Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Can't Access Internet - Crashes


  • Please log in to reply
2 replies to this topic

#1 dangler63

dangler63

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 13 April 2006 - 10:19 PM

A friend of mine is having problems when trying to access the internet. She ran AdAware SE; and removed 105 items. Her comptuter froze up the first 2 times she tried removing them, but finally allowed her to remove the items on her third attempt. After removing the items, she was able to go online long enough to check her email, then got booted off again.


She printed out her hijack this file for me, and I am retyping it below:






Hijackthis

Logfile of HijackThis v1.98.2
Scan saved at 8:30:22 PM, on 4/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program File\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HiJack This\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 – BHO: (no name) – SOFTWARE – (no file)
O2 – BHO: Yahoo! Companion BHO – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\ProgramFiles\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
02 – BHO: AcroIEH1prObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
02 – BHO: (no name) – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
02 – BHO: ST – {9394EDE7-C8B5-483E-8773-474BF36AF6E4} – C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
02 – BHO: MSNToolBandBHO – {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
02 – BHO: CNavExtBho Class – {BDF3E430-B101-42AD-A544-FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
03 – Toolbar: Norton Antivirus – {42Cdd1BF-3FFB-4238-8AD1-7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
03 – Toolbar: Yahoo! Companion – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
03 – Toolbar: MSN – {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
04 – HKLM\ . . \Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
04 – HKLM\ . . \Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
04 – HKLM\ . . \Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
04 – HKLM\ . . \Run: [IgfxTray] C:\WINDOWS\System32\\igfxtray.exe
04 – HKLM\ . . \Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
04 – HKLM\ . . \Run: [S3TRAY2] S3tray2.exe
04 – HKLM\ . . \Run: [PS2] C:\WINDOWS\system32\ps2.exe
04 – HKLM\ . . \Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
04 – HKLM\ . . \Run: QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” –atboottime
04 – HKLM\ . . \Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
04 – HKLM\ . . \Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
04 – HKLM\ . . \Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
04 – HKLM\ . . \Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
04 – HKLM\ . . \Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u
04 – HKLM\ . . \Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
04 – HKCU\ . . \Run: [AIM] C:\Program Files\AIM95\aim.exe –cnetwait.odl
04 – HKCU\ . . \Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
04 – HKCU\ . . \Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
04 – HKCU\ . . \Run: [Tray Temperature] C:\Program Files\AWS\WeatherBug\Weather.exe 1
04 – HKCU\ . . \Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
04 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
09 – Extra button: AIM – {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} – C:\Program Files\AIM95\aim.exe
09 – Extra button: MoneySide – {E023F504-0C5A-4750-A1E7-A9046DEA8A21} – c:\Program Files\Microsoft Money\System\mnyviewer.dll
09 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
09 – Extra ‘Tools’ menuitem: windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
012 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
016 – DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} – http://207.188.7.150/18eee26fa8f140053223/...ip/RdxIE601.cab
016 – DPF: {62475759-9E84-458E-A1AB-5D2C44ADFDE} – http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
016 – DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) – http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
016 – DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} – http://www.gigex.com/tv/igor/gigexagent.dll
016 – DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) – http://152.65.216.166/activeex/AxisCamControl.ocx
016 – DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMesse...pDownloader.cab
018 – Protocol: msnim – {828030A1-22C1-4009-854F-8E305202313F} – “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)


Thank you very much for any help you can give us.
Dorie

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:08 AM

Posted 22 April 2006 - 10:13 AM

Hello dangler63 and welcome to the BC HijackThis forum. This person is currently running an outdated version of HijackThis. Have them download the most current version from here:HijackThis_sfx.exe
(or download it for them and put it on a disk).
Delete the current HijackThis.exe file and double-click on the file you just downloaded and then click on the Unzip button to install the newer version. It will be installed to the C:\Program Files\HijackThis\ directory by default.

Boot normally, start HijackThis and perform a new scan. Post your new log file back here as a relpy to this topic and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 dangler63

dangler63
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 29 April 2006 - 12:37 AM

Thank you for your reply. I shared your reply with my friend. As soon as we can figure out our schedules, I will go to her house and help her d/l the newest version of hijack this.

Since my initial post, she has found she can get online as long as she logs on as a guest.

We will follow your instructions, and post a new log as soon as possible.

thanks
Dorie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users