Spyware Blaster
#1
Posted 29 September 2004 - 11:10 AM
#2
Posted 29 September 2004 - 11:38 AM
http://www.geekstogo...ction=show&id=7
Save it to a floppy, CD, or thumbdrive, and run it on the infected computer. Your troubled computer will restart, then see if you can get back on the internet.
#3
Posted 29 September 2004 - 12:02 PM
#4
Posted 29 September 2004 - 03:26 PM
-=jonnyrotten=-
#5
Posted 29 September 2004 - 06:45 PM
#6
Posted 29 September 2004 - 06:49 PM
-=jonnyrotten=-
#7
Posted 29 September 2004 - 06:59 PM
#8
Posted 29 September 2004 - 07:11 PM
Which computer is connected to the internet service? If it is the xp computer follow this first step and see if that gets you connected.
First go to the broken xp machine and go to control panel, network and internet connections, network connections. Right click on your local area connection, click properties, select Internet Protocol (tcp/ip) and click properties. Make sure obtain IP address automatically is selected and obtain dns server address automatically is selected too. Click the alternate configuration tab up at the top and make sure automatic private ip address is selected. Click start, run, type cmd hit enter. Type each line and hit enter after each one.
ipconfig /release
ipconfig /renew
ipconfig /all
Write down what it says after you type ipconfig /all. I may need to get that information from you in a little while. Now this is all assuming you are on a broadband connection. If you are not then what type do you have.
Next step.
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.
Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.
Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
Run this program on the broken pc, if you cannot connect to the internet with it by now then copy the program file to a disk and put it on the other comupter so we can see what is on it.
-=jonnyrotten=-
#9
Posted 29 September 2004 - 09:33 PM
#10
Posted 30 September 2004 - 07:44 AM
2 things, the first one might not fix the problem, but maybe. The second one you will probably be asked sooner or later, so lets just do it now.
Which computer is connected to the internet service? If it is the xp computer follow this first step and see if that gets you connected.
First go to the broken xp machine and go to control panel, network and internet connections, network connections. Right click on your local area connection, click properties, select Internet Protocol (tcp/ip) and click properties. Make sure obtain IP address automatically is selected and obtain dns server address automatically is selected too. Click the alternate configuration tab up at the top and make sure automatic private ip address is selected. Click start, run, type cmd hit enter. Type each line and hit enter after each one.
ipconfig /release
ipconfig /renew
ipconfig /all
Write down what it says after you type ipconfig /all. I may need to get that information from you in a little while. Now this is all assuming you are on a broadband connection. If you are not then what type do you have.
Next step.
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.
Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.
Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
Run this program on the broken pc, if you cannot connect to the internet with it by now then copy the program file to a disk and put it on the other comupter so we can see what is on it.
-=jonnyrotten=-
Ok, I did the 1st step and just so you know I have a wireless connection, but I recently ( after all this happened) attached an ethernet cable because initially it was thought that I needed to update my firmware and I did not have the computer hooked up with a cable. Anyway, here is what it said
After ipconfig/release
Ethernet Adapter Local Area Connection2
Autoconfig IP Address : 169.254.176.16
Subnet Mask 255.255.0.0
Default Gateway
Ethernet Wireless Network Connection5
IPAddress : 192.168.0.98
Subnet Mask 255.255.0.0
Default
After ipconfig/renew
An error occured while renewing interface LAN2: An operation was attempted on something that is not a socket
After ipconfig/all
WIN IP Config
Host Name: Teresa
Primary DNSSuffix
Node Type: Hybrid
IP Routing Enabled: No
WINS Proxy Enable: NO
Ethernet Adapter LAN2
Connection specific DNS Suffix Descprtion- Linksys LNE1GCTX Fast Ethernet Adapter
Physical Address 00-0C-41-25-DB-AP
dhcp Enabled: yes
Autoconfig Enabled : yes
Autoconfig IP Address: 168.254.176.16
Subnet Mask: 255.255.00
Default Gateway
Ethernet Wireless Connection
Physical 00-46-05-CB-F3-4E
dhcp enabled : NO
IP Address: 192.168.6.98
Subnet Mask: 255.255.00
Default Gateway 192.168.6.98
DNS: 192.168.6.98
4.2.2.2
#11
Posted 30 September 2004 - 08:30 AM
2 things, the first one might not fix the problem, but maybe. The second one you will probably be asked sooner or later, so lets just do it now.
Which computer is connected to the internet service? If it is the xp computer follow this first step and see if that gets you connected.
First go to the broken xp machine and go to control panel, network and internet connections, network connections. Right click on your local area connection, click properties, select Internet Protocol (tcp/ip) and click properties. Make sure obtain IP address automatically is selected and obtain dns server address automatically is selected too. Click the alternate configuration tab up at the top and make sure automatic private ip address is selected. Click start, run, type cmd hit enter. Type each line and hit enter after each one.
ipconfig /release
ipconfig /renew
ipconfig /all
Write down what it says after you type ipconfig /all. I may need to get that information from you in a little while. Now this is all assuming you are on a broadband connection. If you are not then what type do you have.
Next step.
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.
Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.
Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
Run this program on the broken pc, if you cannot connect to the internet with it by now then copy the program file to a disk and put it on the other comupter so we can see what is on it.
-=jonnyrotten=-
#12
Posted 30 September 2004 - 08:37 AM
2 things, the first one might not fix the problem, but maybe. The second one you will probably be asked sooner or later, so lets just do it now.
Which computer is connected to the internet service? If it is the xp computer follow this first step and see if that gets you connected.
First go to the broken xp machine and go to control panel, network and internet connections, network connections. Right click on your local area connection, click properties, select Internet Protocol (tcp/ip) and click properties. Make sure obtain IP address automatically is selected and obtain dns server address automatically is selected too. Click the alternate configuration tab up at the top and make sure automatic private ip address is selected. Click start, run, type cmd hit enter. Type each line and hit enter after each one.
ipconfig /release
ipconfig /renew
ipconfig /all
Ok I'm trying to do a HiJack this , but it says I don't have permission. I am logged in?
Write down what it says after you type ipconfig /all. I may need to get that information from you in a little while. Now this is all assuming you are on a broadband connection. If you are not then what type do you have.
Next step.
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.
Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.
Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
Run this program on the broken pc, if you cannot connect to the internet with it by now then copy the program file to a disk and put it on the other comupter so we can see what is on it.
-=jonnyrotten=-
#13
Posted 30 September 2004 - 10:44 AM
#14
Posted 30 September 2004 - 11:58 AM
Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.
Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
-=jonnyrotten=-
#15
Posted 30 September 2004 - 02:02 PM
Scan saved at 3:00:54 PM, on 9/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WIN2000\guru.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Documents and Settings\Teresa L\Desktop\HijackThis.exe
C:\WINDOWS\System32\tapi3.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2sea...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2sea...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2sea...sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mchsi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchassista...om/srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.eznsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2sea...sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2sea...sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.eznsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Zedd4Proj.clsUnoOne - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINDOWS\System32\AANTX.dll
O2 - BHO: (no name) - {22D34420-FEE3-D2AD-CDBA-C11BF1E35FD4} - C:\WINDOWS\Dzugtnie.dll
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM32\winb2s32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {6C3FA15A-7573-E65B-A6B1-8D0AB5E42387} - C:\WINDOWS\Dzugtnie.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM32\winb2s32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [WinTOTAL Scheduler] C:\WIN2000\guru.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [itss] C:\WINDOWS\System32\itss.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [ltdis11n] C:\WINDOWS\System32\ltdis11n.exe
O4 - HKCU\..\Run: [tapi3] C:\WINDOWS\System32\tapi3.exe
O4 - Startup: RemMcKissock.lnk = C:\Program Files\McKissock Data Systems\VC\RemMcKissock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2C15848B-21C0-406A-9902-56C8D90684F3} (alaWeb.clsGetStats) - file://C:\WIN2000\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://iow.mlxchange...ectComboBox.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6D251D8B-FD68-4BA2-83D5-1A0A245830C3} (alaWeb.clsSolutionCenter) - file://C:\WIN2000\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://iow.mlxchange...ClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://iow.mlxchange...ol/IRCSharc.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {ED29A481-CD46-43D9-85AA-E6E869DF2214} (MercStats.cStats) - file://C:\Program Files\Mercury\Content\cabs\MercStats.CAB
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users