Started with many virii, worms, adware that were hard to ID

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 19th October 2009, 4:04 pm

Unfortunately, I was trying to keep a bunch of programs that I had gotten on Giveaway of the Day. That was why I was trying to just get rid of my infection without restoring from an image that does not have all of these programs. Are we saying that it looks like my Windows installation is damaged and that is what is causing my computer's behavior now? If so, I looked into doing a Windows Repair, but I don't have the disc nor remember my Administrator password. If I could, I suppose I would really like to try to repair my Windows without data loss if possible. My image restore would be my last resort.

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 20th October 2009, 1:19 am

Go ahead with repair and let us know how that goes for you.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 20th October 2009, 2:20 am

Any suggestions on how to go about that without an administrator password or a Windows disc for that machine? As I mentioned earlier, it came preinstalled with an OEM copy of Windows XP Media Center and I cannot recall my administrator password.

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 20th October 2009, 4:40 am

If you are not willing to do the image restore, then what would be your approach.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 20th October 2009, 10:45 pm

I would like to try to do a Windows Repair that would not wipe out all my data first. But I already mentioned my issues with that. I know there may be some free or low cost utilities out there that will recover or reset your administrator password and possibly also something to enable a Windows Repair, but I could use some help in identifying those. Any ideas? Do you know of anything?

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 21st October 2009, 12:46 am

This might help: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 21st October 2009, 4:12 am

Many thanks. A bit to read here and possibly a lot more to do. I will post again after trying a few things.

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 26th October 2009, 5:57 pm

Belahzur and DragonMaster Jay,

OK. I have finally gotten past my immediate issue (which was the login loop). I thought that I would have to do a repair install, thus the need for remembering my password. The link you gave me above about the password got me started and I finally found this cracking utility which worked very well and automatically after burning the iso image to CD: [You must be registered and logged in to see this link.]. It cracked my password in a little over 5 minutes! Popped my WinXP Home Ed CD into the drive, but no option to repair became available (I am guessing this is because I installed SP2 and this is the SP1 CD--I don't know). Anyway, I finally found the right search to determine that my login loop was caused because because of a userinit.exe and wsaupdater.exe problem. fȋxed that and login worked with all of my info/programs intact.

That being said, I now have problems with some unknown dlls not being found, an internet connection that I can't seem to get to work anymore, and an occasional Windows error that crops up mentioning a missing or corrupt \minint\SYSTEM32\Config\System.

*** Any further ideas or should I now turn to another forum as it appears this is no longer due to an active virus?

Thank you for all your help.

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 27th October 2009, 9:59 pm

*** Any further ideas or should I post to another forum? Please see below and previous post for more info if necessary. Thanks, again!

Update of my prior post... Got rid of the dll problem using CCLEANER. Also, hopefully got rid of the crash (using XP_fix.exe) that was occurring with the missing or corrupt \minint\SYSTEM32\Config\System while logged into Windows (waiting to see if this repeats).

Only remaining problem (that is obvious to me anyway):
- wireless network adapter card has a great signal and says connected
- I can ping IP address and DNS address (i.e. Google) without issue
- IE won't connect to any website
- IE won't connect to router at 192.168.0.1
- I tried turning off the firewall on the wireless desktop
- Other wireless computer can browse the internet through the same router.
- IPCONFIG /all looks similar to other wireless computer

Note:
I have not tried another browser. Before my infection, it was working (which is how I got the infection in the first place!).

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Belahzur on 28th October 2009, 1:21 am

Hello.
Sounds like a proxy maybe, did you check that too? Did you try another browser? Does Firefox work?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 30th October 2009, 2:01 pm

Firefox starts up and yields a blank page and it doesn't look like I have anything set for proxy.

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 2nd November 2009, 3:18 am

What is the latest report? What are any problems you are having?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 3rd November 2009, 6:14 pm

The latest is I am still dead with my wireless internet connection. IE and Firefox do not connect, yet I am able to ping [You must be registered and logged in to see this link.] and its IP address successfully. I think my next step is to try a hardwired ethernet connection to find out if that will connect. If so, I believe that will tell me whether it is a wireless or a wireless/firewall or just a firewall problem.

Does that sound right?

Do you have any further ideas?

Thanks!

