Advertisement
Advertisement
 Search | |
| |
08-Aug-2012, 12:12 AM
#1 | |||||||
| Solved: Complete Local TakeOver ? Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft® Windows Vista™ Ultimate, Service Pack 2, 32 bit Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz, x64 Family 6 Model 15 Stepping 6 Processor Count: 2 RAM: 2045 Mb Graphics Card: ATI Mobility Radeon X1400, 128 Mb Hard Drives: C: Total - 238426 MB, Free - 110045 MB; Motherboard: Dell Inc., 0YD479 Antivirus: Microsoft Security Essentials, Updated and Enabled My system has been hijacked locally I believe. When I do a network discovery, my computer is not connected to my router. It fist goes to a 'switch' then to my router. there is another computer connected directly to my router before it goes the the internet.. I have taken pictures of this diagram. What got me here was I fixed a corrupted recycle bin, followed by running microsoft fix it, fixing any problems with file control. And then after rebooting, I tried to connect to the internet through WIFI, I got the response of low signal strength... before making this fix... it worked fine... and my system says I have perfect signal... my router is 15 feet away and has high end broadcast capabilites... I sell access to a guy 150 feet away and my nextflix which stream directly to my tv works fine with an occasionaly hickup.... So I do a checkpoint restore.. and then my computer works perfectly again connecting to the internet... but I don't have a screen shot of what the network looked like then. And right now I'm connected via cable to the router. mycomputer ------ switch | ownerPC ------- myrouter ----- internet I am thinking he has a connect through the media player... I have down loaded some xxx trailers? because when I do a properties check of the device, possibly the other router it references the media player? Step 1 ogfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:09:13 PM, on 8/7/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\System32\mobsync.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\William\Pictures\MyPics\HijackThis (1).exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Users\William\Pictures\MyPics\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {90eee664-34b1-422a-a782-779af65cdf6d} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file) O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: ArcadeCandy Games - {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\William\AppData\Local\ArcadeCandy\candyEX.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.IBINSANEDIEGO (HKLM) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.dmtc.com/live/AxisCamControl.ocx O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofil...SystemLite.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax8729.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11758 bytes Step 2 - dds file . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by William at 20:22:30 on 2012-08-07 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.895 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\Windows\system32\CTsvcCDA.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\system32\inetsrv\inetinfo.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Microsoft Virtual Server\vmh.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Microsoft Virtual Server\vssrvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\mobsync.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\William\Pictures\MyPics\HijackThis (1).exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uWindow Title = Internet Explorer, optimized for Bing and MSN uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin .dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: ArcadeCandy Games: {ab6bd08c-db6b-4f02-8a22-4bd343e990ff} - c:\users\william\appdata\local\arcadecandy\candyEX.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [UpdReg] c:\windows\UpdReg.EXE mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [DWPersistentQueuedReporting] c:\progra~1\common~1\micros~1\dw\DWTRIG20.EXE -a mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{53a01cc6-14b0-4512-a2e7-10d39bf83dc4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: IBINSANEDIEGO DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.dmtc.com/live/AxisCamControl.ocx DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - hxxp://entimg.msn.com/client/msnmusax8729.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{AE7FD970-7B8A-4BFC-82A9-EC2FC8866EF1} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C3C43BB4-6405-4228-B983-5DF5FCF06241} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-18 21504] R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-11-2 26120] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848] R2 Virtual Server;Virtual Server;c:\program files\microsoft virtual server\vssrvc.exe [2007-5-24 3373432] R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-5-12 21744] R3 vmh;Virtual Machine Helper;c:\program files\microsoft virtual server\vmh.exe [2007-5-24 166808] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-15 136176] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-29 250056] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-3 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-15 136176] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-08-07 15:51:42 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{823cd7d3-67a6-49ea-bfaa-5539a778351b}\mpengine.dll 2012-08-06 14:33:46 6891424 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-08-06 03:43:22 -------- d-----w- c:\users\william\appdata\local\{ACB39C0A-22DF-45FA-955D-181892369CEE} 2012-08-06 03:43:11 -------- d-----w- c:\users\william\appdata\local\{3A92C538-EFA4-4668-80AE-6BDD67DD2AFB} 2012-08-05 03:27:41 -------- d-----w- c:\program files\Microsoft Fix it Center 2012-08-05 03:23:03 -------- d-----w- C:\MSIa93a7.tmp 2012-08-04 19:17:18 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-01 07:02:52 -------- d-----w- c:\users\william\appdata\local\{DB1A5213-30F7-4539-BC6A-875DDEBCFD65} 2012-08-01 07:02:40 -------- d-----w- c:\users\william\appdata\local\{07BD321E-8651-409F-AAEC-72A3D8999EC6} 2012-07-30 22:27:03 -------- d-----w- c:\users\william\appdata\local\{1E9C91CB-6BD9-46A5-AD1A-755FBC983093} 2012-07-30 22:26:52 -------- d-----w- c:\users\william\appdata\local\{9D8633F7-F823-4A79-926F-2D267BFBAF0F} 2012-07-29 21:43:14 -------- d-----w- c:\users\william\appdata\local\{BA413AB8-9338-419F-9C91-8FD022F4908C} 2012-07-29 21:43:03 -------- d-----w- c:\users\william\appdata\local\{78AB098A-3F9C-4469-B001-5C6D8886D6A7} 2012-07-28 18:46:10 -------- d-----w- c:\users\william\appdata\local\{DDBBA5D4-7DE5-484D-87FF-07A26B3A6AC3} 2012-07-28 18:45:56 -------- d-----w- c:\users\william\appdata\local\{0069ACBD-84A6-4144-BA82-EBFD5A61F4F0} 2012-07-27 15:51:43 -------- d-----w- c:\users\william\appdata\local\{27B03552-722F-4BF0-B95E-7E7FBE78DF4D} 2012-07-27 15:51:32 -------- d-----w- c:\users\william\appdata\local\{EBD6F0E2-BFE9-46E0-AC13-6D457842035A} 2012-07-26 18:11:44 -------- d-----w- c:\users\william\appdata\local\{E26E7B15-F6F2-4A7D-BAA1-A6FAE6A0569A} 2012-07-26 18:11:26 -------- d-----w- c:\users\william\appdata\local\{AA9611E8-A6ED-4246-957E-94306AD4254F} 2012-07-26 03:34:17 -------- d-----w- c:\users\william\appdata\local\{406351A8-340A-4C40-9641-9E040EED6387} 2012-07-26 03:34:06 -------- d-----w- c:\users\william\appdata\local\{F91C8F73-1654-4B24-B487-0F31FAD72C4E} 2012-07-25 02:42:56 -------- d-----w- c:\users\william\appdata\local\{19BB28AE-91F3-4084-9852-1B93DF197787} 2012-07-25 02:42:43 -------- d-----w- c:\users\william\appdata\local\{2FAA7267-DCB2-44C6-B503-1D11889612E9} 2012-07-23 14:15:23 -------- d-----w- c:\users\william\appdata\local\{C17D1F5C-A46A-4F8D-9AB2-127FA34A92E0} 2012-07-23 14:15:06 -------- d-----w- c:\users\william\appdata\local\{FBEB3BB8-136F-48B9-B1E9-48A08B219D86} 2012-07-22 19:20:44 -------- d-----w- c:\users\william\appdata\local\{B6CE35AD-0A12-4D3B-B6BB-FDA13560C428} 2012-07-22 19:20:33 -------- d-----w- c:\users\william\appdata\local\{7BDB54DC-B49F-4958-A03A-08FDE89E4C40} 2012-07-22 05:00:16 -------- d-----w- c:\users\william\appdata\local\{F1D41580-9D37-4F5A-B97E-84928F34D4A1} 2012-07-21 16:49:34 -------- d-----w- c:\users\william\appdata\local\{A47F3C78-54C0-4BD7-94D0-90304C0CB94D} 2012-07-21 16:49:21 -------- d-----w- c:\users\william\appdata\local\{9471DDA1-71C8-472D-B0FE-4EC7A20F5527} 2012-07-20 21:24:26 -------- d-----w- c:\users\william\appdata\local\{5F6B3D98-955C-4498-8CF3-02A3C55FFEC7} 2012-07-20 21:24:15 -------- d-----w- c:\users\william\appdata\local\{BC90481C-F981-4828-A29E-F1E0BC3D6C16} 2012-07-20 17:57:17 -------- d-----w- c:\users\william\appdata\local\{937872DB-3F77-4DE3-AB25-4B9F0BC9D482} 2012-07-20 04:36:46 -------- d-----w- c:\users\william\appdata\local\{685F9AC3-7E81-4CDB-85DE-F52CEA74B83E} 2012-07-20 04:36:32 -------- d-----w- c:\users\william\appdata\local\{3C939464-D78F-44E5-852A-839AFA20DEA5} 2012-07-19 14:55:26 -------- d-----w- c:\users\william\appdata\local\{D2D23512-0892-40D0-B0AE-AF8002026ADE} 2012-07-19 14:55:11 -------- d-----w- c:\users\william\appdata\local\{76CB47E5-3772-4C79-ACDA-7E0BE8162F43} 2012-07-18 23:42:54 -------- d-----w- c:\users\william\appdata\local\{212892DC-5995-4B8F-B61B-F00CA4F06CC1} 2012-07-18 23:42:43 -------- d-----w- c:\users\william\appdata\local\{C4099CB5-F5F4-4699-9DCD-2601719CCF72} 2012-07-18 02:57:08 -------- d-----w- c:\users\william\appdata\local\{C1722C6B-68E9-4E1A-85A6-845A313A0663} 2012-07-18 02:56:51 -------- d-----w- c:\users\william\appdata\local\{DB9EC747-84A6-4E0C-94C9-EFB060355FFC} 2012-07-17 14:41:45 -------- d-----w- c:\users\william\appdata\local\{2FCBDE29-CAD5-4531-BB27-538C4EA3A6E5} 2012-07-17 14:41:32 -------- d-----w- c:\users\william\appdata\local\{D15411C6-C989-4018-AC12-3FE95519F699} 2012-07-16 17:11:16 -------- d-----w- c:\users\william\appdata\local\{B701B22B-3179-49B0-AFEE-023BEFAAFFFE} 2012-07-16 17:11:05 -------- d-----w- c:\users\william\appdata\local\{B34BF1E6-90D3-4B0C-9E8E-9FD5D5CD323F} 2012-07-16 04:11:17 -------- d-----w- c:\users\william\appdata\local\{66C1738E-23A6-4EA7-AC77-5165CF905CB7} 2012-07-16 04:11:07 -------- d-----w- c:\users\william\appdata\local\{06820616-16F8-47AE-A1B1-3E575D436107} 2012-07-15 12:06:21 -------- d-----w- c:\users\william\appdata\local\{B33AC9FB-8339-46A6-9545-3DC0D9E0244D} 2012-07-15 12:06:10 -------- d-----w- c:\users\william\appdata\local\{3EF5E403-B5C6-4FE4-BB86-3F478F487756} 2012-07-14 16:39:59 -------- d-----w- c:\users\william\appdata\local\{8669C69A-86DE-4099-970D-FA6CDC30FDDF} 2012-07-14 16:39:43 -------- d-----w- c:\users\william\appdata\local\{5D4E982E-CC36-4604-AF32-CFA3BECCA05E} 2012-07-13 19:35:44 -------- d-----w- c:\users\william\appdata\local\{CF19E376-C3B2-4F11-B819-68D4C253A3DA} 2012-07-13 19:35:32 -------- d-----w- c:\users\william\appdata\local\{F59AB085-4433-43E2-B987-7F4AC8F62349} 2012-07-12 14:21:39 -------- d-----w- c:\users\william\appdata\local\{F56B788B-15B7-4DDE-9F9F-177415E93CBE} 2012-07-12 14:21:23 -------- d-----w- c:\users\william\appdata\local\{AA1A5739-9E30-4012-9819-4CA2931BF52D} 2012-07-11 19:59:37 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 18:19:17 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll 2012-07-11 18:19:13 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 18:19:12 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 18:19:09 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 18:19:08 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 18:19:08 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-11 16:44:07 -------- d-----w- c:\users\william\appdata\local\{9E48DD91-136E-4F47-8666-C94CCFCA9182} 2012-07-11 16:43:52 -------- d-----w- c:\users\william\appdata\local\{1D49C2D1-67C4-4309-8623-98FFD7A82C86} 2012-07-10 15:03:46 -------- d-----w- c:\users\william\appdata\local\{1CAEEEDD-80C7-4F0D-A743-D6188569DFBE} 2012-07-10 15:03:34 -------- d-----w- c:\users\william\appdata\local\{29979EDC-73BD-4718-99E3-BB66F1DC23A4} 2012-07-09 19:51:16 -------- d-----w- c:\users\william\appdata\local\{09957529-62EF-4ABE-9756-B5AD7E635A33} 2012-07-09 19:51:04 -------- d-----w- c:\users\william\appdata\local\{DBCD0911-17A4-4F61-9378-1A646643C4EE} 2012-07-09 03:54:38 -------- d-----w- c:\users\william\appdata\local\{AA638AD6-4183-4573-8D97-94FC9B355626} 2012-07-09 03:54:23 -------- d-----w- c:\users\william\appdata\local\{66A19B6E-D890-4D33-B03B-6B1896336F04} . ==================== Find3M ==================== . 2012-08-04 19:03:34 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-04 19:03:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-21 16:47:19 4142392 ----a-w- c:\windows\uninst.exe 2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 20:23:23.94 =============== Step 3 MER 1.0.15.15641 - http://www.gmer.net Rootkit quick scan 2012-08-07 21:10:50 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEKT-00A25T0 rev.01.01A01 Running: hryyej61.exe; Driver: C:\Users\William\AppData\Local\Temp\awdyipog.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
08-Aug-2012, 06:43 AM
#2 | ||||||
| moved to networking as that doesn't appear to be a malware problem you should bear in mind this part of our rules Quote:
Quote:
|
08-Aug-2012, 06:51 AM
#3 | |||||||
| Quote:
Also apart from the piggy backing - you are opening your self to a security issue - if that person , downloads a lot of music - shares that music - or other illegal activity, such as child pornography, then you are responsible for your IP and may be prosecuted - even if I where allowed to share to neighbours , i would not as i just dont know what the other person is doing - I keep strict guidelines with all the family on my network - and I know everyone who has ever been on the network you may want to reconsider the sharing your network - also if it works on a cable with no wireless switched on , and then you can turn wireless back on and access - we will not support any further help with sharing your network can you connect with a cable directly to the router and post an ipconfg /all also would like to see the xirrus screen shot would you post the make and exact models of the router/switch/modem etc ------------------------------------------------------------------------ ipconfig /all If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post the results in a reply here. Save the file to a USB flash drive or other removable media. Plug it into the working computer with internet access and copy the file and paste here. We would like to see the results from an ipconfig /all - post back the results in a reply here. Hold the Windows key and press R, then type CMD then press Enter to open a command prompt box (A new dialogue box - black with white font, will appear on screen ): In the command prompt window that opens, type the following command: Note that there is a space before the /ALL, but there is NOT a space after the / in the following command. ipconfig /all > network.txt & network.txt It will export the results into notepad and then automatically open the notepad and display on your screen. Now all you need to do is copy and paste those results into a reply here to do that: From the notepad menu - choose Edit - Select all all the text will now be highlighted Next From the notepad menu - choose Edit - Copy Now go back to the forum - goto the reply and then right click in the reply box and paste the results. The results from the notepad should now appear in the forum reply. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Run Xirrus Wi-Fi Inspector Download and install If you cannot access the internet with this PC, then you will need to copy the program across to the faulty PC Save the file to a USB flash drive or other removable media. Plug it into the working computer with internet access and copy the file and install the program. You will now need to take a screen shot and copy that back to the working PC and attach the screen shot in a reply on the forum here. http://www.xirrus.com/Products/Wi-Fi-Inspector.aspx Direct link to the program is here http://info.xirrus.com/Wi-FiInspectorConfirmation.html {If the above link does not work heres another link http://www.pcworld.com/downloads/fil.../download.html} Then run and install the program - on a wireless enabled PC/Laptop if you get an error - You need will need to haveNET Framework installed for the WiFi Inspector to function. Run the program A user guide is available here http://www.xirrus.com/cdn/pdf/Xirrus...-1-RevB-6.aspx post a screen shot of the program running. if there are a lot of networks showing can you click on "networks" top lefthand area - so we can see all the network information. post which SSID name is yours, its located in the list, under network "Adapter Name" (1st column) To post a screen shot of the active window. 1) hold the Alt key and press the PrtScn key. Open the Windows PAINT application (Start> All Programs> Accessories> Paint) and Paste the screen shot. You can then use PAINT to trim to suit, and save it as a JPG format file. OR 2) if you are using Vista/Windows 7 you can use the "snipping tool" which is found in Start> All programs> Accessories> Snipping Tool To upload the screen shot to the forum, open the full reply window ("Go Advanced" button) and use the Manage Attachments button to upload it here. Full details are available here http://library.techguy.org/wiki/TSG_...g_a_Screenshot Note: For a reliable (or robust as the Xirrus user guide says) wireless connection you need a signal of about -70 dBm or better. "A desirable signal level for a robust Wi-Fi connection will be green". note: the signal level is a negative number, so for example -88 is worst and -40 is better If you are using the Mac OS then use http://www.istumbler.net/ or if you want to optimise base station position and signal strength / dead spots use http://www.chimoosoft.com/products/apgrapher/ which has a graph function to monitor signal ------------------------------------------------------------------------
__________________ Please let us know what the final solution was to any problem posted Last edited by etaf; 08-Aug-2012 at 07:47 AM.. |
08-Aug-2012, 12:26 PM
#4 | |||||||
| ok.... I figured that if you can allow more than one user at your household to access your internet connect... multiple computers... what's the difference? I gave persmission to access the router which is secured, and entered their mac address into the router. It's the first time they have ever owned a computer. I didn't know it would be illegal. --------------------------------------------------------------------------------- "we will not support any further help with sharing your network" The problem is not in sharing my network with someone I have given permission to use. -------------------------------------------------------------------------------- ip config / all indows IP Configuration Host Name . . . . . . . . . . . . : IBINSANEDIEGO Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN Physical Address. . . . . . . . . : 00-13-E8-09-8F-D9 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller Physical Address. . . . . . . . . : 00-18-8B-C1-C3-D2 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::b42a:cfb1:ee27:716b%8(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, August 08, 2012 7:00:54 AM Lease Expires . . . . . . . . . . : Thursday, August 09, 2012 7:00:54 AM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 201332875 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-83-96-E6-00-18-8B-C1-C3-D2 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 6: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{AE7FD970-7B8A-4BFC-82A9-EC2FC8866EF1} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 7: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c74:15d8:3f57:fefc(Preferred) Link-local IPv6 Address . . . . . : fe80::c74:15d8:3f57:fefc%9(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{AE7FD970-7B8A-4BFC-82A9-EC2FC8866EF1} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 14: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{C3C43BB4-6405-4228-B983-5DF5FCF06241} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 15: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{AE7FD970-7B8A-4BFC-82A9-EC2FC8866EF1} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes ------------------------------------------------------------------------------ I am using the computer now but I am connected directly to the router by cable. I just can't connect by WIFI. from looking at a full network map display, it appears they are either not using me at this timeor have removed themselves... Under networks it would display my computer name and below that was PCOWNER-PC which I could not access or delete or diable. right now the network map displays this: (My PC) ======== (Router) =============== (Globe) IBINSANEDIEGO Gateway Internet Last night the network map was: (My PC) ======== (Router) IBINSANEDIEGO, Switch | (Unknown PC) = = = = = = (Router) =============== (Globe) OWNER-PC, Jesus Loves You, Internet I can't get the names lined up.. in this diagram there is a line from switch straight down to Jesusu Loves You. |
08-Aug-2012, 12:36 PM
#5 | |||||||
| Quote:
What control do you have over a neighbour using your network - or if they then allow any of there friends in to use , that you dont know or have any control over - i would be very careful ===================================================== I would change the channel on the wireless router to use channel 1 as you have another strong signal on channel 6 - although alot of weaker signals on channel 1 as a test try logging into the router and removing the wireless security and see if you can connect without any security and then put the security back on and see if you can connect
__________________ Please let us know what the final solution was to any problem posted |
08-Aug-2012, 01:18 PM
#6 | |||||||
| I accessed my router, I think.... it would not allow me to change the channel, and even after taking out all security it still wouldn't allow me to connect. Keeps giving the low signal error msg... but I have the strongest signal around. |
08-Aug-2012, 01:23 PM
#7 | |||||||
| Quote:
make and exact model of the router Quote:
remove all the wireless profiles ------------------------------------------------------------------------ How to remove Wireless Profiles http://mgmcc.forumotion.net/t109-rem...reless-profile ------------------------------------------------------------------------ How to remove Wireless Profiles - for Vista and Windows 7 http://mgmcc.forumotion.net/networki...ofile-t109.htm - Vista/Windows7: - delete the wireless profiles Start> control Panel> classic view> network and sharing center> manage wireless networks Delete the profiles you will then have to enter the wireless security key for any networks you connect to - so make sure you know the correct password , and not using an incorrect password at all ------------------------------------------------------------------------ How to remove Wireless Profiles - for XP http://mgmcc.forumotion.net/networki...ofile-t109.htm - XP http://www.tp-link.com/support/showfaq.asp?id=186 - delete the preferred networks start> control panel> network connections> right click on the wireless connection> listed wireless networks tab in the preferred network list click on each one and - remove button you will then have to enter the wireless security key for any networks you connect to - so make sure you know the correct password , and not using an incorrect password at all ------------------------------------------------------------------------
__________________ Please let us know what the final solution was to any problem posted |
08-Aug-2012, 01:37 PM
#8 | |||||||
| OK, I did change the channel after changing the access type... b, g, b + g, Auto Still no luck... will try the new steps after running some errands. It seems to me like every attempt to connect to my router through WIFI is being blocked.. like a program running in my system. And all commands that are should be taking me to my router instead takes me to the hacker's router. When I had a chance to do a properties look at the unknown router and or the pc, instead of having web information such as www.kernal.org for the router and model number, it had www.microsoft.com and www.go.microsoft/fwlink/?linkid=105926 which took me to a web page dealing with microsoft media player. Has computers been hacked through this software? I'll be back |
08-Aug-2012, 02:04 PM
#9 | |||||||
| any chance of some screen shots post a screen shot of the device manager - network adapters To post a screen shot of the active window. 1) hold the Alt key and press the PrtScn key. Open the Windows PAINT application and Paste the screen shot. You can then use PAINT to trim to suit, and save it as a JPG format file. OR 2) if you are using Vista/Windows 7 you can use the "snipping tool" which is found in Start> All programs> Accessories> Snipping Tool To upload the screen shot to the forum, open the full reply window ("Go Advanced" button) and use the Manage Attachments button to upload it here. Full details are available here http://library.techguy.org/wiki/TSG_...g_a_Screenshot
__________________ Please let us know what the final solution was to any problem posted |
08-Aug-2012, 04:45 PM
#10 | |||||||
| FYI.... problem solved right now... not that it still might be a problem later on. I did a complete reset to factory settings on the router and changed passwords. |
08-Aug-2012, 06:11 PM
#12 | |||||||
| What's interesting is that the next network on the list had been using my channel and had the same frequency. now it has the same channel and frequency of the network that comes after it on the list? could this be the person hacking? |
08-Aug-2012, 11:49 PM
#13 | |||||||
| Ok... it's solved for now |
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
button at the top of the page of the thread in the upper left corner. 