I have re installed win xp from recovery console and lost all user data (*gripe; grumble against my sons best wishes) he lost internet connection the other day
Avast found win32 trojan-gen infected svchost and also 2 in the restore folder they had to be deleted ...did a recovery after this and still no internet connection only diectly through the modem will not connect through the router any longer signal comes in but does not recognize the connection as being valid keep pulling "page can not be displayed."
avast vault shows this:
kernel32.dll c:\windows\system32 8/4/2004 8:00:00 am 9/26/2006 4:31:14 am
kernel32.dll c:\windows\system32 7/5/2006 6:55:01 am 9/26/2006 5:05:58 am
winsock.dll c:\windows\system32 8/4/2004 8:00:00 am 9/26/2006 4:31:14 am
wsock32.dll c:\windows\system32 8/4/2004 8:00:00 am 9/26/2006 4:31:14 am
hijackthis shows this:
Logfile of HijackThis v1.97.7
Scan saved at 1:25:42 PM, on 9/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\HP_Owner.YOUR-27E1513D96\Desktop\APPLICATIONS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Connection Help (HKLM)
O9 - Extra 'Tools' menuitem: Connection Help (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159254315903
I'm not clear on this but it looks like 3 of those results on hijackthis (04) may be a concern.. I can not find anything on them to validate them being accurate... but the whole problem is that I can no longer get online with the computer ..
well I can but not with the router anymore, only direct connect via the modem...4 people in the house need the connection up !!!
I have also disabled restore and then restarted and re-enabled restore after cleaning out the temp and cache folders but I can not get the internet connection via hterouter to open again
the thing was working fine before this infection appeared so what do we need to fix to get the router to see the computer connection again ( or vise versa) according the the status there is a connection and all but when you try to open a bowser it "can not find" .....tried a winsock fix NG!!
tried to unistall and reinstall card and driver NG!
tried to release and renew ip address.. NG !
tried to ping .. all lost!
so frustrating and probably the answer is right under my nose but I am so disgusted after this one..
I have run ATF-cleaner
CCsetup 133
Drweb cureit
kasperskylab
superantispyware
vundofixit
winsockxpfix
killbox
drtcp021
Still not able to get online.... plz HELP!!!! unless directly connected via modem.. router will not open to computer or computer does not recognize connection
thank you Linda
Hi, live4me. Welcome to LandzDown Forum.
I don't have a router -- on dialup, but I have a couple suggestions. Let's see if we can get a better idea of where things stand.
First, you have an old version of HijackThis. Please uninstall the copy you have and download HijackThis© from: http://www.thespykiller.co.uk/files/HJTsetup.exe .
Note: This is a complete installer that installs HijackThis to your computer to at C:\Program Files\HijackThis, making an entry in the start menu and also providing a desktop shortcut.
At the download prompt, choose "Save". After the download is complete, navigate to the C:\Program Files\HijackThis folder and double-click it. When the installation is complete, double-click the HijackThis icon on your desktop. Select "Do a system scan and save logfile". Select a name for this first logfile. and a text file will be produced. Copy the text file and paste it here as a reply.
Second, let's get SunJava updated as the old versions are vulnerable to the Vundo/Winfixer infections. The following procedure is strongly encouraged to remove older version Java components:
- Close any open programs you may have running, especially your web browser
- Click Start > Control Panel (Depending on your OS or configuration, you may have to click Start > Settings > Control Panel)
- Open Add or Remove Programs (If you have Windows 98 or Windows 2000, open Add/Remove Programs)
- Click once on any item listing J2SE or Java Runtime Environment in the name. (Not every version of Java will begin with "Java" so be sure to read each entry in the list)
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fimg.photobucket.com%2Falbums%2Fv68%2FCorrine3%2FJava.gif&hash=9f8a933beddb44320bea986ca92d86d5fd1748ee)
- Click the Remove or Change/Remove button
- Follow steps 4 and 5 as many times as necessary to remove all versions of Java
- Search 'Programs' and 'Application Data' and remove old version files manually.
- C:\Program Files\
- C:\Documents and Settings\USERNAME\Application Data\
- Restart your PC once all Java components have been removed
- Proceed with reinstalling Java by going to http://java.sun.com/javase/downloads/index.jsp
- Click the "Download" button to the right of
QuoteJava Runtime Environment (JRE) 5.0 Update 8
The J2SE Runtime Environment (JRE) allows end-users to run Java applications.
Installation Instructions | ReadMe | ReleaseNotes | Sun License | Third Party Licenses
- Accept the agreement at the page that opens:
Quote
Required: You must accept the license agreement to download the product.
- Click: Accept License Agreement
- The page will refresh to Windows Platform - J2SE(TM) Runtime Environment 5.0 Update 8
- It is recommended that you select:
QuoteWindows Offline Installation, Multi-language jre-1_5_0_08-windows-i586-p.exe 15.74 MB
- After installing the downloaded file, restart your system again to finalize the process.
Third, since I see you have already run Winsock fix, please try this:
1. Turn off the computer(s)
2. Turn off the router
3. Turn off the cable modem.
5. Wait for about 1 to 2 minutes and then turn on the modem.
6. When the lights stop flashing (except for activity) turn on the router
7. After the router lights are not all flashing, turn on the computer
If no joy, you could try flushing your DNS cache. You need to do this from the command prompt:
-- Click Start > Run > type: ipconfig /flushdns
After it is flushed, you need to reregister it again.
-- Click Start > Run > type: ipconfig /registerdns
That should clear out the cache.
If that doesn't work ...
MS KB299357: How to reset Internet Protocol (TCP/IP) in Windows XP (http://support.microsoft.com/default.aspx?scid=kb;en-us;299357&Product=winxp)
MS KB811259: How to determine and recover from Winsock2 corruption (http://support.microsoft.com/default.aspx?scid=kb;en-us;811259)
SpyChecker.com: WinSock XP Fix 1.2 (http://www.spychecker.com/program/winsockxpfix.html)
Corrine,
thanks for the fast reply!
I am working on this right now I will be back shortly with response!
running between rooms with network help for down loading bewteen computers!
Linda
:D Hi :
I see you did take my advise on the Avast forums to come here !
These people are very good .
Yes Spirit i did .. it appears this may be a hardware issue as I installed a NIC card and it works fine HP is going to bench test the whole thing and let me know what gives..
also I sent to hijackthis forum .. if there is an indication that this computer has been jacked
I would like to remove all of this before sending it in or they maybe charging me tons of money to fix the problem..of which I am seriously lacking ... I havean italian desease called "de fundsarlow"
I am italian so I can get away with saying this....
smile and all will smile with you!
:-)
LOL
:lol: It seems that disease infects other nationalities as well.
I don't see your HijackThis log.
Logfile of HijackThis v1.99.1
Scan saved at 3:00:33 AM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\1159512340\ee\AOLSoftware.exe
c:\program files\common files\aol\1159512340\ee\aim6.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159512340\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159394738687
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
it will connect via the modem and then stay that way once reset on the router but once you restart the computer it goes back to no connection
so i really dont think it is a MB issue... I think it is the hijack setting in the registry have changed but I dont know what to reset in the registry to get the connection back to normal winsock repairs dont seem to help clearing out the cache and temp didnt help so far nothing suggested by any one has ben ofuse for this one..
IS this a new issue ... a first timer? am I A VIRGIN here? LOL
I sure hope not .. I posted on tom coyote's forum and I am hoping they get me an answer computer is schedule for PU on the 2nd for bench testing .. I dont need them to tell me it will cost me $$$ for doing a complete restore on it when i can do that myself...I of course am trying to repair so I dont loose anymore information ... kids get nasty abouthaving to replace this much "STUFF"
any more suggestions?
