[Snew]

I'm sorry I don't have more information. I'm posting this for a friend who is having problems he's thinking are malware/spyware related. He's done what your page suggested and now he needs to have someone look at his Hijack this log. I believe your site is one he cannot open and thats' why I'm posting this here and not him. That is one of his major symptoms. He says about half of the webpages he tries to access, he can't open. He also can't send email. He thinks he's receiving it though as he does get some. He got one from me this morning.

Here is his log he posted for me to copy. I hope you can help I'll relay your replies through a message board the he seems to be able to access.

Logfile of HijackThis v1.99.1
Scan saved at 17:58:30, on 16-9-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
D:\HijackThis.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Messenger] C:\WINNT\system32\msmsgs.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEE31AFC-E6AD-4B25-A854-4 EA3F38F74ED}: NameServer = 62.58.50.5 62.58.50.6
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\rapapp.exe

[Advertisements]

Hi Snew,

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [MSN Messenger] C:\WINNT\system32\msmsgs.exe

Then find C:\WINNT\system32\drivers\etc\hosts and rename it to hosts.bak

If I guessed right he should be able to reach us after doing so.

Regards,

[Metallica]

Hi Snew,

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [MSN Messenger] C:\WINNT\system32\msmsgs.exe

Then find C:\WINNT\system32\drivers\etc\hosts and rename it to hosts.bak

If I guessed right he should be able to reach us after doing so.

Regards,

[Snew]

Hi Metallica and thanks. He said it didn't work though. Here's what he asks

doesn't work ..

could you please ask what to do if I've got 2 different files called 'hosts' ?? one is a hosts, the other a hosts.bak .. there's also a imhosts.sam file ..



cheers for the help thus far !!

Here's his latest hijack this log. Thanks for the help. It is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 22:36:10, on 22-9-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\rapapp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

[Metallica]

When and why did he install Microsoft AntiSpyware ?

Nothing bad about this beta, but running it together with SpySweeper could cause conflicts.

Can you ask to rightclick the hosts.bak that was already there. Open with... notepad and post the content.

Regards,

[Snew]

Hi and thanks. Dave is actually here now but he couldn't add a reply to this topic so he started his own here.

http://www.geekstogo...PC_-t65639.html

I appreciate you being so willing to help. Thank you.

Snew

[Metallica]

Hi Snew,

Thanks for helping get Dave on board. I'll continue in that thread.