Internet connection issues for most programs

[prince_yuki]

Hi people =]

Got an annoying problem where anything that uses the internet wont connect. Ends up giving either a connection failed message or says "please check your internet connection". Started about a month ago when i went to use spotify. I know it's not spotify that caused it but this was the first time i noticed it. Anything I install that uses the internet, wont connect e.g. msn messenger, avg update, google earth. I think it may be a virus or some type of malware that is registering anything being installed and then blocking it maybe? I thought this because yesterday, i updated my os through windows update (it still works and so does IE) and it updated IE7 to 8. and it wouldnt open any sites. So i used system restore to undo the update and it was fine again (IE7). Heres an Hijack this log if it would help in identifying the problem?

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:49:48, on 25/09/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16890)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\BisonCam\BisonHK.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MySpace | Login

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bisonHK] C:\Windows\BisonCam\BisonHK.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [CardReaderMonitor] C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236434175096&h=07dd645491ca1c37c1336b00b52a414d/&filename=jinstall-6u12-windows-i586-jc.cab

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--da46ea80-9459-414f-b0e8-dc56e4edfc8a/online/bonnies_bookstore/en/popcaploader_v10.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Update Service (gupdate1c9a97177954680) (gupdate1c9a97177954680) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

 

--

End of file - 11555 bytes

 

Thankyou in advance for any help guys =]

[Tony D]

Can you ping your router? If so, then try to ping something like Google. If that doesn't work, try pinging Google's IP - 64.233.169.99

 

To Ping: All Programs > Accessories > Command Prompt

When the windows comes up, type in "ping 64.233.169.99" without the quotes followed by pressing the ENTER key to ping Google's IP address.

[prince_yuki]

Hi Kelly, thankyou for the reply =]

I did that, and received the packets back. 0% loss (if that helps)

[Plastic Nev]

Hi Prince Yuki, I have looked at your HJT log and although no expert, I can see at least one issue, when one of our malware experts looks in they will take it further, it may well be malware causing your problem.

Nev.

[prince_yuki]

Thank you nev for your reply! =] On the trail now (Y)

[Tony D]

If you can ping a web site, such as Google - that indicates that you have a proper Internet connection and that your dns entry is valid.

 

As perviously mentioned, this may be a malware issue. It could also have something to do with your hosts file. I don't have the time right now to get into that, but if it's not right, it's probably because malware has messed with it.

[chiaz]

Hello prince_yuki. :)

 

 

So i used system restore to undo the update and it was fine again (IE7).

 

So are you able to access any websites now?

 

If no, do you have access to another machine as well as a CD/flash drive to copy files/programs into?

 

If yes, go HERE to run Panda ActiveScan 2.0

• Click the big green Scan now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• Once the scan is completed, please hit the notepad icon next to the text Export to:
  
• Save it to a convenient location such as your Desktop
  
• Post the contents of the ActiveScan.txt in your next reply.

Edited September 26, 2009 by chiaz

[prince_yuki]

Hello again, hope you're all ok =]

 

I've run that panda scan and heres the log:

 

;***********************************************************************************************************************************************************************************

ANALYSIS: 2009-09-26 22:06:01

PROTECTIONS: 2

MALWARE: 30

SUSPECTS: 7

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

Windows Defender 1.1.1505.0 Yes Yes

SUPERAntiSpyware 4, 29, 0, 1002 No Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@casalemedia[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\allyo@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\allyo@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@atdmt[1].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@tradedoubler[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@247realmedia[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@fastclick[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\allyo@tribalfusion[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@mediaplex[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Mozilla\Firefox\Profiles\qh77fj21.default\cookies.txt[.com.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@statcounter[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Mozilla\Firefox\Profiles\qh77fj21.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Mozilla\Firefox\Profiles\qh77fj21.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Mozilla\Firefox\Profiles\qh77fj21.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Mozilla\Firefox\Profiles\qh77fj21.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Mozilla\Firefox\Profiles\qh77fj21.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Mozilla\Firefox\Profiles\qh77fj21.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Mozilla\Firefox\Profiles\qh77fj21.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Mozilla\Firefox\Profiles\qh77fj21.default\cookies.txt[ad.yieldmanager.com/]

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@apmebf[2].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@burstnet[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@bs.serving-sys[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@adtech[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\allyo@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@advertising[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@ads.pointroll[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@overture[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@questionmarket[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@zedo[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@bluestreak[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@adrevolver[2].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@adviva[2].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\allyo@adviva[1].txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\AllyO\AppData\Roaming\Microsoft\Windows\Cookies\Low\allyo@smartadserver[1].txt

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Windows\Temp\~osEF6E.tmp\ossproxy.exe

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Program Files\SEGA\PHANTASY STAR ONLINE Blue Burst\SHPsoBB.exe

03898843 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameHouse Games Collection\Collapse! Crunch\Collapse3.exe

03899095 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameHouse Games Collection\Atlantis\Atlantis.exe

03919028 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameHouse Games Collection\Hamsterball\Hamsterball.exe

;===================================================================================================================================================================================

SUSPECTS

Sent Location

;===================================================================================================================================================================================

No C:\Program Files\GameHouse Games Collection\Invadazoid\Invadazoid.exe

No C:\Program Files\GameHouse Games Collection\Mahjong Garden To Go\MahjongGarden.exe

No C:\Program Files\SEGA\PHANTASY STAR ONLINE Blue Burst\NPCV5.exe

No C:\Program Files\SEGA\PHANTASY STAR ONLINE Blue Burst\PSOBB Full Dressing Room 1.25.10.exe

No C:\Windows\Temp\~osE9D1.tmp\ossproxy.exe

No C:\Windows\Temp\~osE9D1.tmp\pmls.dll

No C:\Windows\Temp\~osE9D1.tmp\pmropn.exe

;===================================================================================================================================================================================

VULNERABILITIES

Id Severity Description

;===================================================================================================================================================================================

;===================================================================================================================================================================================

 

The gamehouse files and Sega files I can trust because i've had those for ages and had no problems. The others do look suspicious though! especially the ossproxy haha.

[chiaz]

Please navigate to and delete the following folder:

C:\Windows\Temp\~osEF6E.tmp\

 

======

 

Then download: CCleaner (freeware)

|MG| CCleaner Slim 2.23.999 Download

Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).

Once installed, run CCleaner click the Windows [tab]

The following should be selected by default, if not, please select:

http://i210.photobucket.com/albums/bb164/jedi_030/CCleanerA.png

Next: click Options click the Settings tab

Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) before Exit.

 

======

 

I thought this because yesterday, i updated my os through windows update (it still works and so does IE) and it updated IE7 to 8. and it wouldnt open any sites. So i used system restore to undo the update and it was fine again (IE7).

I need to know what you meant by the above. So if you are using IE7, everything runs fine and you are able to access websites?

[prince_yuki]

Hey Chiaz, thanks for your reply.

Yeah, I'm using IE7 and it works fine. I went back to using IE7 after updating to IE8 and finding out it ended up having the same problem as everything else. I'm on the problemed laptop now =].

I have run CCleaner with the settings mentioned. I'll restart my laptop to see if it worked =]

 

John

[prince_yuki]

Nah, all the programs are still refusing to connect, tried msn messenger and google earth. Both said there was no connection to the internet. At least we got rid of some baddies though =D

[snow]

Hi,

 

(Sorry if I'm interrupting chiaz)

 

If you are unable to create any network connections after malware has been removed, then try the wisock fix for vista to re-set TCP/IP on the affected machine:

 

1. Click on Start button.
   
2. Type Cmd in the Start Search text box.
   
3. Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request.
   
4. Type netsh winsock reset in the Command Prompt shell, and then press the Enter key.
   
5. Restart the computer.
   

[chiaz]

(Sorry if I'm interrupting chiaz)

 

Nope you're not, I think my work is all done here.