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 4th November 2009, 3:30 am

Go ahead and try hardwired and let me know the results please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 6th November 2009, 7:48 am

I tried hardwired and no go.

Firefox and IE both come up with blank pages. No proxies, no firewalls. Ping still works either hardwired or wireless. When I disable them, ping does not work (as expected). All that shows in Firefox is done at the bottom and the white, blank page. There are no other messages.

Because this machine is now operating standalone, would it be worth running another HJT?

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 6th November 2009, 2:10 pm

Sure, we can start off with another HijackThis log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 7th November 2009, 4:20 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:02 PM, on 11/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Customer\Wireless PCI_CardBus utility V1.01\Wireless PCI_CardBus utility V1.01.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Mom~Dad\Application Data\U3\00001673A671642D\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (no name) - {a96bcc63-40fd-402c-9b9f-4909a30d1c38} - (no file)
O2 - BHO: (no name) - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O2 - BHO: (no name) - {eeea7df5-983d-4519-a80e-f576b6d6b221} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AcronisTrueImage Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [skinclock] C:\Program Files\Real Ball\realball.exe.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\winlognn.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [z2m0z66rj1jcdf9luoh] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\itnm86silg.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [nt2h43rqwj1rpm9hw0tebbjor7pebssyb7siaud6nr] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\i4pxqur.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [b19mn21g0unygi8ctkk9w4oh9af84ek1cx7t] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\rhpkutjmjw.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [e9f3p78dpznr3ftgicgqg7z6g9cm876v] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\q0fotu35.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [o6xv0aplwwdu7ek22gnf] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\asa98nl2.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [ylpqnc0e1gzq3dls7t2jgz7b9eg60rgmajj21y8t3zhapn0m1] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\b2f7z45dm.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [system tool] C:\WINDOWS\sysguard.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [c7px2kk2nl1q4mpm7wf3fo7hwavmhu] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\vqwpshtkrz.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [phk3m5jddtntqi2] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\qb1x3g8m.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)" -"http://www.drivearcade.com/playgames/1320/moto-urban-fever.html" (User 'Alex~Lucas~Zachary')
O4 - S-1-5-21-3405786225-280757992-2748749879-1006 Startup: PowerReg Scheduler V3.exe (User 'Alex~Lucas~Zachary')
O4 - S-1-5-21-3405786225-280757992-2748749879-1006 User Startup: PowerReg Scheduler V3.exe (User 'Alex~Lucas~Zachary')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launch Wireless PCI_CardBus utility V1.01.exe.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\docume~1\alex~l~1\locals~1\temp\ntdll64.dll' missing
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.94,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.94,85.255.112.147
O20 - AppInit_DLLs: C:\WINDOWS\system32\davuhano.dll yyzlmx.dll c:\windows\system32\hagatogo.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O20 - Winlogon Notify: nwdmoihl - skutwek.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10665 bytes

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 7th November 2009, 1:05 pm

I ran HJT last night and posted the log (see previous post). I left the system with HJT open and the machine running. This morning I see the following error on screen (even though Windows seems to be running fine):

Windows could not start because the following file is missing or corrupt:
\Minint\SYSTEM32\CONFIG\SYSTEM
You can attempt to repair this file by starting Windows Setup using the original Setup CD-ROM. Select 'r' at the first screen to start repair.

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 7th November 2009, 8:47 pm

Is your computer able to run at all?

If so, please do the following:

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (no name) - {a96bcc63-40fd-402c-9b9f-4909a30d1c38} - (no file)
O2 - BHO: (no name) - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O2 - BHO: (no name) - {eeea7df5-983d-4519-a80e-f576b6d6b221} - (no file)
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\winlognn.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [z2m0z66rj1jcdf9luoh] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\itnm86silg.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [nt2h43rqwj1rpm9hw0tebbjor7pebssyb7siaud6nr] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\i4pxqur.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [b19mn21g0unygi8ctkk9w4oh9af84ek1cx7t] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\rhpkutjmjw.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [e9f3p78dpznr3ftgicgqg7z6g9cm876v] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\q0fotu35.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [o6xv0aplwwdu7ek22gnf] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\asa98nl2.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [ylpqnc0e1gzq3dls7t2jgz7b9eg60rgmajj21y8t3zhapn0m1] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\b2f7z45dm.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [system tool] C:\WINDOWS\sysguard.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [c7px2kk2nl1q4mpm7wf3fo7hwavmhu] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\vqwpshtkrz.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [phk3m5jddtntqi2] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\qb1x3g8m.exe (User 'Alex~Lucas~Zachary')
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.94,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.94,85.255.112.147
O20 - AppInit_DLLs: C:\WINDOWS\system32\davuhano.dll yyzlmx.dll c:\windows\system32\hagatogo.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O20 - Winlogon Notify: nwdmoihl - skutwek.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

Please reboot your computer.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\system32\davuhano.dll
c:\windows\system32\hagatogo.dll
c:\windows\system32\yyzlmx.dll
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\winlognn.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\itnm86silg.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\i4pxqur.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\rhpkutjmjw.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\q0fotu35.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\asa98nl2.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\b2f7z45dm.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\sysguard.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\vqwpshtkrz.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\qb1x3g8m.exe



Please reboot your computer, and post a new HijackThis log here in your next reply.

==

There is some evidence of what may be a very nasty infection.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:

  • Back up all important data on the machine.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:

    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account umbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.


==

If you are able to post the HJT log, go ahead. If not, please let me know.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 8th November 2009, 4:10 am

Followed all of your instructions without incident. Here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:48 PM, on 11/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AcronisTrueImage Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [skinclock] C:\Program Files\Real Ball\realball.exe.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)" -"http://www.drivearcade.com/playgames/1320/moto-urban-fever.html" (User 'Alex~Lucas~Zachary')
O4 - S-1-5-21-3405786225-280757992-2748749879-1006 Startup: PowerReg Scheduler V3.exe (User 'Alex~Lucas~Zachary')
O4 - S-1-5-21-3405786225-280757992-2748749879-1006 User Startup: PowerReg Scheduler V3.exe (User 'Alex~Lucas~Zachary')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launch Wireless PCI_CardBus utility V1.01.exe.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\docume~1\alex~l~1\locals~1\temp\ntdll64.dll' missing
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7832 bytes

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 8th November 2009, 11:22 pm

Good. Can you connect to the internet on that machine?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 9th November 2009, 4:49 am

No, I still can't and still get the same thing. I am posting screenshots to show the behavior. Although I used my router url in the screenshots, I get the same thing for sites such as Google--whether I use its IP address or DNS name.




Any other ideas? Thanks.

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 9th November 2009, 4:54 am

See last post, please. Here are the screenshots I referred to.
[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 10th November 2009, 12:32 am

Seems to be either a router or modem issue.

Please open Internet Explorer and place the following address in your address bar: [You must be registered and logged in to see this link.]
This will ask for a password, then may redirect to the setup screen. If this does, then the router is working fine, probably.

Now, check the outside of your modem for an address such as:

192.168.x.xxx

("x"=some number)

Place that in your address bar, and hit Enter. Can you access the settings of the modem?

Please tell me either of the results, so I know how to instruct you next.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 10th November 2009, 12:50 am

My router is a D-Link DI-524 with an IP address of 192.168.0.1 (not 192.168.1.1). If I put 192.168.1.1 in the problem machine's IE, nothing changes in the browser. If I put it in two other good machines, it can't find the URL. If however I put in 192.168.0.1 on the good machines (one ethernet and one wireless), they connect just fine. The problem machine still won't display anything in the browser, but can still ping the IP address.

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 10th November 2009, 2:03 am

I would recommend to contact your Internet Service Provider. It seems like a router or modem issue.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 10th November 2009, 2:37 am

OK. I was always able to connect before the infection so it makes me wonder. Do you think the rest of my infection has been cleared?

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 10th November 2009, 3:00 am

Please re-open Malwarebytes, select Perform Full Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 10th November 2009, 4:55 am

Because I cannot connect to the internet on that machine, I just ran MBs scan after install. Here is the log:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

11/9/2009 10:42:41 PM
mbam-log-2009-11-09 (22-42-41).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 185311
Time elapsed: 21 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsaupdater.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 10th November 2009, 5:25 am

Please do a full scan with Malwarebytes again, and post a log.

Are you running any antivirus software or any other security software?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 10th November 2009, 6:01 pm

I don't know of any antivirus or security software that would be running. Keep in mind that I am not running the latest DB version of MBs as I can't update it with the latest updates. When I rerun MB I get the following log. When I run the "Remove Selected", it says it removed them, however another scan shows that they are still there. I will also post my running processes.

Malwarebytes' Anti-Malware 1.41
Database version: 2775

Windows 5.1.2600 Service Pack 2

11/10/2009 11:05:08 AM
mbam-log-2009-11-10 (11-05-00).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 184163
Time elapsed: 20 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 11th November 2009, 8:14 pm

Call your Internet Service Provider (ISP) and see if it is a network problem. There may be a lot of things wrong, such as:

-Issues with the line from your home to the service station.
-Issues with the service quality, which may be overload on a network.
-Ethernet cable is bad.
-Router / modem is of poor quality or is dying.
-Line running in to your house is damaged.
-Too much interference, if on a wireless network.

All of these are ideas you may want to bring up with your ISP.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 11th November 2009, 11:48 pm

Will do. Thank you for all your help.

One last question regarding the following from Malwarebytes:
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
Does something still need to be done?

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 12th November 2009, 3:49 am

Not at all. Once you can get the connection restored, update the database and post a log if anything is found.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 21st November 2009, 2:55 am

Latest update

I am still not able to browse the web from IE or Firefox. I reset my wireless, verified all computers (ethernet desktop, wireless laptop, and the problem wireless desktop) were all given IP addresses. All three computers have the correct mac addresses listed in the router's log and all show connected. I can ping to other computers, they can ping my problem computer, I can ping the localhost--all come back with no loss. Looks like I can do everything, except for browsing the web. I am mystified.

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 21st November 2009, 3:51 am

What antivirus or other security software is installed. Please list any.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 21st November 2009, 5:31 am

Norton Antivirus 2005 was installed at one time, but as far as I can tell, I removed that. I also have checked for proxies and unless I missed something, I am not using any.

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 21st November 2009, 2:35 pm

Did you run the Norton Removal Utility yet?

If not, please grab it from this page: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 21st November 2009, 7:55 pm

Thanks for the link, but no change. I just ran the utility and rebooted the computer, but neither browser can still use the internet. Here is part of the router's log showing that I am connected using the right mac address:

Nov/21/2009 13:46:09 DHCP lease IP 192.168.0.102 to acer-3b6299156d 08-10-74-18-c2-98
Nov/21/2009 13:46:05 Authentication Success 08-10-74-18-c2-98
Nov/21/2009 13:46:04 Authenticating...... 08-10-74-18-c2-98
Nov/21/2009 13:46:04 Wireless PC connected 08-10-74-18-c2-98

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 22nd November 2009, 2:01 am

Maybe my new tool can find the issue:

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay.
  • Save it to your Desktop.
  • Right-click on the file and select Extract All...
  • Choose a location to save extracted files and keep pressing Next until Finish.
  • Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete the folder RenewMyDNS.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 25th November 2009, 4:57 am

Nice utility but I had to modify it for Windows XP. Here is the log and the cache:

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.0 - November 2009

Microsoft Windows XP [Version 5.1.2600]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))




Windows IP Configuration



Host Name . . . . . . . . . . . . : acer-3b6299156d

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-15-58-08-45-B7



Ethernet adapter Wireless Network Connection 18:



Connection-specific DNS Suffix . : hsd1.il.comcast.net.

Description . . . . . . . . . . . : 802.11g/b Wireless LAN Client Adapter

Physical Address. . . . . . . . . : 08-10-74-18-C2-98

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Saturday, November 21, 2009 1:46:14 PM

Lease Expires . . . . . . . . . . : Saturday, November 28, 2009 1:46:14 PM


(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.



(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))


Pinging yahoo.com [] with 32 bytes of data:



Reply from 209.131.36.159: bytes=32 time=73ms TTL=50

Request timed out.

Reply from 209.131.36.159: bytes=32 time=75ms TTL=50

Reply from 209.131.36.159: bytes=32 time=74ms TTL=50



Ping statistics for :

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),

Approximate round trip times in milli-seconds:

Minimum = 73ms, Maximum = 75ms, Average = 74ms



Pinging geekpolice.net [] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for :

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),



Pinging facebook.com [] with 32 bytes of data:



Reply from 69.63.187.19: bytes=32 time=48ms TTL=243

Reply from 69.63.187.19: bytes=32 time=45ms TTL=243

Reply from 69.63.187.19: bytes=32 time=50ms TTL=243

Reply from 69.63.187.19: bytes=32 time=46ms TTL=243



Ping statistics for :

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 50ms, Average = 47ms



Pinging microsoft.com [] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for :

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 25th November 2009, 5:11 am

There was a bug in the last version. I fixed it earlier tonight. Goofy
There is a new version available. Please delete the current copy of RenewMyDNS, then download the new one and post a log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 26th November 2009, 1:51 am

Here you go. Both log and cache:

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows XP [Version 5.1.2600]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))




Windows IP Configuration



Host Name . . . . . . . . . . . . : acer-3b6299156d

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-15-58-08-45-B7



Ethernet adapter Wireless Network Connection 18:



Connection-specific DNS Suffix . : hsd1.il.comcast.net.

Description . . . . . . . . . . . : 802.11g/b Wireless LAN Client Adapter

Physical Address. . . . . . . . . : 08-10-74-18-C2-98

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Wednesday, November 25, 2009 1:46:14 AM

Lease Expires . . . . . . . . . . : Wednesday, December 02, 2009 1:46:14 AM


(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.



(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))


Pinging yahoo.com [] with 32 bytes of data:



Reply from 69.147.114.224: bytes=32 time=45ms TTL=52

Reply from 69.147.114.224: bytes=32 time=50ms TTL=52

Reply from 69.147.114.224: bytes=32 time=45ms TTL=52

Reply from 69.147.114.224: bytes=32 time=56ms TTL=52



Ping statistics for :

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 56ms, Average = 49ms



Pinging geekpolice.net [] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for :

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),



Pinging facebook.com [] with 32 bytes of data:



Reply from 69.63.181.11: bytes=32 time=74ms TTL=241

Reply from 69.63.181.11: bytes=32 time=72ms TTL=241

Reply from 69.63.181.11: bytes=32 time=73ms TTL=241

Reply from 69.63.181.11: bytes=32 time=74ms TTL=241



Ping statistics for :

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 72ms, Maximum = 74ms, Average = 73ms



Pinging microsoft.com [] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for :

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 27th November 2009, 1:35 pm

Hi

Will you give me a history of when you had purchased the equipment necessary to run your Internet connection?

Also, please list the name and model number of the modem and/or router. I can do a troubleshooter online to get specific solution. It seems there is incorrect settings in either your router and/or modem. As we have now eliminated all other possibilities.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 27th November 2009, 10:01 pm

Hi,
Hope you had a good Thanksgiving. I have a D-Link, DI-524, 802.11G/2.4 GHz Wireless Router that I must now have been using for a couple of years. It uses a DWL-G122 Wireless G USB Adapter that came with the product for setup. My desktop that I am using now (to write this) connects to it directly through cable and another laptop connects to it wirelessly and works just fine with the internet. The problem machine used to connect to it wirelessly until I got the malware and viruses. Now, it seems like it won't connect out. Also, I believe I get the same results if I try to bypass the router and connect directly to the cable modem.

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 2nd December 2009, 4:07 pm

bump [Note: The last line of my previous reply is not correct. I have not been able to bypass the router. Additional info -- Here is my home setup: jack to cable/phone modem, cable to DI-524, DI-524 cable to desktop (working), DI-524 wireless to laptop (working), DI-524 wireless to desktop with wireless adapter and external antenna (not working). Each computer gets assigned its own IP address and can be pinged on the network.]

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 2nd December 2009, 8:27 pm

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
  • Now click on the Connections tab and then the Lan Settings button
  • Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.


Let me know if this worked.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 2nd December 2009, 9:30 pm

Just giving you a heads up. I will check later tonight, but I think I have checked this already as I thought that I made sure that I wasn't using a proxy. I will let you know tonight. Thanks!

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by robs27 on 3rd December 2009, 3:51 am

Confirmed that nothing is checked on the LAN Settings dialogue.

robs27
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2009-09-21
OS OS : XP
Points Points : 26656
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Started with many virii, worms, adware that were hard to ID

Post by Dr Jay on 3rd December 2009, 6:17 am

Ok. I will be researching this with some other experts, and get back to this thread.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum