-
October 23rd, 2004, 04:36 PM
#11
Hi Carla,
Don't run HijackThis FIRST. Save it for later. Let's see what we can get rid of using some tools first
Moissonite has given you a link to SpyBot Search and Destroy. Get that first, and run its update program. Then boot into safe mode and delete what it finds.
I will get back to you with a couple of other ideas.
Cheers
EDIT:
http://www.lavasoftusa.com/software/adaware
http://www.SwatIt.org
Update them and run them in safe mode as well. OH............SwatIT takes a long time but is very thorough.
Then try CWShredder.............I will post the link in a moment
http://www.intermute.com/spysubtract..._download.html
-
October 23rd, 2004, 04:47 PM
#12
Member
Actually on hindsight my fellow Brit, nihil, is right (even if he is from Bridlington )
Leave the HijackThis until last.
I still have painful memories of friends killing their net connections while irradicating an essential link to their modem/ISP after using HT.
It's a great little program - but can go very wrong if your not entirely sure what should and should not be there.
Just think - you may lose all contact with us - then you WOULD have something to cry about
# Now if I ever needed inspiration,
Right about now where I lose my patience,
-
October 23rd, 2004, 05:05 PM
#13
Yes,
I get quite a few with lots of spy/ad ware on them (kids with P2P and the like ) I find it easier to use the tools then HJT to sort out the rest.
Too lazy to remove over a hundred by hand
Cheers
-
October 23rd, 2004, 06:31 PM
#14
It could be that your ISP really f*ked up their DNS entries. Or maybe implemented an IP-range block for AltaVista's IP block. I know for a fact that my ISP is really slow at updating their DNS entries and they also implement specific IP blocks. Like I can't visit my highschool's website from home and I can't visit my home server from my highschool. Although with proxies I can do so no problem. I'm going to complain to them about it some time soon...
Anyways, to see if the address is being resolved, you should try Ping-ing altavista. The Ping is a level 8 ICMP packet that contains a random string (usually "ABCDEFGHIJKLMNOP" that repeats for the length indicated) and that gets a reply of the same random string from the destination computer. (The ping of death that is mentioned on the main page recently is just a ping that has an illegally long random string of over 65500 characters that some computers don't have the ability to deal with)
Open up Command Prompt on your compter by going to Start -> Run -> Type in "CMD" (For Windows XP/2K/NT) -- a black box should appear. Type in the bolded parts:
Code:
C:\Documents and Settings\UserName>ping www.altavista.com
Pinging avatw.search.yahoo2.akadns.net [66.94.229.254] with 32 bytes of data:
Reply from 66.94.229.254: bytes=32 time=32ms TTL=243
Reply from 66.94.229.254: bytes=32 time=47ms TTL=243
Reply from 66.94.229.254: bytes=32 time=47ms TTL=243
Reply from 66.94.229.254: bytes=32 time=47ms TTL=243
Ping statistics for 66.94.229.254:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 32ms, Maximum = 47ms, Average = 43ms
C:\Documents and Settings\UserName>
You should get an IP address that is similar to mine above. If you get some sort of message like "Request timed out." then something is blocking your attempts to connect. Like your computer's firewall or your ISP's firewall. If you get "Unknown host www.altavista.com." then your ISP's DNS is messed up. You'd need to find another DNS server to use, or you could edit your hosts file to point to the IP I have above.
Anyways, try that and tell us the results.
-
October 24th, 2004, 12:10 PM
#15
Junior Member
Hi Moissonite
(and anyone else who knows what they are doing)
I've taken you advice; downloaded and ran HijackThis.
I'm posting my log file because though I've perused it, I cannot see anything in there that screams "I should not be here!" And so I am asking for some help in deteriming what is illegal and should be removed.
Previously (to running HijackThis) I had downloaded and run Spybot and Adaware SE but I still could not access AltaVista.
Here's my logfile. Let me know what you think.
