was denied.


Date: 12/23/2005, Time: 1:18:38,
The file
C:\WINNT\system32\dgprpsetup.exe
is infected with the Trojan.Stwoyle virus.
Unable to repair this file.


Date: 12/23/2005, Time: 1:18:38,
The file
C:\WINNT\system32\dgprpsetup.exe
is infected with the Trojan.Stwoyle virus.
Access to the file was denied.

I know that the program hijackthis can be very helpful for anyone wants to help me with the problems but I'm no expert and not sure if it will display any private infomation to others. Please understand this because it's not my computer and the owner is very strict about putting any unknown programs into his machine. Please, anyone outthere, give mesome advices. Thanks so much in advance

[Bobbi Flekman]

Download HijackThis.
http://www.bleepingcomputer.com/files/hijackthis.php
http://209.133.47.12/~merijn/files/HijackThis.exe
http://www.downloads.subratam.org/hijackthis.zip

If you are on Windows XP, extract the file. Do not just doubleclick on it! This opens HijackThis in a temporary folder. This would interfere with the possibility to make back-ups.

Unzip to a folder other than your Desktop or the Temp folder. Then, doubleclick HijackThis.exe, and click "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that and copy and paste its contents in this thread.

Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results.

[MinhDo]

Okay, this is the log but I'm afraid I have double click the hijackthis.zip file so I'm not sure if that would cause any problems. anyway, I'll try again.

Logfile of HijackThis v1.99.1
Scan saved at 02:10:39, on 7/01/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Utilities\Norton AV\navapsvc.exe
C:\Utilities\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Utilities\Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\UTILIT~1\NORTON~1\navapw32.exe
C:\UTILIT~1\POP-UP~1\dpps2.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Utilities\Spybot\TeaTimer.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Utilities\AdFree\AdFree.exe
C:\WINNT\webshots.scr
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\UTILIT~1\WINZIP\winzip32.exe
C:\Minh\Solution\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Utilities\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utilities\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: WinZip IBS - {99A10100-66BB-11D4-A02A-00600818E7D8} - C:\UTILIT~1\WINZIP\wziebs.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Utilities\Norton AV\NavShExt.dll
O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - (no file)
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Utilities\SiteHound\SiteHound.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Utilities\Norton AV\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Utilities\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NAV Agent] C:\UTILIT~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\UTILIT~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\UTILIT~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ImInstaller\IncrediMail\imloader.exe -startup -product IncrediMail -skip_dialog language
O4 - HKLM\..\Run: [Zone Labs Client] C:\Utilities\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [dmbxj.exe] C:\WINNT\system32\dmbxj.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Utilities\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Startup: AdFree.exe.lnk = C:\Utilities\AdFree\AdFree.exe
O4 - Startup: Webshots.lnk = C:\Utilities\Webshots\Launcher.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Utilities\SiteHound\SiteHound.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.au/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com.au/
O15 - Trusted Zone: *.usyd.edu.au
O15 - Trusted Zone: http://www.usyd.edu.au
O15 - Trusted Zone: http://www.usyd.edu.au ; *.usyd.edu.au
O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156/scanner/axscanner.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fujicolor.com.au/en/feeders/XUpload.ocx
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C84A3998-06A3-4E4D-B319-63F93A0BA68E}: NameServer = 85.255.114.90,85.255.112.15
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Utilities\Norton AV\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Utilities\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Utilities\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

Thanks

[Bobbi Flekman]

Hi MinhDo,

Check your computer with the following free anti-virus/anti-trojan products.

Housecall Anti Virus Panda Anti Virus Trojan Scan Bit Defender

Post all the logs that you can create with these services.

You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.

Run HijackThis, click on "Scan" and check the boxes next to all these items.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ImInstaller\IncrediMail\imloader.exe -startup -product IncrediMail -skip_dialog language
O4 - HKLM\..\Run: [dmbxj.exe] C:\WINNT\system32\dmbxj.exe

There are restrictions set on Control Panel. If you or your system administrator has not put this restriction on Control Panel, also check this item.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".

Restart your computer in Safe Mode. How do I Safe Boot my computer?

Show hidden files. How do I show hidden files?
At the end if the fix you can return the files to hidden status if you want.

Delete the following files in red (it could be that they are deleted already):

C:\WINNT\system32\dmbxj.exe

Restart your computer and post a new log in this thread.

[MinhDo]

Thanks very much for replying Bobbi. I have done the things you told me to with Hijackthis. It seem to fix the Internet Explorer Toolbar which disappear before, but that is not my main concern. The big problem is I still don't have internet connection. By the way, the file you said before appeared to be C:\WINNT\system32\dmbxg.exe instead of C:\WINNT\system32\dmbxj.exe as you said but I went ahead anyway. Here is the new log after I scan with Hijackthis:




Logfile of HijackThis v1.99.1
Scan saved at 13:56:38, on 9/01/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Utilities\Norton AV\navapsvc.exe
C:\Utilities\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Utilities\Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\UTILIT~1\NORTON~1\navapw32.exe
C:\UTILIT~1\POP-UP~1\dpps2.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Utilities\ZoneAlarm\zlclient.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Utilities\Spybot\TeaTimer.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Utilities\AdFree\AdFree.exe
C:\WINNT\webshots.scr
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\UTILIT~1\WINZIP\winzip32.exe
C:\WINNT\system32\notepad.exe
C:\Minh\Solution\Hijack\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Utilities\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utilities\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: WinZip IBS - {99A10100-66BB-11D4-A02A-00600818E7D8} - C:\UTILIT~1\WINZIP\wziebs.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Utilities\Norton AV\NavShExt.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Utilities\SiteHound\SiteHound.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Utilities\Norton AV\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Utilities\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NAV Agent] C:\UTILIT~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\UTILIT~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\UTILIT~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Utilities\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Utilities\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Startup: AdFree.exe.lnk = C:\Utilities\AdFree\AdFree.exe
O4 - Startup: Webshots.lnk = C:\Utilities\Webshots\Launcher.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Utilities\SiteHound\SiteHound.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.au/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com.au/
O15 - Trusted Zone: *.usyd.edu.au
O15 - Trusted Zone: http://www.usyd.edu.au
O15 - Trusted Zone: http://www.usyd.edu.au ; *.usyd.edu.au
O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156/scanner/axscanner.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fujicolor.com.au/en/feeders/XUpload.ocx
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C84A3998-06A3-4E4D-B319-63F93A0BA68E}: NameServer = 85.255.114.90,85.255.112.15
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Utilities\Norton AV\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Utilities\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Utilities\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe


Please help !!!

[Bobbi Flekman]

Hi MinhDo,

Ok.... The log is clean. Now to the connection...

Since when don't you have a connection? Can you tell me more about it? The more you can tell, the easier it might be for me to help you.

[MinhDo]

Thanks, I'm glad that the logis clean now. I'd lost the internet connection not long after I've got the virus. I can't remember if I had lost it immediately or after I ran a scan with Ad-aware and deleted a few things. I'll try looking at it again. Could it be because I ran Norton Antivirus and quarantine some items??

[Bobbi Flekman]

Thanks, I'm glad that the logis clean now.  I'd lost the internet connection not long after I've got the virus.  I can't remember if I had lost it immediately or after I ran a scan with Ad-aware and deleted a few things. I'll try looking at it again.  Could it be because I ran Norton Antivirus and quarantine some items??

That could very well be... Can you check what Norton quarantined?

Can you get onto the net to retrieve email? Or MSN? Anything other than the web? That would tell me if the problem is just with the Internet, or with the way Windows is configured.

[MinhDo]

Thanks. The problem that I had is everything concerning the Internet because I cannot log into the Network at all. No e-mail can be received and no MSN can be used. The quarantined items from Norton anri-virut are :
-dgprpsetup.exe
-encodex.exe
-favset.exe
-howiper.exe
-idemlog.exe

[Bobbi Flekman]

In that I read that you cannot access anything on the network. That would mean that the protocols are shot in Windows.

Can you reinstall the network protocols? Can you get onto the network then?

[MinhDo]

Hi Bobbi, I've reinstalled the login program but that doesn't fix anything. The moderm is showing internet activity, the IP address is correct and I've could get file from the network using cmd window but none of other program relating the internet works, there's just no connection

[Bobbi Flekman]

Click "Start", "Run...", type "cmd.exe" and click on "OK". In the new Window type ping www.gladiator-antivirus.com and press Enter. Please copy and paste the results in a next post.

[MinhDo]

All I've got is the message "Unknown host www.gladiator-antivirus.com"
I tried to ping other site but same thing happens. What should I do

[Bobbi Flekman]

That sounds more like the configuration to your ISP has been changed, or become corrupt. Can you check with them to see if DNS servers and other IP addresses are correct?

[MinhDo]

Thanks for the help, Bobbi. When you say "them", you mean the network that I have internet connection with? How do I check if ISP corrupted or had been changed, how do I know about DSN servers and other IP are correct??