Computer Hope
Software => Computer viruses and spyware => Topic started by: darksome on May 11, 2008, 07:05:23 PM
-
Ever since Wednesday I have been unble to connect online...both in IE and Firefox...the home page never loads...I have scanned the computer tirelessly for viruses etc and still nothing...i also did the CMD--->FLUSH DNS and nothing...yesterday however, firefox and IE worked unexpectedly right after a command prompt seemed to appear and disappear for a mere 5 seconds, don't really know what that was all about...I have also looked at all connections everything is working fine...the browsers seem to be the ones with the problem...I even reinstalled firefox and still nothing...I'm running out of ideas...any suggestions would be greatly appreciated.
my comp is XP Professional
-
Cable.DSL or dial up connection? Have you checked with your ISP? Especially if it's Comcast
-
i have dsl...I have contacted the IP but still no reply.
-
Any router involved?
-
Any router involved?
router? what do you mean, i'm kind of a novice.
-
Is your computer connected straight to DSL modem?
-
yeah everything is perfectly fine...the problem lies with the browsers themselves...i'm only able to access the internet through the control panel address bar...i thought that it might be a hijack but all scans have cleaned up everything that would be considered a threat
scanners: AT&T Yahoo Online Protection, Registry Defender, CCleaner, X Clean Micro, and Spybot Search and Destroy.
-
Is your computer connected straight to DSL modem?
??
i'm only able to access the internet through the control panel address bar.
How do you do this? Browsers are not your problem.
Registry Defender is a rogue program, and it may be one of your problems.
Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download)
Click on Download HijackThis Installer
Post HijackTHis log.
-
btw i also did the windows diagnostics scan and the HTTP and SMTP results came out as "FAILED" don't really know what that means.
-
windows diagnostics scan
What's that?
Anyway, one step at a time, please.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:07 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\dns\bin\named.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {61166EBE-A296-4894-AE84-D9C18AEDA553} - (no file)
O2 - BHO: (no name) - {71BC8721-392E-4273-AA09-7B8C1ABAB91D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {833ea344-1dd2-11b2-a689-d4a9c4b32f52} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BMd3f00c8a] Rundll32.exe "C:\WINDOWS\system32\dkrbwppu.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4994/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{77086DEC-B4A2-4EA1-AC01-71D953D11301}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9DAD8E9-B0A0-4B40-B284-4365E0C0063E}: NameServer = 127.0.0.1,208.67.220.220,208.67.222.222,
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC5384A4-198A-4F47-A6AF-2335C609D0BC}: NameServer = 127.0.0.1,192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F065D76B-6F08-45B4-9B4E-EA269D2823E8}: NameServer = 127.0.0.1,208.67.220.220,208.67.222.222,
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.184
O17 - HKLM\System\CS2\Services\Tcpip\..\{77086DEC-B4A2-4EA1-AC01-71D953D11301}: NameServer = 127.0.0.1
O20 - Winlogon Notify: khfGywUk - khfGywUk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: twdns - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - http://myspace-876.vo.llnwd.net/00211/67/86/211186876_m.jpg
O24 - Desktop Component 1: (no name) - http://i57.photobucket.com/albums/g212/darksome123/004.jpg
O24 - Desktop Component 2: (no name) - http://myspace-861.vo.llnwd.net/01349/16/86/1349976861_l.jpg
-
i think 010 is my problem...what do you think?
-
O10 entry is legit. Let me check the log.
-
*** Go Start>Control Panel>Add\Remove, and uninstall Bearshare, if listed.
Print these instructions out.
1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/ (http://www.superantispyware.com/)
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html (http://www.superantispyware.com/definitions.html).)
* Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen
* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
RESTART COMPUTER!
2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
RESTART COMPUTER!
3. Post new HijackThis log.
-
Broni!!! Thank you so much!!!
You have no idea how grateful I am...it works now!!!
I'm jumping with joy!!! :o
Once again thank you...you are my new hero!
-
I'm glad, your internet is back, but still, I'd like to see those three logs to see, if your computer is clean, and it won't happen again.