PDA

View Full Version : No broadband or dial-up



Lurking
19-04-2010, 10:24 AM
Hi Speedy, should not have mentioned coming into the 21st century!!!

With it's robots, trojans and virusses.

Have run your TJ and Malware. Avast and Sygate seemed to have been infected, as they both want to get onto the nett.

HJT log please Speedy:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:42 a.m., on 19/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - S-1-5-18 Startup: Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (User 'Default user')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6579629A-83AD-4123-9C6B-F32350493B53}: NameServer = 203.96.152.4,203.96.152.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6288 bytes


Ps. Just as well the old IBM Win98SE can be relied upon.

Lurks.

Speedy Gonzales
19-04-2010, 10:36 AM
What do you mean by this ?

Avast and Sygate seemed to have been infected, as they both want to get onto the net. If you want Avast to update, it has to be on the net

Whats it doing, or not doing?

And what do you mean no BB or dialup?? If theyre not working, then how did you get here?

You can tick these then tick fix checked

Close browsers

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'Default user')

O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe

Lurking
19-04-2010, 10:59 AM
Thanks Speedy,

Both Avast and Sygate, have errors and want to send the errors to their respective websites.

My recent thread mentioned getting Skype and Webcam (Logitech).

Tested both out yesterday with friend and it worked fine, then all turned to custard when we tried to connect to g/children.

On dial-up on another pc in another room.

Still ok to delete the Skype and Logitech in your reply.

Regards,

Lurks.

Speedy Gonzales
19-04-2010, 11:06 AM
Also disable windows firewall, if Sygate didnt disable it. Otherwise, they'll conflict. You can tick the logitech entries (its only for the registration). You can tick the skype entry if you want. You can still run it manually

So this computer youre on now is on dialup or broadband? I could check this out with teamviewer, if you want (hopefully this is on broadband)

So Avast and Sygate are crashing? What do the errors say?

Lurking
19-04-2010, 11:39 AM
Hi again,

Sygate has three windows within windows and the last one appearing has:

C:\documents\*****\*****\smc.exe.mdmp
C:\documents\*****\*****\appcompat.txt

Avast

States no more end points available from the endpoint mapper.

No bb on this old reliable dial-up machine.

Sygate has closed MSSE out.

Tks

Lurks.

Ps. will take sick pc out of safe mode and re-boot and get better defs. for the errors.

l.

Speedy Gonzales
19-04-2010, 11:47 AM
Is XP up to date?? Inc the updates from this mth? By MSSE you mean malwarebytes?

Sweep
19-04-2010, 11:53 AM
MSSE = MicroSoft Security Essentials perhaps?

Speedy Gonzales
19-04-2010, 11:55 AM
Yup but it maybe a typo. I thought he meant MBAM. Since Avast is installed.

Lurking
19-04-2010, 12:26 PM
Speedy and Sweep, ok MSE.

Sygate has a problem and needs to close:

error signature
sz appname: smc.exe szappver:5.6.0.2808 szmodname : wgman.dll
szmodver: 1.1.122.0 offset: 00002b75

And of course the report does not get sent/saved as a search does not locate:

C:\docume~1\owner\locals~1\temp\wer22A3.diroo\smc. exe.mdmp
C:\docume~1\owner\locals~1\temp\wer22A3.diroo\appc ompat.txt

XP is on auto updates, along with every other essential software. Probabley including all the other s h i t floating around out there, lol.

Lurks.

Lurking
19-04-2010, 12:33 PM
One small thing my son-in-law noticed yesterday, was the missing plastic clip on the male connection into the computer, which we will have to take up with TelstraClear.

Would this have any effect?, I would not have thought so as there are plenty of phone jacks around without one and our one at indoor bowls still rings out.

l.

Lurking
19-04-2010, 02:20 PM
Hi Speedy, I am back on:

Uninstalled both Logitech and Skype.

Result no go

Did a restore back to Friday last, not recommended by Microsoft and others', but if all else fails.

Now have internet ok but Outlook Express is still stuffed up, the acclunt details are identical to other pc, which also has just failed on OE.

teamviewer you mentioned will be ok if you want to have a looksee.

Regards,

Lurks.

Speedy Gonzales
19-04-2010, 02:22 PM
Yup get teamviewer, install it / run it. Send the ID and password to me in a PM. I'll log into it, once you send me the PM

Lurking
20-04-2010, 02:35 PM
Thanks folks.

Speedy the OE problem! 2 boxes were ticked in the Accounts advanced box, by whom is another question, TelstraClear's help site fixed that.

You were wondering about my use of MSSE, well this was posted on 14 April 10, so my memory put in the extra "S" letter.

Quote:Originally Posted by wratterus
MSSE is probably the best of the free AVs at the moment.

Thanks again Speedy and Sygate tells me that pc was being scanned by
125.239.213.*** yesterday.

Regards,

Lurks.

Speedy Gonzales
20-04-2010, 02:42 PM
Ah ok cool. good to hear you got it sorted