# Internet Freezes



## Blazing_Javelin

My internet has spontaneously stop working. Even though the other 4computers on my network can access the internet.I have no viruses/spyware (i scanned).Whenever i access firefox or internet explorer google pops up...I type something and nothing happens it sits there loading my search forever. Please help..... 

PS: Its only very rarely google works AND my network connections says im connected.


----------



## Blazing_Javelin




----------



## Briguy

Does your other computers see you on the network?

 Try this for starts.

    1. Click the Start menu button on the Windows taskbar.

   2. Click Run... on this menu.

   3. If the computer is holding a current IP address, type 'cmd' (without the quotes) in the text box that appears. A command prompt window appears on the screen.

   4. Type 'ipconfig' (without the quotes) to view the status of the computer's IP address(es).

   5. If the computer is holding a current IP address, type 'ipconfig /release' to let go of the address.

   6. Type 'ipconfig /renew' to obtain a new IP address (whether or not the computer is holding a current address).

Tips:

   1. If it is not necessary to view the current IP addresses on a computer, simply type 'ipconfig /release' or 'ipconfig /renew' (without the quotes) in the text box that appears in Step 3.

   2. To bring a computer back onto the network after moving it to a different location, or experiencing an unexpected outage, first release, then renew the IP address. Computers on DHCP networks often (but not always) re-establish network connectivity automatically.

What You Need:

    * WinXP, Win2000, or WinNT
    * IP network connectivity


----------



## Blazing_Javelin

My ip adress is renewed...didnt fix anything, still 75% of the internets webpages sit there doing nothing. Sites such as facebook dont work and google.
I dont know if this will help but i deleted ctfmon.exe from the Task Manager and it temporarily fixed it but for some reason when i take it off now it doesnt do anything.


----------



## Briguy

Blazing_Javelin said:


> My ip adress is renewed...didnt fix anything, still 75% of the internets webpages sit there doing nothing. Sites such as facebook dont work and google.
> I dont know if this will help but i deleted ctfmon.exe from the Task Manager and it temporarily fixed it but for some reason when i take it off now it doesnt do anything.



Go to the command prompt and type "tracert" (without quotes) then hit the space bar and type in www.google.com for example and hit enter. Try this for different websites. Do a screen shot of the DOS prompt and post it here. If there are lost packets of data then were in trouble. 

Note: make sure your firewall and antivirus software are disabled.


----------



## Blazing_Javelin

Wont let me just keeps flickering when i type "tracert" and click enter.....


----------



## Blazing_Javelin

Some sites such as ebgames.com either show a *COMPLETELY* white page except for ">script" in small font at the top, or a message pops up and says "the script has stopped running, would you like to stop it"? 

So here are the possible things that happen and the chances of them happening.

Just sits there Loading Page (*FOREVER*)- *40%* of the time
Page Loads Correctly- *40%* of the time
Script Error- *5%* of the time
Page Loads Incorrectly with Missing Content or Very Slowly- *15%* of the time


----------



## G25r8cer

I would say your connection is slow then. Go to www.speedtest.net and do a test and give us the results!


----------



## Briguy

Blazing_Javelin said:


> Wont let me just keeps flickering when i type "tracert" and click enter.....




 Well that's not good. Just a check to be sure you have no virues or spyware download (and if you can't try another computer) HijackThis from http://www.filehippo.com/download_hijackthis/ and select do a system scan and save log file. Then post the log here. 

Next go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Download combofix and run it. Make sure you have your firewall and antivirus software disabled. Then post the log here.


----------



## G25r8cer

Briguy said:


> Well that's not good. Just a check to be sure you have no virues or spyware download (and if you can't try another computer) HijackThis from http://www.filehippo.com/download_hijackthis/ and select do a system scan and save log file. Then post the log here.
> 
> Next go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix
> 
> Download combofix and run it. Make sure you have your firewall and antivirus software disabled. Then post the log here.



Isnt a simple Speedtest going to tell us much more?  Maybe he just has really slow internet!! DUH


----------



## Briguy

g25racer said:


> Isnt a simple Speedtest going to tell us much more?  Maybe he just has really slow internet!! DUH




 That's good too. But if he can't get onto the internet then it will be a problem. I trying the HijackThis route to see if he has any viruses on his computer. There are some out there that can mess with your internet connection.


----------



## Briguy

Also what version of windows are you using?


----------



## Blazing_Javelin

my internet is 100mb/s.......umm ill have that hijack thing ready to go for tommorow.....


----------



## Briguy

Blazing_Javelin said:


> my internet is 100mb/s.......umm ill have that hijack thing ready to go for tommorow.....





What version of Windows do you have? For example Windows XP Home or Windows XP Pro.


----------



## Blazing_Javelin

Windows Xp Home Edition Service Pack 2


----------



## Briguy

Blazing_Javelin said:


> Windows Xp Home Edition Service Pack 2




Here's another thing to try is to go to the control panel and double click network connections right click on your network connection and click repair and see if that fixes it. What browser do you use? If that does not work then send the HijackThis and Combofix logs, and it would probably be best to post them in the security section of this website since that's their area.


----------



## Blazing_Javelin

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\BitTorrent_DNA\dna.exe
c:\windows\system32\inf\drivers\drivers.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
c:\windows\system32\inf\drivers\IPEnv.exe
c:\windows\system32\drivers\i3862\IPServices2.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1035
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BM271b223e] Rundll32.exe "C:\WINDOWS\system32\blcelohv.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [242811a2] rundll32.exe "C:\WINDOWS\system32\ifpfrgmu.dll",b
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner.KIDS-B5FE491713\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O21 - SSODL: drivers - {CD4F0096-BBA3-429C-ABF9-7AD12643A1DE} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: drivers - Unknown owner - c:\windows\system32\inf\drivers\drivers.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IPEnv - Unknown owner - c:\windows\system32\inf\drivers\IPEnv.exe
O23 - Service: IPServices2 - Unknown owner - c:\windows\system32\drivers\i3862\IPServices2.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSCTOP - Unknown owner - (no file)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

*THIS IS ONLY HIJACK THIS....COMBO FIX WILL BE POSTED SHORTLY*


----------



## Briguy

Where's the end of the hijackThis log?

You want to get the part that says "end of file" in there. Actually you cut off the top too. In the log hold down ctrl and hit C. Then paste back here. Do that with combofix too!

Are you using a file (Bit Torrent) sharing program? That's a good way to get a virus!


----------



## Blazing_Javelin

its exactly right after dont worry.......do you really need it?

Here it is this is right after above --
"End of file - 11983 bytes"


----------



## Briguy

Blazing_Javelin said:


> its exactly right after dont worry.......do you really need it?
> 
> Here it is this is right after above --
> "End of file - 11983 bytes"



Actually you cut off the top too. In the log hold down ctrl and hit C. Then paste back here. Do that with combofix too!


----------



## johnb35

Blazing_Javelin said:


> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> C:\Program Files\Bonjour\mDNSResponder.exe
> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> C:\WINDOWS\system32\Rundll32.exe
> C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
> C:\Program Files\BitTorrent_DNA\dna.exe
> c:\windows\system32\inf\drivers\drivers.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\cba\pds.exe
> C:\Program Files\Rogers\SelfHealing\rogersagent.exe
> c:\windows\system32\inf\drivers\IPEnv.exe
> c:\windows\system32\drivers\i3862\IPServices2.exe
> C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
> C:\WINDOWS\system32\nvsvc32.exe
> C:\WINDOWS\system32\PnkBstrA.exe
> C:\WINDOWS\system32\svchost.exe
> c:\WINDOWS\system32\ZuneBusEnum.exe
> C:\WINDOWS\system32\MsgSys.EXE
> C:\WINDOWS\system32\cba\xfr.exe
> C:\Program Files\Windows Live\Messenger\usnsvc.exe
> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\WINDOWS\system32\rundll32.exe
> C:\Program Files\Yahoo!\YOP\yop.exe
> C:\PROGRA~1\Yahoo!\browser\ycommon.exe
> C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
> C:\Program Files\Mozilla Firefox\firefox.exe
> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
> 
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1035
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
> R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
> O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
> O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [BM271b223e] Rundll32.exe "C:\WINDOWS\system32\blcelohv.dll",s
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
> O4 - HKLM\..\Run: [242811a2] rundll32.exe "C:\WINDOWS\system32\ifpfrgmu.dll",b
> O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
> O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
> O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
> O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
> O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
> O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
> O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
> O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
> O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
> O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
> O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
> O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
> O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
> O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
> O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
> O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner.KIDS-B5FE491713\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O15 - Trusted Zone: http://www.msi.com.tw
> O15 - Trusted Zone: http://*.mcafee.com
> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
> O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
> O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
> O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
> O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
> O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
> O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
> O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
> O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
> O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
> O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
> O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
> O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
> O21 - SSODL: drivers - {CD4F0096-BBA3-429C-ABF9-7AD12643A1DE} - (no file)
> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
> O23 - Service: drivers - Unknown owner - c:\windows\system32\inf\drivers\drivers.exe
> O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
> O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
> O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
> O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
> O23 - Service: IPEnv - Unknown owner - c:\windows\system32\inf\drivers\IPEnv.exe
> O23 - Service: IPServices2 - Unknown owner - c:\windows\system32\drivers\i3862\IPServices2.exe
> O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
> O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
> O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
> O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
> O23 - Service: NSCTOP - Unknown owner - (no file)
> O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
> O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
> O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
> O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
> O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
> O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
> O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
> O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
> O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
> O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
> O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
> 
> *THIS IS ONLY HIJACK THIS....COMBO FIX WILL BE POSTED SHORTLY*



You are infected.  Wait for Gamemaster or a mod to help you out.


----------



## Briguy

Do you have the combofix log yet?


----------



## Blazing_Javelin

gimme 15 more min downloadin it now


----------



## Briguy

Blazing_Javelin said:


> gimme 15 more min downloadin it now



Make sure when you run it to disable your firewall and anti virus software!

 This is good now were going somewhere I was suspicious you had a bug(s)

Oh also after combofix runs you might need to repair your internet connection by going to the control panel and opening up network connections and select your connection and right click and select repair.


----------



## Blazing_Javelin

well the comboflix link sits there loading as usual.......is there another one?



repairing internet never completes, it always stops mid way with some notice


----------



## Briguy

Blazing_Javelin said:


> well the comboflix link sits there loading as usual.......is there another one?




Try these: http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

If that does not work can you get it off another computer that uses the internet?


----------



## Briguy

You have a Vundo infection. Is that combofix download coming along?

After combofix runs and you post the log. Download this http://www.majorgeeks.com/Symantec_Trojan.Vundo_Removal_Tool_d4430.html

Follow the instructions for removal.

Your going to want to disable system restore (temporary). Right click on my computer select properties and select system restore and check the box that says "turn off system restore"


----------



## Blazing_Javelin

Umm combo flix sits there creating a log at the last step literally for 20min now so I exited it.......if you want ill give it another try tommorow morning


----------



## Briguy

Blazing_Javelin said:


> Umm combo flix sits there creating a log at the last step literally for 20min now so I exited it.......if you want ill give it another try tommorow morning



Ok Download this http://www.majorgeeks.com/Symantec_T...ool_d4430.html

Note: It's very small only 161 KB

Follow the instructions for removal.

Your going to want to disable system restore (temporary). Right click on my computer select properties and select system restore and check the box that says "turn off system restore"


----------



## Briguy

Briguy said:


> Ok Download this http://www.majorgeeks.com/Symantec_T...ool_d4430.html
> 
> Note: It's very small only 161 KB
> 
> Follow the instructions for removal.
> 
> Your going to want to disable system restore (temporary). Right click on my computer select properties and select system restore and check the box that says "turn off system restore"



I would run this program in safe mode!!!!!! 

If you don't know how to get into safe mode let me know. 

Let it scan and do it's thing and post what happens!


----------



## Blazing_Javelin

Wow i think my internet has been fixed....after the combo fix thing told me to restart all internet sites are now working and quickly....i think this is only temporary so stay tuned i will do the vundo fix tommorow...thanks


----------



## Briguy

Blazing_Javelin said:


> Wow i think my internet has been fixed....after the combo fix thing told me to restart all internet sites are now working and quickly....i think this is only temporary so stay tuned i will do the vundo fix tommorow...thanks





After the vundo fix please run again and post HijackThis and Combofix logs!!!!

Note:Combofix will take a long time depending on how bad your computer is!


----------

