I'm not sure what the problem is. It's really odd. A few weeks ago I lost my internet connection for a couple days and was told it had something to do with a cable or something on my ISP's end. Ever since then a certain friend of mine started getting disconnected all the time. Every 2-10 minutes, he said. I didn't think it could be related except he mostly only gets disconnected when he talks to me. (Via Yahoo! or MSN messengers.) We used to always use Y!M, but now he gets disconnected if he just says one thing to me with it. We used to send each other files with MSN just fine, but now he can't send me files and gets disconnected if I try to send one to him. The really strange thing is he isn't having these problems with anyone else, only me. He reformated his computer and right afterwards it wasn't disconnecting him, but once he talked to me again for the first time since he did the format, it started disconnecting him again. I also reinstalled my instant messengers and did all sorts of scans trying to figure out if the problem is on my end. Well, just this week, I started getting disconnected all the time, too. Every 5-15 minutes, if not more. It's so annoying. I found out my friend and I both use Verizon DSL and have Westell modems, so I thought that might be related somehow, but yesterday I called tech support at Verizon and he didn't seem to acknowledge any of this stuff when I told him. He said that it's not the DSL because when I get disconnected, it reconnects right away automatically. He had me check how many processes I had running and I have 43-46 at any given time. He said that would be a problem and that it's probably spyware. Since it's not related to the DSL I guess he couldn't help me more than that. I run Microsoft AntiSpyware everyday and Ad-Aware regularly, so I was suprised that the problem would be spyware. However, I did all the things in this topic: http://www.geekstogo..._Log-t2852.html - and I did find a few things that my usual programs didn't detect.
SpyBot and the Ewido Security Suite found a few things. Panda ActiveScan would not work for me, but I did do the Housecall one. TDS-3 would not work for me. I downloaded it several times, but when I tried to use it it said thank you for evaluating it or something like that. I think it's because I had it before, so it wont let me try it again without buying it. Since it didn't work, I looked for a different anti-trojan program and installed a-squared Free. It found about eight things and then I checked again with this related online trojan scan and they were gone. After I did all the things before step five, I stopped to see if the problem had been taken care of, but it hasn't. I'm still getting disconnected. I also have 45 processes running currently. I don't really know what most of them are. Oh, my CPU usage is only about 2-30%, if that matters.
Ok, sorry for the long post, but I just wanted to give all the background info and what I've tried so far. Here is my HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 7:49:46 AM, on 6/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\CyberPower\PowerPanel\PowPanel.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.neonewsnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Neopets - {AE8EF38E-64E0-472c-B9B4-E29643D152C1} - C:\WINDOWS\Downloaded Program Files\VsiBar.dll
O2 - BHO: myVersion Class - {B62502B0-FFD0-40a9-908E-9EE4FC493EBF} - C:\WINDOWS\Downloaded Program Files\VsiBar.dll
O2 - BHO: Neopets - {D8AAC594-9AF9-4598-8BE6-583FF09BC05C} - C:\WINDOWS\Downloaded Program Files\VsiFnc.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Neopets - {AE8EF38E-64E0-472c-B9B4-E29643D152C1} - C:\WINDOWS\Downloaded Program Files\VsiBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\CyberPower\PowerPanel\PowPanel.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://otx.ifilm.com...ia/OTXMedia.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AE8EF38E-64E0-472C-B9B4-E29643D152C1} (Neopets) - http://toolbar.neopets.com/getCab.aspx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} -
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw9fd.law9.ho...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Also, here is the report from my Ewido Security Suite scan, which it says to post along with your HiJackThis logs in the other topic:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 1:07:54 PM, 6/8/2005
+ Report-Checksum: B83C53FA
+ Date of database: 6/8/2005
+ Version of scan engine: v3.0
+ Duration: 46 min
+ Scanned Files: 84776
+ Speed: 30.67 Files/Second
+ Infected files: 3
+ Removed files: 3
+ Files put in quarantine: 3
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
F:\
+ Scan result:
C:\Documents and Settings\Donate\Cookies\donate@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Netscape\Netscape 6\Plugins\npwthost.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\OTXMedia.dll -> Spyware.OTXMedia -> Cleaned with backup
::Report End
Thanks so much for reading this and any help you can give me. It's sooo frustrating!
EDIT: I can't believe this! I've been working so hard to fix my computer and instead it's getting worse!!! It wont allow me to use the left mouse button anymore. Just all of a sudden; I wasn't even doing anything out of the ordinary. I'm told it is probably because of malware - http://www.geekstogo...ick-t33967.html (<---Details.) I can't even use that computer anymore; I'm using another one at the moment. I can only navigate a little and not enough to start any scans. Microsoft AntSpyware started on its own at its scheduled time, but it didn't find anything. What in the world is doing this?! Please, please someone help me. I'm trying to be patient. Will anyone actually still see this topic all the way on page 15?! Have all 80 of the people who have read it really not been able to help me? I really hope someone who can help me finds this topic. I don't know what to do. I know I sound desperate and it's because I AM! Maybe there could be a topic pinned to the top that lists all the posts still waiting for help since they move off the first few pages so quickly. Just an idea. Thanks for reading this. I know you're all busy here and doing this on your own time and I appreciate it. I just hope someone still sees this topic.
UPDATE: I managed to run SpyBot and it didn't find anything. I've figured out how to navigate a little more, so I'm on the computer I'm having the problems with right now. I can't run Ewido or a2, though, because they don't let me right-click or tab.
UPDATE: Now the stupid mouse has stopped working altogether and it says my anti-virus is turned off, which I didn't do, and I can't get it to turn back on. Please help me.
UPDATE: Ok, now it's working again. Only the right mouse button like before, but it's better than nothing. It's just doing these things on its own.
Edited by Lili, 21 June 2005 - 12:19 AM.