1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Problem accessing web pages

Discussion in 'Virus & Other Malware Removal' started by FartSmeller, Jan 30, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. FartSmeller

    FartSmeller Thread Starter

    Joined:
    Jan 29, 2005
    Messages:
    8
    I am trying to solve a weird problem for my sister's computer. (Win XP Pro, pre-SP2)

    It won't access the internet no matter what type of connection I establish (I've tried wired connection to router on cable, wireless connection to same router and even dial-up). All connections are made but no internet.

    My laptop surfs the internet just fine but her desktop just won't display any web pages - keep getting the "That page cannot be displayed" page. Other programs that access the internet directly are also failing.

    I've tried everything I know of to fix it. Checked the internet connection settings - they look fine. Reset all the security zones to the defaults - no help.

    Anyone have any ideas? Could this be caused by spyware? I know there is some on her machine - I ran SpyBot but can't get the latest updates.

    It's almost as though part of the OS is corrupt and not allowing the internet to be recognized.
     
  2. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,136
    First Name:
    Wayne
    could be malware or firewall
    have you checked the firewall to make sure its not stopping the program from getting out.

    has it ever worked

    start
    run
    cmd
    ipconfig /all

    rightclick in the box
    select all
    control key + C key - to copy
    then reply here and
    control key + V to paste


    Is there any way of getting some programs over to her PC

    if so

    post a hjt log

    HIJACK THIS:

    Download and copy hijackthis [should be version 1.99] to its own folder , it makes backups so keeping them separate and available can be useful.
    SO DO NOT put hjt onto the desktop or temp files.

    create a directory say my documents/hjt


    Note the Spyware tools websites are very often under attack and so I have provided more than 1 location to download from:

    Version at 16/12/04

    http://computercops.biz/zx/Merijn/hijackthis.zip (Version 1.99)
    http://www.merijn.org/files/hijackthis.zip (Version 1.99)
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip (Version 1.99)
    http://209.133.47.200/~merijn/downloads.html (Version 1.99)
    http://www.thespykiller.co.uk/ (Version 1.99)
    http://aumha.org/downloads/hijackthis.exe (Version 1.99)
    http://www.tomcoyote.org/hjt/ (Version 1.99)
    http://www.majorgeeks.com/download3155.html (Version 1.99)
    http://www.thewhities.com/ (Version 1.99)

    http://www.lurkhere.com/~nicefiles/ (1.98.2)
    http://www.net-integration.net/tools/hijackthis.html (Version 1.98.2)
    http://www.merijn.org/files/hijackthis1982.zip (Version 1.98.2)
    http://computercops.biz/zx/Merijn/hijackthis1982.zip (Version 1.98.2)

    http://www.sherrylynn.us/privacypolicy (this has an older version 1.97 - if you can not get to any of the above sites)

    {NOTE: Systems infected with the 'Ms4Hd' rootkit parasite will experience crashes in HijackThis 1.99.x since this parasite deliberately crashes programs that try to detect it. For such cases, Use HijackThis 1.98.2 }

    You must make sure all startup programs are selected - to do this:
    This does NOT apply to win2K
    Open Start> Run and type MSConfig in the 'Run' box.
    When the System Configuration Utility opens, go to the 'Startup Tab' and make sure there is a checkmark beside each and every entry entry.
    Goto the general tab and makesure that the "normal startup" option is checked.
    REBOOT when asked to by Windows to complete the change.

    Close all open windows and open Hijack This. Click “Scan”. When the scan is finished (Fix checked button appearing, may take a while on some systems), the scan button will change to “Save Log”.
    Click on “Save Log” and then it should save and open in NotePad.
    Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.
    DO NOT FIX ANYTHING wait advice from one of the many security experts in this forum.

    I currently do not have the skill/competence to advise and poor advice can be far more damaging to your PC with this software, and so I will be unable to add any advice on the log and so will nolonger be replying to your post with regards to the HJT issue, so please have patience and wait for one of the secruity experts to provide further detailed advice

    i will however, be notified when you post the log

    The secruity forum gets very busy - so you may not get an instant reply to your log - If you do not get a response in 24hrs - they post another reply and this will bring the log back to the top of the forum, just in case its missed



    ----------------------
    Just in case download LPSfix
    http://www.cexx.org/lspfix.htm
    and keep safe - do not use until requested
     
  3. mike5532g

    mike5532g

    Joined:
    Jun 11, 2004
    Messages:
    2,312
    Check the proxy settings.
    Check dns server addresses.

    This may help. WinSock XP Fix
     
  4. FartSmeller

    FartSmeller Thread Starter

    Joined:
    Jan 29, 2005
    Messages:
    8
    Thanks for all replies so far. Here are answers to your questions and additional info:

    - Firewall is not enabled on any network connections.
    - Has it ever worked? Yes - this computer was successfully surfing up until a few weeks ago. It was connected (via cat5 cable) to a router, in turn, connected to a cable modem. I can plug my laptop into the same cable and surf away.
    - ipconfig /all results:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : gostich
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection 4:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : F5D5000, PCI Card/Desktop Network PC
    I Card
    Physical Address. . . . . . . . . : 00-30-BD-72-0D-0B
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Autoconfiguration IP Address. . . : 169.254.235.245
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :

    - Yes, I can get programs to the PC via floppy/CDRW
    - There are no proxy server settings ("Use a proxy server..." is unchecked)
    - Hiijack this results:

    Logfile of HijackThis v1.99.0
    Scan saved at 11:50:15 AM, on 1/30/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\pctspk.exe
    C:\WINNT\System32\svchost.exe
    C:\winnt\system32\saie.exe
    C:\Program Files\CSBB\CSv10P070.exe
    C:\WINNT\System32\winupdtl.exe
    C:\WINNT\System32\l?gonui.exe
    C:\Program Files\CxtPls\CxtPls.exe
    C:\Documents and Settings\Marty\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINNT\ZServ.dll
    O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINNT\BTGrab.dll
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
    O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINNT\Helper101.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [saie] c:\winnt\system32\saie.exe
    O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKLM\..\Run: [winupdtl] C:\WINNT\System32\winupdtl.exe
    O4 - HKLM\..\Run: [gfsp] C:\WINNT\gfsp.exe
    O4 - HKLM\..\Run: [pehmkc] C:\WINNT\System32\pehmkc.exe
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
    O4 - HKLM\..\Run: [ulrhxc] C:\WINNT\System32\ulrhxc.exe
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Qogysfc] C:\WINNT\System32\l?gonui.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\aklsp.dll' missing
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.05p.com (HKLM)
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.scoobidoo.com (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
    O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
    O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
    O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
    O23 - Service: ZESOFT - Unknown - C:\WINNT\zeta.exe
     
  5. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,136
    First Name:
    Wayne
    I think you should wait for an expert to decode this log - spyware etc maybe your problem.

    I have requested move to secruity forum
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi Welcome to TSG, I've moved your post to security and will give you suggestions on your log shortly....
     
  7. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,136
    First Name:
    Wayne
    Thanks cybertech
     
  8. FartSmeller

    FartSmeller Thread Starter

    Joined:
    Jan 29, 2005
    Messages:
    8
    Thanks to all of you for your quick responses and generosity. I will wait for a response before doing anything.
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click on the link below to get lsp-fix.
    Run that to fix your internet connection.

    http://www.cexx.org/lspfix.htm

    Check the box that says "I know what I'm doing".
    Remove aklsp.dll only that one!

    Reboot and delete the file: c:\windows\system32\aklsp.
    __________________

    Download this tool
    http://www.mvps.org/winhelp2002/DelDomains.inf

    Right click on the file and choose install.

    __________________
    Run HJT again and put a check in the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [saie] c:\winnt\system32\saie.exe
    O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKLM\..\Run: [winupdtl] C:\WINNT\System32\winupdtl.exe
    O4 - HKLM\..\Run: [gfsp] C:\WINNT\gfsp.exe
    O4 - HKLM\..\Run: [pehmkc] C:\WINNT\System32\pehmkc.exe
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
    O4 - HKLM\..\Run: [ulrhxc] C:\WINNT\System32\ulrhxc.exe
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
    O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINNT\ZServ.dll
    O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINNT\BTGrab.dll
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
    O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINNT\Helper101.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKCU\..\Run: [Qogysfc] C:\WINNT\System32\l?gonui.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...8a29296baabe1d6
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
    O23 - Service: ZESOFT - Unknown - C:\WINNT\zeta.exe

    Close all applications and browser windows before you click "fix checked".

    Restart in safe mode

    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".

    Delete these files:
    C:\WINNT\gfsp.exe
    C:\WINNT\zeta.exe
    C:\WINNT\System32\pehmkc.exe
    C:\WINNT\system32\saie.exe
    C:\WINNT\System32\winupdtl.exe

    Delete these folders:
    C:\Program Files\AWS
    C:\Program Files\CSBB

    Empty your recycle bin.

    Reboot.
    __________________

    Download Spybot http://www.safer-networking.org/en/download/index.html

    Click on "Search For updates" when prompted.

    Scan, click on fix problems.

    Reboot.

    __________________

    Download AdAware SE Personal: http://www.lavasoftusa.com/support/download/

    Install the program and launch it.

    On the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

    In the main window: Click Start and under Select a scan Mode tick Perform full system scan.

    Deselect Search for negligible risk entries.

    To start the scan, click the Next button.

    When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

    Reboot and post another log.
     
  10. FartSmeller

    FartSmeller Thread Starter

    Joined:
    Jan 29, 2005
    Messages:
    8
    Sorry for the delayed response.

    I followed the directions and things were going well until the end. I downloaded both Spybot and Ad-Aware. Ran Spybot, got the updates, did a scan, and then clicked on the fix button and got a blue screen. It identified vdnt32.sys as the problem file. I tried this process again with the same bsod results.

    I rebooted and ran Ad-Aware. It was more successful but I still believe there are problems. Here is the latest Hiijack log:
    Logfile of HijackThis v1.99.0
    Scan saved at 4:31:50 PM, on 1/30/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\pctspk.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\explorer.exe
    C:\Documents and Settings\Marty\My Documents\HiijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
    O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
    O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    R3 - Default URLSearchHook is missing

    Close all applications and browser windows before you click "fix checked".

    Go here and run at least two of the online scanners.
    http://forums.techguy.org/t110854/s.html

    When complete post another HJT log for review.
     
  12. FartSmeller

    FartSmeller Thread Starter

    Joined:
    Jan 29, 2005
    Messages:
    8
    Cybertech, thanks for your reply. I'm am away from the computer at the moment (I'm at work) but I will try your suggestion tonight when I get home.

    Will your suggestion eliminate the blue-screen/vdnt32.sys problem? I've done some more research on this and it seems to have something to do with a Trojan/virus known as HaxDoor?

    Since my last post, I have had repeated problems with unsolicited pop-ups and several blue-screen encounters. Also, it seems that whenever I try to access the c:\winnt\system32 directory contents, it crashes.

    Thanks again for your time and effort.
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  14. FartSmeller

    FartSmeller Thread Starter

    Joined:
    Jan 29, 2005
    Messages:
    8
    Thanks for the link. I've read enough during my research to know that this Trojan/virus has many variations and may be tricky to remove.

    With respect to the link you supplied, do I need SOPHOS anti-virus to apply the fix they mention? If so, is there a reliable source of information that you know of to identify which strain I have and how to remove it manually?

    Again, thank you very much for your help. I have spent enough time on this that I'm considering re-installing WinXP to fix it.
     
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I would try Housecall first. Additionally I would boot to safe mode and see if I could delete that file.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324874

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice