Jump to content


Photo

Trouble with internet pages


  • This topic is locked This topic is locked
9 replies to this topic

#1 aesop64

aesop64

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 22 July 2004 - 10:55 AM

I read the faq and I believe I am posting correctly? I had alot of trouble with some one downloading information or something from me through msmessenger which I never have used or configured. After running spysweeper, spybot s&d adaware, trojan hunter, AVG, mcaffee, and norton antivirus and not finding anything to cause this I called Dell for assistance in removing msmessenger. They could not tell me how to remove it as when we tried it still would appear in Task Manager as a running program. I could also see it uploading when I was using Netlimiter. I think that I was actually succesful in removing it at a later time. Now to the "new" problem. When I lose my internet connection (has been happening periodically) and it reconnects I have to re-boot my computer before I stop getting the "can not find server" message. In other words even though the connection has been re-established hitting refresh or typing in a new web-site address does not work, I just get the can not find server message. After re-booting I can use the internet as usual until my connection fails. My I.S.P. (warpdrive) tells me the connection problem is going to be addressed but I should not have to re-boot to re-establish a connection to the web. I have sent my Hijack This log for review. :wtf:

Attached Files



#2 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 22 July 2004 - 12:44 PM

Hi,

You shouldn't attach your HijackThis - logfile. It's easier for helpers to work from a log which is not attached. :)

Logfile of HijackThis v1.98.0
Scan saved at 10:54:28 AM, on 7/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeffrey\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EE56FFD-85D8-4D76-B03D-F2F274D12A6A}: NameServer = 24.56.130.2,24.56.130.3
Nucia Security Forums - Dutch Anti-Malware Support

#3 aesop64

aesop64

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 23 July 2004 - 03:49 PM

Should I resend the info correctly or are you just really busy?

Logfile of HijackThis v1.98.0
Scan saved at 12:43:03 PM, on 7/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Documents and Settings\Jeffrey\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EE56FFD-85D8-4D76-B03D-F2F274D12A6A}: NameServer = 24.56.130.2,24.56.130.3

Edited by aesop64, 25 July 2004 - 12:47 PM.


#4 lyzawer

lyzawer

    Member

  • Retired Staff - Helper
  • Pip
  • 35 posts

Posted 28 July 2004 - 01:15 AM

Well, this is a very busy forum. Sorry for the delay.

Rescan and check this item:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

Close all browser windows and hit fix checked.

This is probably not causing your problem with messenger though. I don't see the startup for it nor the item in your running processes.

The most glaring thing I see is that you aren't using a firewall.

These are both free, and fairly easy to configure. (I use sygate myself)
sygate personal firewall
http://smb.sygate.co...pf_standard.htm

zone alarm
http://www.zonelabs....lid=zadb_zadown


Post a new log when done.

#5 aesop64

aesop64

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 28 July 2004 - 05:32 PM

Thank you for your help. Just a couple of things, first I am running a firewall. Norton (or Symantec) which I do get warnings from on a regular basis ( about attempted hackers) is there a way it does not show up? (like if I had the broadband cable unplugged when I did the scan? second my problem with messenger seems to be over after I deleted messenger and installed a new critical update from Microsoft. Also as I'm sure you can see the F2 - REG...... that you said to fix is still there, I tried three times to remove it i.e. Fix It. Then I rebooted and tried again... Still there. Here is my new LOG:

Logfile of HijackThis v1.98.0
Scan saved at 5:29:13 PM, on 7/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeffrey\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EE56FFD-85D8-4D76-B03D-F2F274D12A6A}: NameServer = 24.56.130.2,24.56.130.3

:blush:

Edited by aesop64, 28 July 2004 - 05:36 PM.


#6 aesop64

aesop64

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 07 August 2004 - 04:01 PM

Still wondering how to remove F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, :scratchhead:

#7 lyzawer

lyzawer

    Member

  • Retired Staff - Helper
  • Pip
  • 35 posts

Posted 09 August 2004 - 04:43 PM

Sorry for the delay, I haven't been around much lately.

The f2 item is actually the default value, and is switched back to the same thing with hijack this.

Updating your version of hijackthis would probably make it so it no longer gets listed.

Hope this helps.

Missing your firewall entry was my mistake and I apologize. :dumb:

#8 aesop64

aesop64

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 10 August 2004 - 11:04 AM

Thank you for your help. A quick question? Is the F2- Item corrected but just shows up? (Like the DSO problem with SpyBot S&D)

#9 lyzawer

lyzawer

    Member

  • Retired Staff - Helper
  • Pip
  • 35 posts

Posted 11 August 2004 - 11:31 PM

Hijack this just put the same value in for the one you fixed, so in essence did nothing-- good or bad.

Hope this answers your question. :)

#10 aesop64

aesop64

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 14 August 2004 - 11:22 AM

Well yes that does answer my question, but.... is the F2- still a problem to fix? I will update my Hijack and see what happens but I'm unsure why "no longer having hijackthis list it" is a solution if it was a problem to begin with? Thanks again for the help!
Also I thought I might mention this... After running Spysweeper, Spybot S&D, Adaware, Norton Anti-Virus, TojanHunter, a free Sweep with Mcaffre and AVG and finding a clean computer, a friend of mine told me to try http://housecall.trendmicro.com and use their free antivirus sweep - Their software found 3 "problems" two of which were Trojans! :techsupport: WHY can't someone make an all-in-one Spysweeper-bot-adaware-antivirus-trojanhunter so we can actually feel safe on the net?

Edited by aesop64, 14 August 2004 - 11:27 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button