Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Ahh, The Redirect - I got it too


(!)

jjtegt's Avatar
jjtegt jjtegt is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
29-Jul-2010, 11:08 PM #1
Ahh, The Redirect - I got it too
Hello:

I've been reading quite a bit on redirect stuff but I think it may just be best to start my on post to get some help.

I've got 3 computers networked at home. A PC 64-bit Vista Machine, a laptop 64-bit Vista Machine, and another laptop 32-bit XP Machine. All three use Yahoo as home pages with two "My Yahoo" custom pages. All three primarily run IE but the PC also runs Firefox. All three began having redirect problems about a month ago. Personally, I think it somehow came from weather.com, because after we all starting visiting weather.com and downloaded a desktop weather.com icon things got weird.

When searching under Yahoo or Google links are redirected. If entering commonly visited sites on the URL, sites may often be redirected while using the site (usta.com, weather.com, etc.). We found that using Bing did not pose the same problem when searching but now that is starting to act funky too. After being redirected, we can go back and try again and the link will usually work properly. Occasionally, while on a favorite site the redirect will send to some sites and a false warning will come up and it will look as if the computer is scanning for viruses. It won't let me off these sites until I bring up the Task Manager and end the program. One time many adult sites kept popping up.

I've got licensed copies of Webroot Spy Sweeper on all 3, Malware Bites on all 3 and Super Anti-Spy Sweeper and CCleaner on the PC. Nothing really bad seems to come up on Spy Sweeper and Malware Bites finds NO infections. At this point my goal is to clean up the Vista Machines and make sure the network is safe. Thinking about just recycling the XP, as it is 6 years old and replacing it anyway.

See my OTL log below. Anything jump out at ya. Thanks in advance.

TL logfile created on: 7/29/2010 9:34:38 PM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\jtegtmeier\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 44.00% Memory free
10.00 Gb Paging File | 7.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.24 Gb Total Space | 267.82 Gb Free Space | 45.92% Space Free | Partition Type: NTFS
Drive D: | 12.93 Gb Total Space | 1.26 Gb Free Space | 9.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 169.68 Gb Free Space | 36.43% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JTEGTMEIER-PC
Current User Name: jtegtmeier
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/16 06:50:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\jtegtmeier\Downloads\OTL.com
PRC - [2010/04/29 09:38:54 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
PRC - [2010/03/02 11:41:51 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2010/02/02 03:32:46 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/01/31 10:01:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/11/06 16:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 13:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/07/16 06:50:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\jtegtmeier\Downloads\OTL.com
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/02 11:41:51 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/01/31 10:01:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/11/06 13:00:36 | 000,135,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2009/11/06 13:00:34 | 000,037,488 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/17 17:57:13 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 21:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 21:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 21:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2008/01/20 21:46:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2007/07/16 16:29:33 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX)
DRV:64bit: - [2007/07/16 16:29:23 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)
DRV:64bit: - [2007/05/31 12:39:32 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/03/22 22:59:12 | 000,022,224 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\elrawdsk.sys -- (ElRawDisk)
DRV:64bit: - [2007/01/18 15:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.selectedEngine: "Inbox Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.autoconfig_url: "221.186.138.179:80"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/01 10:17:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/03 07:53:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/16 06:24:03 | 000,000,000 | ---D | M]

[2008/12/18 02:32:28 | 000,000,000 | ---D | M] -- C:\Users\jtegtmeier\AppData\Roaming\Mozilla\Extensions
[2010/07/21 21:50:31 | 000,000,000 | ---D | M] -- C:\Users\jtegtmeier\AppData\Roaming\Mozilla\Firefox\Profiles\j9qzbguw.defau lt\extensions
[2009/09/14 22:39:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jtegtmeier\AppData\Roaming\Mozilla\Firefox\Profiles\j9qzbguw.defau lt\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/21 21:50:31 | 000,000,000 | ---D | M] -- C:\Users\jtegtmeier\AppData\Roaming\Mozilla\Firefox\Profiles\j9qzbguw.defau lt\extensions\staged-xpis
[2009/12/11 22:08:26 | 000,002,168 | ---- | M] () -- C:\Users\jtegtmeier\AppData\Roaming\Mozilla\Firefox\Profiles\j9qzbguw.defau lt\searchplugins\inbox-search.xml
[2010/07/21 21:49:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/16 06:24:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/16 06:23:33 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/12/12 19:07:49 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files (x86)\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.DLL File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.DLL File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\SysWow64\jureg.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\4.0 ( File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www2.snapfish.com/SnapfishOutlookImport.cab (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Cu...WebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/S...dObjSigned.cab (HPSDDX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.7 213.109.72.139 1.1.1.1
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\jtegtmeier\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\jtegtmeier\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30:64bit: - LSA: Authentication Packages - (CAL_M) - File not found
O30 - LSA: Authentication Packages - (ows\S) - File not found
O30:64bit: - LSA: Security Packages - (IO SHARED\9.0\DLLSHARED) - File not found
O30:64bit: - LSA: Security Packages - (ckages settin) - File not found
O30 - LSA: Security Packages - (ges - (ckages settin) - File not fou) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7795a74a-d9d0-11dd-b26a-0023543b13c9}\Shell\AutoRun\command - "" = K:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/16 06:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/16 06:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/16 06:24:03 | 000,423,656 | ---- | C] (Oracle) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/16 06:24:02 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaws.exe
[2010/07/16 06:24:02 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaw.exe
[2010/07/16 06:24:02 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\java.exe
[2010/07/10 21:59:25 | 000,000,000 | ---D | C] -- C:\Users\jtegtmeier\AppData\Local\fqiiybvnw
[2010/07/10 06:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/07/09 22:35:28 | 000,000,000 | ---D | C] -- C:\Users\jtegtmeier\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/09 22:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/09 22:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/07/09 22:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/07 19:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
[2010/07/07 19:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
[2010/07/07 19:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/07 19:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/07/05 09:31:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AWS
[2010/07/01 17:42:03 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.020
[2010/07/01 17:42:03 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01F
[2010/07/01 17:41:56 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01E
[2010/07/01 17:41:55 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01D
[2010/07/01 17:41:55 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01C
[2010/07/01 17:41:51 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01A
[2010/07/01 17:41:51 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.016
[2010/07/01 17:41:51 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01B
[2010/07/01 17:41:51 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.017
[2010/07/01 17:41:51 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.018
[2010/07/01 17:41:51 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.019
[2010/07/01 09:47:03 | 000,000,000 | ---D | C] -- C:\Users\jtegtmeier\AppData\Roaming\Malwarebytes
[2010/07/01 09:46:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/01 09:46:54 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/01 09:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/01 09:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/30 12:25:15 | 000,000,000 | ---D | C] -- C:\temp0
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/29 21:36:57 | 003,670,016 | -HS- | M] () -- C:\Users\jtegtmeier\ntuser.dat
[2010/07/29 20:29:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/29 20:29:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/29 15:36:32 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2010/07/29 15:30:07 | 000,000,363 | ---- | M] () -- C:\Windows\win.ini
[2010/07/29 13:47:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/23 03:00:02 | 000,001,726 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_LCE6EA0B37715451195D34C1DFF4563EC.job
[2010/07/19 09:18:39 | 000,806,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/19 09:18:39 | 000,675,208 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/19 09:18:39 | 000,132,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/16 06:23:31 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaws.exe
[2010/07/16 06:23:31 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaw.exe
[2010/07/16 06:23:31 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\java.exe
[2010/07/16 06:23:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/16 06:13:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/16 06:13:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/16 06:12:04 | 000,524,288 | -HS- | M] () -- C:\Users\jtegtmeier\ntuser.dat{a7a48143-615e-11df-8f3c-91e9c27cbbed}.TMContainer00000000000000000001.regtrans-ms
[2010/07/16 06:12:04 | 000,065,536 | -HS- | M] () -- C:\Users\jtegtmeier\ntuser.dat{a7a48143-615e-11df-8f3c-91e9c27cbbed}.TM.blf
[2010/07/16 06:11:34 | 003,677,787 | -H-- | M] () -- C:\Users\jtegtmeier\AppData\Local\IconCache.db
[2010/07/10 06:52:51 | 000,000,808 | ---- | M] () -- C:\Users\jtegtmeier\Desktop\CCleaner.lnk
[2010/07/10 01:28:01 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjtegtmeier.job
[2010/07/09 22:35:25 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/07 20:15:34 | 000,000,571 | ---- | M] () -- C:\Windows\wininit.ini
[2010/07/04 17:51:42 | 000,011,322 | ---- | M] () -- C:\Users\jtegtmeier\Documents\Bags Scorecard.xlsx
[2010/07/01 09:46:59 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/13 11:32:45 | 000,044,544 | ---- | C] () -- C:\Users\Public\Documents\buckhorn.eval.xls
[2010/07/10 06:52:51 | 000,000,808 | ---- | C] () -- C:\Users\jtegtmeier\Desktop\CCleaner.lnk
[2010/07/09 22:35:25 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/07 20:15:33 | 000,000,571 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/04 17:35:10 | 000,011,322 | ---- | C] () -- C:\Users\jtegtmeier\Documents\Bags Scorecard.xlsx
[2010/07/01 17:41:58 | 000,407,870 | ---- | C] () -- C:\Users\jtegtmeier\AppData\Local\dd_vcredistMSI6395.txt
[2010/07/01 17:41:58 | 000,011,168 | ---- | C] () -- C:\Users\jtegtmeier\AppData\Local\dd_vcredistUI6395.txt
[2010/07/01 09:46:59 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2009/09/17 20:07:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 20:06:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/26 11:39:25 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2008/12/13 12:03:43 | 000,790,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/12/13 03:37:22 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\RDAccess.dll
[2008/12/13 02:29:27 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/12/12 00:49:04 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2008/12/11 17:20:51 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\usbinst32.dll
[2008/12/11 17:02:50 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2008/12/11 17:02:46 | 000,000,033 | ---- | C] () -- C:\Windows\hppLangChoice.ini
[2008/12/11 17:02:44 | 000,343,040 | R--- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2008/12/11 17:02:44 | 000,116,736 | R--- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2008/12/11 17:02:30 | 000,094,274 | ---- | C] () -- C:\Windows\SysWow64\HPBHealr.dll
[2008/09/06 04:33:47 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/09/06 04:33:47 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/14 19:54:04 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:F3838DBF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP1B5B4F1
< End of report >
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
29-Jul-2010, 11:48 PM #2
Hello there Welcome to the TSG Forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.


Please note the following:
  • The fixes are specific to your problem and should only be used on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
  • It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please refrain from doing any fixing of your own while I am assisting you with this problem. I need to keep track of what is going on as the order in which we do things can often be important.
  • If this is a company owned system or a work computer let me know.
  • Please reply to this thread. Do not start a new topic.



Hello there. Because all three machines are showing symptoms, I'm leaning towards the possibility that your router is infected. What is the make and model of your router?
jjtegt's Avatar
jjtegt jjtegt is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
30-Jul-2010, 08:50 AM #3
Hey NeonFx:

Thanks for starting this out. To answer a couple of your questions...

Be warned, I'm a bad speller and proof-reader of my own work.

The PC is the main computer we work with most and we have two logins (Personal and Business). That is the one we are exchanging replies. The issues occur with either login on this PC. The Vista Laptop is primarily business and the XP Laptop was business but has been passed on to our son for personal. We own a business and work from home. So the system is personally owned but used for business too. All printers run through this main PC.

We actually have 4 computers total with another xp laptop owned by one of my vendors. We do not surf the internet with this laptop and while online at vendor sites we have not been redirected. (currently out of the office at vendor for an upgrade).

We have 3 routers present in the home. Two manage hardwired connections to the bedrooms in the house and the office. They also tie in a wireless router for laptop use on our main level.

1. Linksys Cable/DSL Router w/4 Port Switch (Model BEFSR41): This unit brings in the cable modem to the network and ties in a couple of hardwired office conections.
2. Linksys 10/100 8 Port Work Group Switch (Model EZXS88W): This unit ties in the rest of the hardwired connections in office and bedrooms and connects the wireless router to the system.
3. Linksys Wireless-G Broadband Router (Model WRTS4GS): Used when laptops are not connected to a wall port.

As for your thought that this may be related to the router...my opinion is that it is not a router. Because my son is not plugged into the wall in his room, he is going wireless WHILE our computers in the office are all plugged into wall ports PLUS the 4th Vendor owned laptop does not appear to show any problems.
ALSO two weeks ago I did shut the entire network down. I powered down all the routers and unplugged cable modem and powered it down too. Upon resetting, the symptoms remained.

However, I know just enough to get myself in trouble with this kind of thing. I'm able to think very logically and can handle the technology at an intermediate level. But that can cause me to think I know what I'm doing or assume I understand how things work and end up making it worse.

Finally, do you expect a response in some standard time? Can I work and do things normally day to day, run my business, including being gone a portion of the coming w/e or do you want me to check back often and reply quickly?

Thanks
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
30-Jul-2010, 01:33 PM #4
Hi there.

I think I have a pretty good picture of how your network was set up. Regular switches can't be infected as all they do is relay information but routers can. In your case, I believe your cable modem is also a router seeing as you wouldn't be able to simply hook it up to a switch and have all the devices work without much heartache.

If no computers other than this one are showing symptoms then you are probably right about router infection not being the culprit.


You seem to have a proxy set up on this system that connects to an IP in Japan. Does this have anything to do with the work you do? I ask because a proxy is a server that acts as a man in the middle between you and the internet. It could be used maliciously to say redirect your searches.


Just turning the devices off would not rid them of infection. They would have to be reset to their factory settings.


Don't worry about delays, I'm in no hurry.
jjtegt's Avatar
jjtegt jjtegt is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
30-Jul-2010, 02:59 PM #5
NoenFx:

To be clear we ARE having symptoms on all three personally owned computers. The 4th vendor laptop has seemed fine. This PC (business and personal), my laptop (business mainly) and our son's laptop (personal only, since issues began).

Interesting. Japan, that is crazy! Nope no work with folks in Asia. I'll need a few year's before my business is that big to leave our continent .

I'm using a Charter Bundle (phone, tv, internet). Do you have Charter in CA? I think they are a national company. Might that explain the odd proxy? If not, it may still be the modem/router.

The system itself was set up by Geek Squad via Best Buy. I thought the tech was quite good but that was 5 years ago, could the proxy have been established that long ago for security? Had some work done on the network by a local outfit about 2 years ago because hardware was not talking. I had purchased a new printer and screwed things up networking it. I was not pleased with the work they did and felt they made things worse and less secure. Perhaps the proxy was set up at that time. Just learning.

jjtegt
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
30-Jul-2010, 03:24 PM #6
The fact that more than one computer is affected only convinces me further that the problem is being caused by an infected router.

From your description, this is what I am picturing as your network setup:


MODEM
| |
WIRELESS-----SWIT-----SWIT


(Nevermind, the spacing isn't working properly for me. I meant to connect the modem to the two switches).


This tells me that the infection lies in the Modem which is also acting as a router. This device needs to be reset to its factory defaults, which is a different procedure from say shutting it off and then turning it on again. If you can tell me the make and model of the device I can help you do this. There is typically a small reset button on the back of the device which can be held down for about 10 seconds while it is still on to reset it to factory defaults.


Any custom settings will be reset. Because this is a Modem/Router, it may disrupt your ability to access the internet until the custom settings can be put back in place. Make sure you have your ISP's phone number nearby if that happens.
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
30-Jul-2010, 03:29 PM #7
Let's see if I can get this right:

MODEM
| |----------SWITCH----------WIRELESS
|
SWITCH
jjtegt's Avatar
jjtegt jjtegt is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
30-Jul-2010, 04:20 PM #8
I think it is closer to this, but this may not matter.

MODEM
|
SWITCH-----------SWITCH----------WIRELESS
| | | |
WALL PORT(S) WALL PORT(S)

Switches and wireless are in series. Switches are not in parallel.

The make of the modem does not appear on the unit, installed by Charter. Sticker on the bottom says:

Trade Name: Ambit
Model #: U10C018
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
30-Jul-2010, 04:40 PM #9
How are the switch and the wireless router connected? Are you using one of the several ethernet ports that are bunched together on the wireless router or are you using its external ethernet port?


I am asking to establish exactly which device is giving out configuration information.
jjtegt's Avatar
jjtegt jjtegt is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
30-Jul-2010, 05:25 PM #10
Coaxial cable to Modem
Ethernet cable from Modem to port labeled "Internet" on Switch 1
Ethernet cable from port #4 on Switch 1 to port labeled "Uplink" on Switch 2
Ethernet cable from port #2 (bundled together in bunch of 8) on Switch 2 to port #1 (bundled together in bunch of 4) on Wireless Router. Nothing plugged into port labeled "Internet" on Wireless Router.

Question: Since Switch 1 is named "Cable/DSL Router w/4 Port Switch" how do we know it is only acting as a switch and not a router as well? Not questioning you, just learning, thanks.
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
31-Jul-2010, 11:13 AM #11
I'm glad you're paying attention because I clearly was not. It all makes more sense now that I realize that you have a router and not a switch connected directly to the modem which means that all the devices are talking to this router and it is then relaying everything between them and the internet.

Let's try resetting that router to its factory defaults. You'll need to hold down the little reset button the back of the device for about ten seconds while it is still on to do this. This will reset all of its settings to those it had when it was first hooked up. This includes any custom settings you may have added such as port forwarding rules or passwords and these will need to be reset manually if you did.
jjtegt's Avatar
jjtegt jjtegt is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
31-Jul-2010, 12:59 PM #12
Morning NeonFx:

Man is was tough just getting back to you today. In my first attempt I was redirected to some site that had me taking a quiz. I could not get off until I got the Task Manager up so I could end IE processes. The second time a new tab opened with somethng for sale. I'm not sure if this will help but here is some additional information: When I attempt a search on Yahoo or Google, if I just place my mouse over the link and hold the left click down but not finish the command...below it will show where I'd be redirected if I executed the click (perhaps this is normal):

On Yahoo: http://rds.yahoo.com/blahblahblah

On Google: http://results5.google.click/php?q=blahblahblah

Then I'll always be redirected. However, if I go back to my original search I just made on Yahoo or Google and try the same link. On the 2nd or third time it will take me to the correct site.

If I do the same thing on Bing. It will show the proper link http address and upon clicking it will take me there correctly.

Back to resetting the first router/switch. I've not done that yet. I know I did not create any custom settings. However, is there a way to confirm the Geek Squad guys from a 5 years ago or the local outfit from 2 1/2 years ago did anything custom before I blow that all out?

How's the weather in CA today?

Thanks
jjtegt's Avatar
jjtegt jjtegt is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
31-Jul-2010, 01:05 PM #13
Internet Explorer cannot display the webpage


What you can try:

Diagnose Connection Problems

More information


This problem can be caused by a variety of issues, including:
  • Internet connectivity has been lost.
  • The website is temporarily unavailable.
  • The Domain Name Server (DNS) is not reachable.
  • The Domain Name Server (DNS) does not have a listing for the website's domain.
  • There might be a typing error in the address.
  • If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.
For offline users

You can still view subscribed feeds and some recently viewed webpages.
To view subscribed feeds
  1. Click the Favorites Center button , click Feeds, and then click the feed you want to view.
To view recently visited webpages (might not work on all pages)
  1. Click Tools , and then click Work Offline.
  2. Click the Favorites Center button , click History, and then click the page you want to view.
Oh, one more thing...

I may also get the "Internet Explorer cannot display the webpage" page. Then it asks me to diagnose the problem. So perhaps this is a router thing.

Later. I'll be out for a while this afternoon.
jjtegt's Avatar
jjtegt jjtegt is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
31-Jul-2010, 01:07 PM #14
Copied the page into my message...above my message.
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
31-Jul-2010, 01:16 PM #15
The default factory settings in routers are typically more secure than after the settings have been messed with. That is, unless we're talking about a wireless router which needs to be secured with encryption and a password.

The only thing you'll have to really do is change the administrative password on the device to something other than its default so that it doesn't get infected again.


I found a userguide for that router here that may be useful:

http://support.radioshack.com/suppor...oc66/66591.pdf



Weather here is overcast and cool Just the way I like it.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
W32.Myzor.FK@yf....I've got it too... erasure Virus & Other Malware Removal 0 03-Oct-2008 12:43 AM
WIN32:zlob-bn(trj) I got it too!! benttwig Virus & Other Malware Removal 1 02-Jun-2006 12:59 PM
Solved: My log for Movieland... cause i got it too :( yasmeen143 Virus & Other Malware Removal 30 30-Jan-2006 09:07 PM
I GOT IT TOO!! :( Teej Virus & Other Malware Removal 8 04-Feb-2004 08:21 PM
Popnav i got it too allsop Virus & Other Malware Removal 1 18-Jan-2004 02:33 AM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