I have WIN XP serv Pack 2, router for DSL through verizon, xbox 360 through router as well, connection was fine for some time, now disconnects about every 2 hours, have to reboot in order to get on the internet, if downloading something from say Bitlord, it will continue to do so, just no access to internet....please help, below is my hijackthis log...AARRGH! Your help in this matter will be greatly appreciated
Logfile of HijackThis v1.99.1
Scan saved at 5:42:46 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Hi, baw0404. Welcome to Landzdown Forum. Sorry for the delay in responding. Sometimes life takes over. Anyway, where is your antivirus software and software firewall? (A router really isn't enough these days.) We need to see both in the next log. The following are free antivirus & firewalls to choose from:
Firewalls:
Agnitum Outpost Firewall (http://www.agnitum.com/products/outpostfree/index.php)
Kerio Personal Firewall (http://www.kerio.com/kpf_download.html)
ZoneAlarm (http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp)
Antivirus:
avast! 4 Home Edition (http://www.avast.com/eng/download-avast-home.html)
AVG Free (http://free.grisoft.com/freeweb.php/doc/2/)
Avira AntiVir PersonalEdition Classic (http://www.free-av.com/)
BitDefender 8 (http://www.bitdefender.com/site/Main/view/Download-Free-Products.html?menu_id=21)
Then, you can start with the following. We'll see what turns up then.
A. Please download and install the following files:
- Please download ATF Cleaner by Atribune from http://www.atribune.org/public-beta/ATF-Cleaner.exe (http://www.atribune.org/public-beta/ATF-Cleaner.exe) . Save it to your Desktop.
- Download and install AVG Anti-Spyware 7.5 (http://free.grisoft.com/doc/20/lng/us/tpl/v5) and set it up as follows:
- After download, double-click on the file to launch the install process.
- Choose a language, click "OK" and then click "Next".
- Read the "License Agreement" and click "I Agree".
- Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
- After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking the icon on your desktop or in the system tray.
- The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
- Right-click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
- Go to Start > Run and type: services.msc
- Press "OK".
- Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
- When you find the guard service, double-click on it.
- In the Properties Window > General Tab that opens, click the "Stop" button.
- From the drop-down menu next to "Startup Type", click on "Manual".
- Now click "Apply", then "OK" and close the Services window.
- Select the "Update" button and click "Start update". Wait until you see the "Update successfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here (http://www.ewido.net/en/download/updates/). Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
B. Run ATF Cleaner
- Double-click ATF-Cleaner.exe to run the program.
- Click Select All found at the bottom of the list.
- Click the Empty Selected button.
- Click Exit on the Main menu to close the program.
C. Restart your computer in
Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe Mode.
- Login on your usual account.
If you need further assistance with Safe Mode, see Symantec (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
D. Scanning and system cleaning with AVG Anti-Spyware.
- Click on the "Scanner" button and choose the "Settings" tab.
- Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
- Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
- Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
- Click the "Scan" tab to return to scanning options.
- Click "Complete System Scan" to start.
- When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?
- Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
- Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
E. Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following, if found, and press "Fix Checked":
O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\svchost.exe
F. Restart in Normal Mode and double-click the
HijackThis icon on your desktop. Choose "Do a system scan and save logfile".
G. Post a reply with the following logs and let us know how your PC is doing:
- AVG Anti-Spyware log
- HijackThis log
Thank you.