Linda
...
it appears that after runnin ewido we found isbar.s an adware zango in it removed and preformed a smitfraudfix which was supposed to fix the problem well it di not so now we maybe clean but still not able to reboot an use internet with out hooking to modem first
this will cause much stress in this house...
anyone want a shot at this mess?
this is what HJT looks like now:
Logfile of HijackThis v1.99.1
Scan saved at 7:55:02 PM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\AOL\1159512340\ee\AOLSoftware.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\program files\common files\aol\1159512340\ee\aim6.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1159512340\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159394738687
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
I still don't see where the culpritis?
like i said I keep running all these programs and most of them ont find anything... so I remove the programs as i go ... but still no reboot to find internet connection there have to hook up modem and then reroute thru router... what a pain in the @$$
I have searched the net and most people give up and fdisk and format and re install but I cant see why they would not want to find out where the problem is..it has got to be a registry change.. on internet
someone please give it a shot.. Im gonna go bake a cake and fix my craving to satisfy my lack of satisfaction on this mess and fix it with a sugar kick... later
I will be back to see if anyone else wants a crack at it....
Linda
Hi, Linda. As this log is "fresher" and they are pretty busy over at Tom Coyote's place, I've requested that thread be closed.
Over at Coyote's place, you wrote:
QuoteI know it has a second user on it and it will connect via a modem directly but that is the only way to get it connected to the internet via the router
Does that mean you set this up? It certainly doesn't show up in any searches.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
Othere than that, there really isn't much. MyWay Search Bar has been identified as a source of installing malware. The best thing is to start with uninstalling it. Then remove any leftovers if found with HijackThis:
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
08 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
If you did
NOT set it up, remove each of these with HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
How about updating ewido and doing a fresh scan. Restart your computer in
Safe Mode.[list=1]
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe Mode.
- Login on your usual account.
If you need further assistance with Safe Mode, see Symantec (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
Scanning and system cleaning with ewido. [list=1]
- Lauch ewido-anti-spyware by double-clicking the icon on the desktop. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
- Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
- ewido will now begin the scanning process. Be patient as this may take a little time.
- While scanning, ewido will list any infections found on the left side.
- When the scan is completed, the recommended action should be set to Quarantine. If not click Recommended Action and set it there. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
- Close ewido.
Please post a reply about "seconduser", include the ewido log and a fresh HijackThis log.
Thanks.
Corrine,
Thank you for not giving up on me.. if you negate to include the middle section of the registry you will find many listings on the net with redirect seconduser issues.. as such i will list a few here maybe this will help figure what gives on this
http://greyknight17.com/bb/index.php?topic=2666.0;prev_next=next
http://forums.afterdawn.com/thread_view.cfm/388254
http://forum.avast.com/index.php?topic=18713.0;prev_next=prev
http://forums.spybot.info/showthread.php?t=5558
http://forums.spywareinfo.com/index.php?showtopic=84437&hl=targetsaver
http://www.newbie.org/help/index.php?showtopic=3094
the ro's and r1's with redrt to seconduser seems to be integrated in HP machines so maybe this is a normal occurance??? man I wish i never bought one now....LOL this is not something I am familar with I dont ever recall a compaq redrting to seconduser but thanks for trying...
Linda
Hey Corrine I am psoting form his computer right now i have followed this link and done most everything on it.. the lsp never fixed the internet connection issue...
Click here: http://www.cexx.org/lspfix.htm to get LSP-Fix. this was already suggested earlier on another board.. it didnt do a thing...
i know i do not have New.Net so that one i skipped
I will run smitrem which i just ran accross on here
I ran Vundofix.exe already found nothing...
i ran ewido before i ran SmitfraudFix (by S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.zip didnt seem to make a difference...did not find wininet.dll infected nor was anything else...
ran killbox and it found nothing also
but no one told me what files to delete either i know i have zango or did and i updated the java to a new version so should i also delete that again?
well I will be busy tonight but i can not reboot via the modem again until well after midnight est...
so i guess I will get busy scanning this now..
Thnx again Linda
completed all an here are the reports:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:58:22 AM 9/30/2006
+ Scan result:
:mozilla.86:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Owner.JAMES\Cookies\hp_owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.8:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.57:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.60:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.70:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\HP_Owner.JAMES\Cookies\hp_owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.51:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.52:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.53:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.54:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.55:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.50:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.78:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.100:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.94:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.95:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.96:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.97:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.98:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.99:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.67:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.68:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.69:C:\Documents and Settings\HP_Owner.JAMES\Application Data\Mozilla\Firefox\Profiles\d0eg9sqj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\HP_Owner.JAMES\Cookies\hp_owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 3:05:59 AM, on 9/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\AOL\1159512340\ee\AOLSoftware.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159512340\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159394738687
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
but unfortunately still unable to get set up on the net via the router...
I am sure that if I go through the modem and reroute thru the router once i get online on the modem that we will end up with the second user thing again... I still can not figure out why it will not recognize the connection from the router to the computer unless the modem is hooked up first..?? this does not make any sense to me at all.. everything should be totally clean and setup right like it as before the problem started but it still will not recognize the router without first putting the modem online once that happens it is like it opens it's eye up and sees the connection but until then it will not connect..makes absolutely no sense to me at all...is this a MB issue? and is that why not NIC card will recognize the router without first putting it on the modem?
have you ever heard of such a thing?
should i put this baby to rest? LOL
thank you for all...
Linda
Hi, Linda. Running the SmitRem or SmitFraud tools will not solve your problem. They are for specific infections which are not a problem with your machine. Just to put to rest any question of malware, the one thing we can try is for you to rename HijackThis.exe. The only reason I suggest that is because you had an old version of SunJava on that machine that was vulnerable to the Vundo/Winfixer infection, some variations of which can hide from HJT.
Navigate to C:\Program Files\Hijackthis > Right click on HijackThis.exe > Select Rename > Rename it as you wish (i.e., L4M_HJT.exe). Don't change the extension from .exe though. Post a fresh HJT log with the renamed exe.
As I said earlier, I do not use a router so cannot help there. It could be that the NIC card has gone bad or needs to be re-seated. I don't recall if Mitch uses a router but I think we need someone like him or Temmu to take a look at that issue.
Oh Corrine,,,,
Now my one son got his online but now the other one can not get on.. seems to be the same issue.....
we are taking turns here...:-(
That being the case, it sounds like it is a problem with the router, the NIC card, the setup, or a combination thereof.,
okay well i ran the fixes on his computer too and it at first did not want to get on the net but finally we now have both of them on but I still will not know if they will manage to both get back online after a reboot I will post back here ina day when i know for sure this all worked out finally
thank you for the help and now i have a standard of formated instructions which may take a good 2 or 3 hours to follow but in the event I get stuck like this again I will go right to the steps first without trying to take a short cut
I did not take any chances and walked through all of this in safe mode
here i what i did:
I downloaded all programs listed below and then booted into safe mode and ran each program back to back....
Click here: http://www.cexx.org/lspfix.htm to get LSP-Fix.
You may not need it, but go ahead and download it.
That should restore the internet connection.
Save smitRem.exe http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 and extract the contents to your Desktop
Restart your computer in Safe Mode: (keep tapping F8 on startup)
Open the smitRem folder and double-click RunThis.bat. Follow the on-screen instructions
Restart your computer when its finished. Find the log file C:\smitRem.txt
Please download Vundofix.exe to your desktop http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a fresh HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/
don't run yet
Please download SmitfraudFix (by S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
· Install ewido.
· Run the application
· Clickon scanner
· then select the "Settings" tab.
· Once in the Settings screen click on "Recommended actions" and then select "Delete".
· Select "Automatically generate report after every scan"
· Un-Select "Only if threats were found"
· Click Complete System Scan and the scan will begin.
· When the scan is finished, Set all items to delete
· Apply all actions
· look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
RE-Boot
I will post the reports once I know for sure they are working right or not .. then I will know what to add in...
thank you again so much for your help
Linda
You may close this issue it appears that it was a router issue and not an infection of any sort
It seems the router was working fine for a year (even with a change of computers all around) before it recognized that the new owner was me (on one computer) and both my sons had a new computer added (seems it had one computer being used by two different people) but never changed his ip and computer title. I have manually gone in and updated this information and we are all able to get on now.. totally a router issue...
thank you for the input.. but this was not spyware or virus issue as we thouht it was in the first place.. seems the router needed to be manually reset even (now all computers have there own address and title) after we were using it for a year the way it was .. ?? oh well live and learn...never ave us a problem until we moved and had the internet set up in a new house!
Strange things happening everywhere...
;-(
Linda
I'm happy to hear that all is finally well. You did get SunJava updated which is a good thing.
Stop back any time. :rose: