Jump to content

After virus,Clean out,No Internet but i can

bakersfieldboy

By bakersfieldboy
in General Windows PC Help

 Share

Recommended Posts

Striker

Striker

Posted
Posted

Hm, ok. Can you post a hijackthis log?

Here you can download Hijackthis: http://hijackthis.softonic.de/

To analyze your computer, start HijackThis and run a scan. See the Quick Start Guide [link to Quick Start, FAQs and Feedback] for help in running a scan. HijackThis will display a list of areas on your computer that might have been changed by spyware. Do not change any settings if you are unsure of what to do. There are many popular support forums on the web that provide free technical assistance by using HijackThis log files to diagnose an infected computer.

Link to post
Share on other sites
bakersfieldboy

bakersfieldboy

Posted
  • Author
Posted
Hm, ok. Can you post a hijackthis log?

Here you can download Hijackthis: http://hijackthis.softonic.de/

To analyze your computer, start HijackThis and run a scan. See the Quick Start Guide [link to Quick Start, FAQs and Feedback] for help in running a scan. HijackThis will display a list of areas on your computer that might have been changed by spyware. Do not change any settings if you are unsure of what to do. There are many popular support forums on the web that provide free technical assistance by using HijackThis log files to diagnose an infected computer.

Ok, will make log, but can i get it from us. shouldn't matter right ! if so reply back ! doing it with us version for English, unless told other wise

Link to post
Share on other sites
bakersfieldboy

bakersfieldboy

Posted
  • Author
Posted
Hm, ok. Can you post a hijackthis log?

Here you can download Hijackthis: http://hijackthis.softonic.de/

To analyze your computer, start HijackThis and run a scan. See the Quick Start Guide [link to Quick Start, FAQs and Feedback] for help in running a scan. HijackThis will display a list of areas on your computer that might have been changed by spyware. Do not change any settings if you are unsure of what to do. There are many popular support forums on the web that provide free technical assistance by using HijackThis log files to diagnose an infected computer.

did i do this right ? here you go.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:59:57 AM, on 12/9/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\System32\mmrtkrnl.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\DJ ECCOSISTEMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RDIIZ2R5\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar.com/search/dispatcher....d&%language

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2405280

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://inboxtoolbar.com/search/ie.aspx?tbid=80105

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://inboxtoolbar.com/help/sa_customize.aspx?tbid=80105

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/webscout/{EBB069...7-2D954F6F5AC6}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://inboxtoolbar.com/search/ie.aspx?tbid=80105

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://inboxtoolbar.com/help/sa_customize.aspx?tbid=80105

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll

O2 - BHO: Freecause Shopping BHO - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files\Shop to Win 9\ShoppingBHO.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Max EN Toolbar - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files\Max_EN\tbMax1.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: WebScout Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\WebScout Toolbar\tbcore3.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll

O3 - Toolbar: Max EN Toolbar - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files\Max_EN\tbMax1.dll

O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll

O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NetFxUpdate_v1.0.3705] "C:\Windows\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe" 1 v1.0.3705 GAC + NI

O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\DJ ECCOSISTEMA\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

O4 - HKCU\..\Run: [PC Speed Maximizer] C:\Program Files\PC Speed Maximizer\PCSpeedMaximizer.exe /Start

O4 - HKCU\..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe

O4 - HKCU\..\Run: [175cef533ee1d2243751c5cc3bafb1a1] C:\Users\DJECCO~1\DOWNLO~1\REBELT~1.EXE /r

O8 - Extra context menu item: &Enviar a OneNote - res:///105

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX

Link to post
Share on other sites
Mainard

Mainard

Posted
Posted

So the wireless CAN connect to the Network but then fails to get on the Internet?

Are you getting your wireless from a router? If so, the same router that you are getting the LAN connection from?

Link to post
Share on other sites
bakersfieldboy

bakersfieldboy

Posted
  • Author
Posted
So the wireless CAN connect to the Network but then fails to get on the Internet?

Are you getting your wireless from a router? If so, the same router that you are getting the LAN connection from?

Ok, i think iam giving you wrong info, takes me a second to understand sorry,

I am getting wireless from a router (Linksy) and yes it is the same line from the router that works,

but i dont thing i try any sort of networking test from the wireless part except trying to get on the Internet. is there something i can try to see if it talks to the router, I think that what you want from me right ?