Logfile of HijackThis v1.98.2
Scan saved at 7:19:49 AM, on 10/24/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brandeis.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.library.brandeis.edu/cache.pac
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Carla Harris Pascal\Application Data\Mozilla\Profiles\default\sksbz8qx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Carla Harris Pascal\Application Data\Mozilla\Profiles\default\sksbz8qx.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06642396...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094744860468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
-
October 24th, 2004, 12:15 PM
#16
Junior Member
Jeez Guys and Gals I am such a novice I did not even realize there was a second page counselling me against HijackThis. Anyhow, no harm done. All I did was run it. I have not changed a thing. Just posted my log. I am now going to read the rest of your advice and see if I can progress on that. Will let you know how I get on.
Please note that I have repeatedly run Spybot and Adaware SE from Lavasoft. Must be a hundred times (or close) - and it has not helped my problem.
-
October 24th, 2004, 02:32 PM
#17
Junior Member
OK Folks
I've downloaded and run the following to no avail. They found nothing expect Spybot keeps finding the 5 DSO Exploit thingies which I've read are no issue.
Adaware
Spybot
Swatit
CWShredder
I also unistalled and reinstalled Norton and run it.
It found nothing.
I've run HijackThis and cannot say that I see anything dangerous (not that I would know), anyhow I posted my logfile to you for advice.
No, I cannot access altavista from any site/direction/route, not even the last suggested possibility which was http://66.94.229.254
I appear to be able to access all other sites except AltaVista.
Time_Axe suggested that my ISP could have interfered with AltaVista's DNS entries. Though I do not quite understand what this means, I find that strange since I was originally able to access AltaVista using the very same ISP.
Tim_Axe sent me some stuff to type to "ping" altavista. I am not clear as to what I must type in. (DOES IT START FROM?) C:\Documents
(AND END AT?) C:\Documents and Settings\UserName>
Do I type in all the stuff in between? Could I just copy and paste the text into the black box that Tim_Axe says should appear when I am going to ping this thing? (and thus avoid mistakes?)
Just want you to know that it's really great to have the support even if I haven't solved the problem...yet. I almost threw the laptop through the window yesterday before subscribing to this forum.
Thanx!
Carla
-
October 24th, 2004, 02:38 PM
#18
This is all you have to type:
If the output is something like this, then you have DNS issues. Just contact your ISP and tell them your problem.
Otherwise, if it's something like this, you have other issues.
C:\Documents and Settings\cgkanchi>ping altavista.com
Pinging altavista.com [66.218.71.198] with 32 bytes of data:
Reply from 66.218.71.198: bytes=32 time=317ms TTL=240
Reply from 66.218.71.198: bytes=32 time=317ms TTL=240
Reply from 66.218.71.198: bytes=32 time=316ms TTL=240
Reply from 66.218.71.198: bytes=32 time=315ms TTL=239
Ping statistics for 66.218.71.198:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 315ms, Maximum = 317ms, Average = 316ms
Also, could you just post the contents of your C:\Windows\System32\drivers\etc\hosts file (just open it in notepad and copy/paste it here), that's one possibility that hasn't been checked.
Cheers,
cgkanchi
-
October 24th, 2004, 03:01 PM
#19
Junior Member
Hey Cgkanchi
Thanx! I've 'pinged'.
The result was this and I guess it means that my ping was not successful.
Pinging avatw.search.yahoo2.akadns.net [216.155.220.155] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 216.155.200.155:
Packers: Sent = 4, Received = 0, Lost = 4 (100% loss)
So, I guess we're into one of those other issues you referred to.
As suggested, I've also posted the contents of my C:\Windows\System32\drivers\etc\hosts file
Comments?
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
-
October 24th, 2004, 05:18 PM
#20
hmmmm whats the avatw.search.yahoo2.akadns.net all about?
thought it was altavista you were trying to connect to not all the web?
v_Ln
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|