Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot connect to the internet


  • Please log in to reply
3 replies to this topic

#1 SciFiAZ

SciFiAZ

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 08 December 2004 - 01:22 PM

I recently ran a virus check with both Adaware and Spybot, and upon completion started getting iexplore.exe & rundll32.exe application errors every time I try to connect to the internet. Whenever I try opening Internet Explorer (or Netscape, or AOL for that matter) I am unable to connect to the internet, and upon exiting I get the following error:

iexplore.exe - Application Error. The intruction at "0x77f7e22a" referenced memory at "0x0131365c". The memory could not be "read". Click on OK to terminate the program.

After clicking OK I get a similar error message for rundll32.exe. I have cleared all my temp files, ran Adaware & Spybot several times, ran cleanmgr, and nothing is working. Maybe I had a bad uninstall of a program?

Here is my HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 11:03:41 PM, on 12/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\mshc32.dll:qnebj
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\javace32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Program Files\Aladdin Systems\Internet Cleanup\ONICTASK.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
E:\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Craig\Application Data\Mozilla\Profiles\default\aj0jrtku.slt\prefs.js)
O2 - BHO: (no name) - {340035E2-30D5-9AC6-0792-7AEABB284C0D} - C:\WINDOWS\sdkim32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ptrun32] C:\WINDOWS\System32\ptrun32\ptrun32.exe -startup
O4 - HKLM\..\Run: [yhtcc] C:\documents and settings\ryan\local settings\temp\yhtcc.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [z3] C:\documents and settings\ryan\local settings\temp\z3.exe
O4 - HKCU\..\Run: [PTRUN32] C:\WINDOWS\System32\ptrun32\ptr32w.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [Kuyjcrkk] C:\WINDOWS\System32\r?ndll32.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - Startup: IC Task Manager.lnk = C:\Program Files\Aladdin Systems\Internet Cleanup\ONICTASK.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: LimeWire 4.0.8.lnk = C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: IC 3.0 (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8162.8766550926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

Even though I am unable to access the internet, I can transfer programs between my laptop and affected computer.

Thanks, I appreciate any help you can give me!

BC AdBot (Login to Remove)

 


#2 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:09:40 AM

Posted 10 December 2004 - 02:34 PM

Hi SciFiAZ,

Sorry about the delay in responding to you.
I will be undertaking the review of your log and will get back to you very soon with some initial things I need you to fix.

If you have already found a solution then please let me know.

#3 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:09:40 AM

Posted 11 December 2004 - 08:27 AM

Hi SciFiAZ,

There are quite a few things wrong with your machine in addition to your Internet connection.
You are seriously behind on your Operating System updates and we need to tackle them before we can fix the
remainder of the malware infections. I would like you to do the following so that we have the basic platform right
before we proceed:

You are using an outdated version of hijackthis. Please download the newer version.
Download HijackThis from: HijackThis Download Site

You are running HijackThis from your E:\ drive. I need to see it in a folder on your C:\ drive where I know the backups HijackThis
makes may will not get accidentally deleted, so please put HijackThis into a permanent folder.
Full instructions on how to do this can be found here:Detailed Explanation
Brief instructions to create a permanent folder are:
  • Click My Computer, then C:\
  • In the menu bar, File->New->Folder.
  • That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
  • Now you have C:\HJT\ folder.
  • Put your unzipped HijackThis.exe there.
Run your new version of HijackThis, save the log file, transfer the log to your laptop and post here.

#4 SciFiAZ

SciFiAZ
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 13 December 2004 - 01:59 PM

Thanks for the reply! I will download the latest version and run it again tonight as requested.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users