Link to post
Share on other sites
bakersfieldboy

bakersfieldboy

Posted
  • Author
Posted
Yes, it's right. Thank you.

What's that?:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

Yes, it's right. Thank you. ------do you mean the hijack is right ?

Desktop Window Manager (dwm.exe)

TASKHOST is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them. There can be many instances of TASKHOST running, as there will be one instance of TASKHOST for every DLL-based service or grouping of services (the grouping of services is determined by the programmers who wrote the services in question).

Iam not sure what your saying, or asking ?

Link to post
Share on other sites
bakersfieldboy

bakersfieldboy

Posted
  • Author
Posted
You have an infection potential browser Internet Explorer. And you must fix "these entries.

It is here to help you. http://www.hijackthis.de/#anl :)

.......................................

M' Anti-M Free use. XP SP 3

:::::::::::::::::::::::::::::::

This is new to me, I will look at what it has to say and get back to you,

meanwhile is there any thing els i should be doing, its hard to stay up with different people asking didn't stuff

but iam trying my best i hope iam staying up to the task. and i do think you all for the help.

Link to post
Share on other sites
Mainard

Mainard

Posted
Posted

Bakersfieldboy,

Thank you for your patience with me. Let me put some numeration here

1.) You do have something like:

post-60618-1291933868_thumb.jpg

2.) A window with available network connections will open. As you can see from the screen-shot below, the list is split by the type of available network connections. At the top you have dial-up and virtual private network (VPN) connections, while at the bottom you have a list with all the wireless network which Windows 7 has detected. To refresh the list of available networks, click on the button highlighted in the screen-shot below.

post-60618-1291935431_thumb.jpg

3.) There are two different Things you will see after you have successfully connected to your Wireless network:

post-60618-1291938903_thumb.jpg

Please let me know which numbers you cannot perform (if any).

Link to post
Share on other sites
bakersfieldboy

bakersfieldboy

Posted
  • Author
Posted
Bakersfieldboy,

Thank you for your patience with me. Let me put some numeration here

1.) You do have something like:

post-60618-1291933868_thumb.jpg

2.) A window with available network connections will open. As you can see from the screen-shot below, the list is split by the type of available network connections. At the top you have dial-up and virtual private network (VPN) connections, while at the bottom you have a list with all the wireless network which Windows 7 has detected. To refresh the list of available networks, click on the button highlighted in the screen-shot below.

post-60618-1291935431_thumb.jpg

3.) There are two different Things you will see after you have successfully connected to your Wireless network:

post-60618-1291938903_thumb.jpg

Please let me know which numbers you cannot perform (if any).

ok it gets to #3 but says connected, and has a (!) were the wireless icons is on system tray by clock

Link to post
Share on other sites
Mainard

Mainard

Posted
Posted

Do you have the log file of the infection that you removed? Could you include that in your next post.

Thank you

Also, when replying, please use the "ADD REPLY" button t_reply.gif located at the bottom of the page, as this makes the forum easier to read.

Link to post
Share on other sites
bakersfieldboy

bakersfieldboy

Posted
  • Author
Posted
Do you have the log file of the infection that you removed? Could you include that in your next post.

Thank you

Also, when replying, please use the "ADD REPLY" button t_reply.gif located at the bottom of the page, as this makes the forum easier to read.

oh man ! I was i was hopeing you wouldn't ask that ! i don't have it.

it was a rouge type if i remember it, looks like Microsoft essentials. 2011 , um when it turn on it lock you out of desktop

making you watch there scan and then northern wold happen until you click on pay now. went into safe mode use Mb

got lucky and here i am. delete logs thought i wouldn't need them. then found out i couldn't get on thew wireless.

Link to post
Share on other sites
Mainard

Mainard

Posted
Posted

  1. What does it say when you mouse over the (!) over the Wireless connection settings?
  2. Have you restarted the Router and Modem since this? If you have not I suggest doing so. If you need assistance in completing this please feel free to let me know.

Link to post
Share on other sites
bakersfieldboy

bakersfieldboy

Posted
  • Author
Posted
  1. What does it say when you mouse over the (!) over the Wireless connection settings?
  2. Have you restarted the Router and Modem since this? If you have not I suggest doing so. If you need assistance in completing this please feel free to let me know.

as i mouse over it say "identifying....(Linksys)" have try reseting router not modem doing it now.

did try reseting both did not work stills say identifying

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.