PDA

View Full Version : Internet, all hosed up...



ArchieMa
07-11-2015,
If anybody out there can make it through this posting and give me some advice, I'd sure appreciate it!
Started last month with spyware infection. Was working with the Hijack this log in and getting some help from this site. Had a rogue Symantec firewall (given to me by Uncle Sam - that should have tipped me off...) installed that wouldn't let me get to https:// sites, I got frustrated and reloaded my windows XP. Ever since, the computer has really been funky.
Internet is the biggest problem. I have verizon DSL. The speed is slower than molasses in winter. I think the US Postal Service is faster (bear with me, I'm venting...) Verizon has been out here, checked the lines (they say they're OK), changed my phone jack, but the speed still sucks! I can only get to the Internet after I start the computer. Explorer will come up, and eventually I'll get yahoo. If I have a spare hour or so, I might try to get to another web site. If I exit the browser, I have to restart the computer to get back on-line. When I do the ping command (learned it from the Verizon support - they seem to like it but it hasn't done JACK for my problem!), I get a reply from yahoo.com, but I can try the browser right after that and I get the server unavailable message. Have to restart to get back to the Internet. If I go to control panel and look at the status of the network connection, it shows that my system is sending out tons of info but receiving very little.
I downloaded copies of Spy Sweeper and AVG from work (impossible to do on my home system - I'd die of old age first...) Ran spy sweeper and cleaned off some spyware that it found. AVG cleaned a bunch of viruses. It can't get rid of some Trojan Back Door that is stuck on the linux.exe file in the Windows/system32 directory. I get a message about how Windows can't move that file. So how do I get rid of that thing?
Tried to do the Panda on-line scan last night. Couldn't even download the program to start the scan with my pitiful speed. Then the Internet connection just dies when I'm an hour into the supposedly few minute download.
Also, when I start up, I get these two pop ups that want me to download some Mole Box program. I checked the molestudio web site, and this Mole Box stuff looks like something I don't want or need. How can get rid of those annoying boxes upon start up? Which I do quite often to get the slowest DSL service on the planet...
Should I start over again with the restoration disks? Didn't seem to help me much before? Anybody out there have any ideas? My wife is ready kick my A** over this FUBAR move I've pulled? Somebody, please, do the right thing and save this guy's life!! Plus, I figure if you can make it all the way through this message, you're pretty dedicated. It helped me vent and get rid of some frustrations...

ArciaHydaygam
07-12-2015,
I tend to post long ones too, dana so I made it through OK.

Create a folder on your hardrive to save HijackThis.exe in. A folder like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.

Download HijackThis from:

Download Hijack This Here (http://www.bleepingcomputer.com/files/Merijn/hijackthis.zip)

Save this file into the folder you made previously. Double-click to run the program named hijackthis.exe. When the program opens, click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. (Here is where you may need to step outside or go grocery shopping) When it completes checking/applying updates press the back button.

Now click on the Scan button. When it is finished, click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit, then click on Select all. Now click on Edit and then Click on Copy.

Create a reply to this post here and right click in message area and select paste to paste the log into the post. (generally we ask that these logs be posted in the Security-->HijackThis Logs & Analysis forum, but just right-click it /paste as either a "reply" to this thread or a "new post" in HJT Logs)

Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.

To see a tutorial with screenshots on using HijackThis you can click on the link below:

How to use HijackThis! (http://www.bleepingcomputer.com/tutorials/how-to-use-hijackthis/)

I can't think of a better way than to look at another log. (maybe you still have the HJT folder from last visit?) http://www.bleepingcomputer.com/forums/public/style_emoticons/default/thumbup.gif

argajova
07-13-2015,
Never had a chance to get ot the grocery store. It wouldn't connect at all for the HJT update. So I just took what I could dowload at work and ran it here at home. Here is the log:

Logfile of HijackThis v1.98.2
Scan saved at 9:38:06 PM, on 9/9/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\System32\msnmsg.exe
C:\WINDOWS\System32\Linux.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ekotgz.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com (http://yahoo.com/)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com (http://yahoo.com/)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\Run: [msn] msnmsg.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] Linux.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Windows Compliant] ekotgz.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [msn] msnmsg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] Linux.exe
O4 - HKLM\..\RunServices: [Windows Compliant] ekotgz.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKCU\..\Run: [Microsoft Update Machine] Linux.exe
O4 - HKCU\..\Run: [msn] msnmsg.exe
O4 - HKCU\..\Run: [Windows Compliant] ekotgz.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunServices: [msn] msnmsg.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

I'm actually up on the Internet on Firefox right now. Slow, but at least I'm surfin'!!

Archiemt
07-14-2015,
Your resourcefulness is to be commended, dana, I was afraid you'd have some trouble though, as things can often go...Quote

I downloaded copies of Spy Sweeper and AVG from work (impossible to do on my home system - I'd die of old age first...)
Somebody, please, do the right thing and save this guy's life!!

It was that line that got me motivated. I'm in training at advising how to fix these problems. I pop my head out of the trainee lounge on occasion to come up for air. It actually can take a fair chunk of time chasin' down all the little details that ultimately lead to the step-by-steps that any particular combination of things require.
Quote

I get these two pop ups that want me to download some Mole Box program.
They probably remind you, about now, of how life might be if you spend much more time in the dawghouse yourself. No wonder your question boils down to: So how do I get rid of that thing? Considering the downloading difficulties you experience, this isn't what you want to hear, but it needs to be said.

Your log shows that you are seriously behind on windows updates. It is essential that you update your windows before we continue to help you as the infections could reoccur. Go tohttp://www.windowsupdate.com (http://www.windowsupdate.com/) and if it asks to install software, let it. Then click on the Scan link and let it do its thing. When its done you will see on your left a section called critical updates. Click on that section and install everything that you can. When it prompts you to reboot, do so. Then repeat this process again until there are no more critical updates listed. Then post a new log.

If it is impossible to get the updates, I'll see what can be done at this end, working with the log you've posted. I know it wasn't easy getting it here. http://www.bleepingcomputer.com/forums/public/style_emoticons/default/thumbup.gif It's 2:45am my time. I'll start fresh in the morning. Edit: I can see in the log there is no SP1, nor any of the others between it and the SP2.
Click here (http://www.bleepingcomputer.com/forums/t/2185/sp2-installation-experiment/)
to read about what is involved. In all honesty, you may be better off loading the service packs from CDs.
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=83e4e879-fa3a-48bf-ade5-023443e29d78&displaylang=en)SP2 (http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default810.mspx)


SP1 (http://www.microsoft.com/downloads/details.aspx?FamilyID=83e4e879-fa3a-48bf-ade5-023443e29d78&displaylang=en)

Arewqba
07-15-2015,
phawgg:
You're the one who should be commended. At 2:00 AM, I've been a pumpkin for quite some time....
Anyway, I was able to get the panda on-line virus scan to work (I guess all the planets lined up for a brief period). It was able to find three viruses (didn't give me the names and I was so excited just to get it dowloaded that I never thought to investigate). I have been able to connect on both Explorer and Firefox a few times tonight! Those pop up windows for mole box are gone. Speed still seems a little slow for what I think DSL should be, but, hey, this is progress. One strange thing now is that when I restart, two Explorer windows automatically open. Maybe this is payback for all those times when I didn't get anything??

I ran another HJT log and have it posted below. If you're motivated to look at one, this might be the better choice. Thanks for the help!

Logfile of HijackThis v1.98.2
Scan saved at 11:38:59 PM, on 9/9/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\System32\msnmsg.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe