Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Server Not found, FireFox & IE randomly.not DNS


  • Please log in to reply

#91
harveybacon

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 27, 2008 4:58:44 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/05/2008
Kaspersky Anti-Virus database records: 801559
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 112379
Number of viruses found: 1
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 02:37:20

Infected Object Name / Virus Name / Last Action
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\common\Eula.txt Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\common\spcustom.dll Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\common\spmsg.dll Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\common\spuninst.exe Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\common\update.exe Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\sp1\msgsvc.dll Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\sp1\update\KB828035.cat Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\sp1\update\update.inf Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\sp1\update\update.ver Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\sp1\wkssvc.dll Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\sp2\msgsvc.dll Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\sp2\update\KB828035.cat Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\sp2\update\update.inf Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\sp2\update\update.ver Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\sp2\wkssvc.dll Object is locked skipped
C:\83950a56b589f067658aeabc\0b796c87065dc5491621afb9\xpsp1hfm.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{E2625CC8-F667-4C9B-BFFA-90B8FE4D7A1C}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05022008-145245.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-1d833af0/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-1d833af0 ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\775d249d-6f8c9cb5/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\775d249d-6f8c9cb5 ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-1944e400/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-1944e400 ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\tmp4D1.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF1A91.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP311\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\OSession.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_H6Vs9h5K8z0Pvvt Object is locked skipped
C:\WINDOWS\Temp\mcmsc_cxjK0lr4ah5uugF Object is locked skipped
C:\WINDOWS\Temp\mcmsc_FGXb4geh11ik0yC Object is locked skipped
C:\WINDOWS\Temp\mcmsc_iinZgX15foYLIbb Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

Advertisements


#92
Blender

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
Hi,

Things seem to be looking up. You got the scan to work this time :)

Download ATF Cleaner by Atribune and save it to your Desktop.

http://www.atribune..../click.php?id=1

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
Recycle bin

The rest are optional - if you want to remove the lot, check "Select All".
Make sure ALL browser windows are closed
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

Reboot

Post fresh hijackthis log here and let me know if you still get SNF messages.

Thanks :)
  • 0

#93
harveybacon

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Attached File  main.txt   15.48KB   105 downloads
  • 0

#94
harveybacon

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
I just opened geekstogo and when I go to next screen, still got SNF. It is about half the time I open a new site, or link. It is better than it was before. I just refresh and it works. Used to refresh for a minute or two 'til it worked, but it wasn't as frequent. Now its more frequent, but refreshes right away (most of time).

Attached File  hijackthis.txt   7.58KB   43 downloads
  • 0

#95
Blender

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
Thanks for the logs.

Have Hijack fix these:
Unless you know what that "autoplay.exe" is --- fix it.
If you know what it is & its OK with you --- leave it. (but let me know what it is)

O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - .DEFAULT User Startup: Earthlink.lnk = ? (User 'Default user')

OK fix & reboot.
Re-run Hijackthis scan.
If those 2 otems show again...
Make sure hidden/system files are showing:

http://www.bleepingc...tutorial62.html
don't forget to hide files/folders when we are finished cleaning.

Then check here:

C:\Documents and Settings\Default User\Start Menu\Programs\Startup

Delete "Earthlink"

Upload "autoplay.exe" here:

http://www.virustota.../en/indexf.html

Leme know results.

----------------------
Those items found by KAV were malicious Java applets.
ATF.exe we ran cleaned out your Java Cache which is where the bad files were living.

Let me know if still getting SNF

Thanks :)
  • 0

#96
harveybacon

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
autorun.exe results. I don't know what it is. I don't understand results. "0/32"

http://www.virustota...c1277ac4a0b7242

http://www.virustota...ef7113cdd8bc84b

Deleted earthlink shortcut (old remains).

running hijack and fixing...

rebooting... :)

untitled.JPG untitled2.JPG

Edited by harveybacon, 27 May 2008 - 08:14 PM.

  • 0

#97
Blender

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
Regarding the virustotal reports...
0/32 means that noone out of 32 virus scanners found anything bad in file. (normally a good thing) :)
You know what that autoplay is? Who made it? Whats it for/related to?

-------------------------------------


If still SNF messages try this please:

Open your control panel & then open "network connections"
Right click "local area connection" and choose "properties"
Scroll through the list till you hit "Internet Protocol (TCP/IP)"
Hilight it> click "properties"
Have checked the following:

"Obtain IP address automatically"
"Obtain DNS server address automatically"
OK your way out & reboot

Now do this:

Click start> run> type cmd and hit enter.
Type this command then hit enter:

ipconfig /flushdns

It will take a few seconds then should get success message.
Exit the cmd window

Try browser


SNF?? or no?

*Blender crosses fingers (and toes) :)
  • 0

#98
harveybacon

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Attached File  hijackthis.txt   7.58KB   52 downloads

did get another SNF. :) okay, trying out last post and get back after restart.

really don't know what autorun is, it's still there in hijack log.

Edited by harveybacon, 27 May 2008 - 08:30 PM.

  • 0

#99
harveybacon

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
already had those checked in connections. Then asked freedom miniport was not verified MS, still install. okayed it. I now have connect icon on taskbar. restarting.
  • 0

#100
harveybacon

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
dns flush failed :)
  • 0

Advertisements


#101
Blender

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP

Then asked freedom miniport was not verified MS, still install. okayed it.


What??

Did you by any chance a while back have Freedom installed? Back when you had different ISP?
Freedom as I know it was a security suite provided by some ISPs.
Included firewall, antivirus, antispyware and I think parental controls.

Did you have this app then uninstall it?

autoplay.exe...

Upload it here please:

http://www.bleepingc....php?channel=20

Tell me when its there. :)

dns flush failed


Do start> run> type services.msc and hit enter.
Find and start DNS Client service. (leave manual)
Exit services.msc.

Go to control panel
Open Network connections
Right click your network connection> choose "repair"
It will disable it/re-enable it & flush DNS and so on.

See if still getting SNF.

Thanks :)
  • 0

#102
harveybacon

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
submited. and repaired connection. I really don't remember installing or uninstalling freedom, I have done so much with the new motherboard, I can't remember.
  • 0

#103
harveybacon

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
:) I THINK WE'VE GOT IT>>>> :)






Nooooooo, SNF :)




:) Just that one. Still going strong. I'm just Stumbling through, and having no problems...

Edited by harveybacon, 27 May 2008 - 09:16 PM.

  • 0

#104
Blender

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
Reboot & try browser again... see if no SNF is consistant. :)
  • 0

#105
harveybacon

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
getting SNF as before. Still frequent and quick to refresh. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP