Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Networking Networking
Search Search
Search for:
Tech Support Guy > > >

Can't get online, virus?? Please Help!!


(!)

coleybug's Avatar
coleybug coleybug is offline
Member with 86 posts.
THREAD STARTER
 
Join Date: Jul 2003
Location: Texas
Experience: Advanced
10-Dec-2005, 04:02 PM #1
Question Can't get online, virus?? Please Help!!
For the past few days I've not been able to get online. I keep getting an internet address like this: http://www.errorrelatedmatches.com/failure.aspx?type=DNS&lang=en&key=www%2Eerrorrelatedmatches%2Ecom&did=35&cl ientguid={87979EA2-4A98-4B53-BEBA-5105982DCFA6}&clientversion=4.0.2166.36822

I called my server and they said that everything looked fine. I had an IP address and all but still can't connect without getting the address above.

I have run virus scan, adaware stinger and spybot and they all come up clear.

Took several attempts to even get here...

Please help!! Finals this week and need to get papers done...
brendandonhu's Avatar
Member with 14,681 posts.
 
Join Date: Jul 2002
Location: Ann Arbor, MI
Experience: Advanced
10-Dec-2005, 08:17 PM #2
  • Run HijackThis and click Do a system scan and save a log file. Post the log here
coleybug's Avatar
coleybug coleybug is offline
Member with 86 posts.
THREAD STARTER
 
Join Date: Jul 2003
Location: Texas
Experience: Advanced
10-Dec-2005, 08:40 PM #3
Logfile of HijackThis v1.99.1
Scan saved at 7:38:46 PM, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/u...0/sdcregie.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133862540609
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.dotphoto.com/XUpload.ocx
O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv...st/tt_test.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
JohnWill's Avatar
Computer Specs
Retired Moderator with 106,412 posts.
 
Join Date: Oct 2002
Location: South Eastern PA, USA
10-Dec-2005, 09:01 PM #4
Try the following repairs. Reboot after each repair before you test.

TCP/IP stack repair options for use with Windows XP with SP2.

For these commands, Start, Run, CMD to open a command prompt.

Reset WINSOCK entries to installation defaults: netsh winsock reset catalog

Reset TCP/IP stack to installation defaults. netsh int ip reset reset.log

If they fail, you can try this Automated WINSOCK Fix for XP
__________________
Remember: Data you don't have at least two copies of is data you don't care about.
coleybug's Avatar
coleybug coleybug is offline
Member with 86 posts.
THREAD STARTER
 
Join Date: Jul 2003
Location: Texas
Experience: Advanced
11-Dec-2005, 03:09 AM #5
Thanks!! I downloaded the Winsock fix and my surfing abilities are way much better!! Thanks!!
coleybug's Avatar
coleybug coleybug is offline
Member with 86 posts.
THREAD STARTER
 
Join Date: Jul 2003
Location: Texas
Experience: Advanced
11-Dec-2005, 03:17 AM #6
Just as I said that I got another "Cannot find server" as well as the address listed in my first post
JohnWill's Avatar
Computer Specs
Retired Moderator with 106,412 posts.
 
Join Date: Oct 2002
Location: South Eastern PA, USA
11-Dec-2005, 09:44 PM #7
Whatever site http://www.errorrelatedmatches.com is, I suspect it's at the root of your problem. I'm guessing some sort of spyware/malware, because I can't imagine that being something that should pop up here.
VirtualMe's Avatar
VirtualMe VirtualMe is offline
Senior Member with 867 posts.
 
Join Date: Sep 2002
12-Dec-2005, 12:16 AM #8
I think JohnWill is right on about the spyware/malware.

You may have something like the Trojan.Startpage.Q or Troj/StartPa-HN TROJAN

To be sure one way or the other goto http://forums.techguy.org/t110854.html and under Best Online Scanners: run one or more of the online scanners. Save and Post a log.

If the online scanners finds you have something bad you can move to the Security forum for help.
Brimragen's Avatar
Brimragen Brimragen is offline
Junior Member with 1 posts.
 
Join Date: Dec 2005
Experience: Intermediate
23-Dec-2005, 04:28 AM #9
I got it too
Hi.
I have the same problem with www.errorrelatedmatches.com. It started right after I installed the neopets tool bar, which your hijack this log shows that you also have installed. I am about to remove the toolbar to see if it helps.

Blessings.
brendandonhu's Avatar
Member with 14,681 posts.
 
Join Date: Jul 2002
Location: Ann Arbor, MI
Experience: Advanced
23-Dec-2005, 07:04 AM #10
I did some quick file analysis and this problem is definitely caused by the Neopets toolbar. It connects to numerous advertising sites, one of which redirects IE to errorrelatedmatches.com. I'll be sending what I found to CastleCops, who now list the Toolbar as Legitimate.
brendandonhu's Avatar
Member with 14,681 posts.
 
Join Date: Jul 2002
Location: Ann Arbor, MI
Experience: Advanced
23-Dec-2005, 07:04 AM #11
By the way- uninstalling Neopets Toolbar solves the problem.
TonyKlein's Avatar
Malware Removal Specialist with 10,392 posts.
 
Join Date: Aug 2001
Location: The Netherlands
23-Dec-2005, 01:02 PM #12
Thank you for bringing this to my attention, Mark and Brendandonhu.

I test installed the Neopets toolbar a short while ago, but I'm not getting redirected myself (as yet, perhaps...).

However, there's a tb400_en.cfg file in the Application Data\Neopets Toolbar\IECache folder which does contain this text:

Code:
<DATA TYPE = "DNSERROR">
"REDIRECTION", "http://www.errorrelatedmatches.com/failure.aspx?type=DNS&lang=<<<LANGUAGE>>>&key=<<<SEARCH_TERMS>>>&did=35&clientguid=<<<CLIENT_GUID>>>&clientversion=<<<CLIENT_VERSION>>>", 
"URLS","",
</DATA>
I have edited the status of all Neopets CLSIDs to 'O' while referring to this topic:

http://castlecops.com/modules.php?na...&query=neopets

Best regards,
__________________
Tony < - > CLSID List - A Collection of Autostart Locations
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
 
Join Date: Jul 2002
Location: Thomasville, NC
23-Dec-2005, 01:06 PM #13
Thanks Tony!
brendandonhu's Avatar
Member with 14,681 posts.
 
Join Date: Jul 2002
Location: Ann Arbor, MI
Experience: Advanced
23-Dec-2005, 01:33 PM #14
Tony- you might try running the file Toolbar.dll (its hidden in the toolbar's folder in Program Files) through AnalogX TextScan or something similar. You can see a number of URLs it accesses, including couldnotfind.com.
TonyKlein's Avatar
Malware Removal Specialist with 10,392 posts.
 
Join Date: Aug 2001
Location: The Netherlands
23-Dec-2005, 01:56 PM #15
Hi Brendan,

I usually do look at a 'new' file with FileSnoop or FileAlyzer, but this time I installed the application, logging the process with InCtrl5 (nothing too much out of the ordinary), then let it simmer for a bit, watching how my browser behaved...

I already got rid of it.

Anyhow, although you can't really lump this Neopets toolbar into the same league as, say, SpyAxe, LOP, or malware of that ilk, I've certainly seen enough to warrant removing that 'legitimate' status...

Cheers,
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2