Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet Access With Firefox


  • Please log in to reply
11 replies to this topic

#1 Lauren_Marie

Lauren_Marie

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 04 November 2007 - 08:05 AM

No internet connection when it works on my sisters computer. It is sending and receiving (I tried disabling and enabling, still doesnt work).

XOFTSPY found "ABout:Blank" severe risk malware and when I try to remove it, it always comes back and finds it again. I think this may be the problem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:02 AM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
F:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lauren Marie\My Documents\Unzipped\hijackthis[1]\HijackThis1.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://rimmel.ai-media.com/save/makeover.cab
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave.com/content/dinerdash...ic.1.0.0.92.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7319 bytes

Edited by Lauren_Marie, 04 November 2007 - 08:29 PM.


BC AdBot (Login to Remove)

 


#2 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 04 November 2007 - 11:59 PM

Hello

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans on the bottom right, check the box for Reg - Disabled MS Config Items.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

#3 Lauren_Marie

Lauren_Marie
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 05 November 2007 - 07:35 AM

Here you go. Sorry about the wait, I had to find my Flash USB drive. Download it on my laptop, run to my infected computer and upload it.

Thanks for your help :D

Attached Files



#4 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 05 November 2007 - 05:36 PM

You seem to have three anti-virus programs on your PC, Kaspersky, AntiVir, Bitdefender. You need to remove two of these programs. I recommend keeping Kaspersky since it is the best. So please go to Start > Control Panel > Add or Remove Programs > Remove AntiVir and Bitdefender

Let me know how it went removing two anti-virus programs.


Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Registry - Non-Microsoft Only]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> viewmgr ->
< Internet Explorer Settings > ->
YN -> HKLM: Start Page -> about:blank
YN -> HKCU: Start Page -> about:blank
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKLM] -> Reg Data - Value does not exist [&Links]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> Reg Data - Value does not exist [ButtonText: Web Anti-Virus statistics]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp -> Reg Data - Key not found
YN -> msdaipp -> Reg Data - Key not found
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk -> Reg Data - Value does not exist
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk -> Reg Data - Value does not exist
YN -> C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Palfun.lnk -> Reg Data - Value does not exist
YN -> C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Silica Weather.lnk -> Reg Data - Value does not exist
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> AOL Fast Start -> Reg Data - Value does not exist
YN -> AOLDialer -> Reg Data - Value does not exist
YN -> Free Download Manager -> Reg Data - Value does not exist
YN -> HostManager -> Reg Data - Value does not exist
YN -> KAVPersonal50 -> Reg Data - Value does not exist
YN -> KernelFaultCheck ->
YN -> mmtask -> Reg Data - Value does not exist
YN -> RealTray -> Reg Data - Value does not exist
YN -> Skype -> Reg Data - Value does not exist
YN -> SmcService -> Reg Data - Value does not exist
YN -> viewmgr ->
[Files/Folders - Modified Within 30 days]
NY -> @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
[File String Scan - Non-Microsoft Only]
NY -> @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

I will review the information when it comes back in.



Also do you have Windows Firewall enabled ?



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



* Click here to download AVG Anti Rootkit and save it to your desktop.
  • Double-click on the AVG_AntiRootkit_1.0.0.42.exe file to run it.
  • Click "I Agree" to agree to the EULA.
  • By default it will install to "G:\Program Files\GRISOFT\AVG Anti-Rootkit Beta".
  • Click "Next" to begin the installation then click "Install".
  • It will then ask you to reboot now to finish the installation.
  • Click "Finish" and your computer will reboot.
  • After it reboots, double-click on the AVG Anti-Rootkit Beta shortcut that is now on your desktop.
  • Click on the "Perform in-depth search" button to begin the scan.
  • The scan will take a while so be patient and let it complete.
  • When the scan is finished, click the "Save result to file" button.
  • Save the scan results to your desktop then come back here to copy and paste the results in your next reply to this thread.


#5 Lauren_Marie

Lauren_Marie
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 05 November 2007 - 07:49 PM

I cant do the online kaspersky thing because, well, thats my problem, I cant access the internet from mycomputer, something virusy is stopping me. The rootkit found nothing, so I have nothing to post for you :thumbsup:

Here is the things you asked for:

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\viewmgr deleted successfully.
Registry value deletion failed for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page .
Registry value deletion failed for HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page .
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2CF5485-4E02-4F68-819C-B92DE9277049} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp deleted successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Palfun.lnk deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Silica Weather.lnk deleted successfully.
C:\WINDOWS\pss\Silica Weather.lnkStartup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Fast Start deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLDialer deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Free Download Manager deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KAVPersonal50 deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mmtask deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmcService deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\viewmgr deleted successfully.
File not found.
[Files/Folders - Modified Within 30 days]
ADS C:\WINDOWS\Thumbs.db:encryptable deleted successfully.
[File String Scan - Non-Microsoft Only]
Unable to delete ADS C:\WINDOWS\Thumbs.db:encryptable .
[Empty Temp Folders]
C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Lauren Marie\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of log >
Created on 11/05/2007 19:01:31

Attached Files



#6 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 05 November 2007 - 10:20 PM

Do you have Windows Firewall enabled?

Did you remove two anti-virus programs ok?

Have you had malware problems recently?


Please post a new HijackThis log.

#7 Lauren_Marie

Lauren_Marie
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 05 November 2007 - 11:49 PM

No, kaspersky asked for me to disable.
Yes, I did.
Yes, Xoftspy is seeing some sever about:blank problem that it isnt deleting.

#8 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 05 November 2007 - 11:52 PM

About : Blank isn't anything too important, and definitely isn't responsible. So you have no Internet Access at all with the PC?

Go to this link and run LSP Fix
http://cexx.org/lspfix.htm

Let me know how that goes.

#9 Lauren_Marie

Lauren_Marie
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 06 November 2007 - 07:55 AM

how isn't it anything important when xoftspy says its a "severe risk." and its in the registry? :S

I ran that LPSFix and it found nothing.

#10 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 06 November 2007 - 04:44 PM

Xoftspy is wrong

About:blank isn't responsible for your problem. In fact you have absolutely no malware on your PC. I see no signs that malware was responsible in the first place either.


Try this instead

1.


Log on and make sure your account has administrator privileges.

2.


Click Start, click Run, type cmd, and then click OK.

3.


At the command prompt, type the following in bold, and then press ENTER:

netsh Winsock reset

When the program is finished, you will receive the following message:

Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset.

If you receive this message, go to step 4.

If you are not logged in as an administrator, you will receive the following error message:

Unable to reset the Winsock Catalog. Access is denied.

If you receive this message, log off the computer, and then log back on by using an account with Administrator access. Typically, the first user account that was created has Administrator access. Then, repeat steps 2 and 3.


4.

Reboot your PC

#11 Lauren_Marie

Lauren_Marie
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 06 November 2007 - 08:39 PM

Did that, still no internet connection! bah!
So frustrating!

#12 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 06 November 2007 - 11:06 PM

Well this isn't a malware related problem, so there is only so much I can do.

You would have a better chance of finding a solution by posting here
http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

Let me know how that goes.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users