Avatar
Please consider registering
guest
sp_LogInOut Log Insp_Registration Register
Register | Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Feed Topic RSSsp_topic_old
Wireless Connectivity
Avatar
Jim Hillier
Admin
November 9, 2008 - 10:03 pm
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

Okay Mate - Sweet, that's the way to go. Now, do you have an XP installation disc?

Avatar
CarbonTerry
Member
Members
November 9, 2008 - 10:10 pm
Member Since: October 23, 2008
Forum Posts: 42
sp_UserOfflineSmall Offline

On checking his "Wireless Network Connection Status" There are no packets being received. However it is indicated that there is a connection.
On the laptop the received section is active.

CT

Avatar
CarbonTerry
Member
Members
November 9, 2008 - 10:11 pm
Member Since: October 23, 2008
Forum Posts: 42
sp_UserOfflineSmall Offline

No installation disc (XP Pro) !!!

Avatar
Jim Hillier
Admin
November 9, 2008 - 10:21 pm
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

Oh, shame....never mind. Have you ever used Hijack This? Could you run a scan and post the logfile here? Would like to double check that the XP Antivirus infection is all gone, no leftovers.

JIM

Avatar
CarbonTerry
Member
Members
November 9, 2008 - 10:33 pm
Member Since: October 23, 2008
Forum Posts: 42
sp_UserOfflineSmall Offline

This will have to be done on Monday when I can get to his computer.....

Avatar
Jim Hillier
Admin
November 9, 2008 - 10:58 pm
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

No worries Terry, whenever you can. Just want to completely eliminate the possibility so we know to concentrate on other areas.

JIM

Avatar
David Hartsock
Admin
November 9, 2008 - 11:25 pm
Member Since: August 7, 2011
Forum Posts: 1117
sp_UserOfflineSmall Offline

Terry, if you can get the Make and model number of the router that might be beneficial.

Avatar
CarbonTerry
Member
Members
November 9, 2008 - 11:29 pm
Member Since: October 23, 2008
Forum Posts: 42
sp_UserOfflineSmall Offline

Linksys WRT150N

Avatar
Chad Johnson
Mod
Members
November 10, 2008 - 2:06 pm
Member Since: August 11, 2011
Forum Posts: 867
sp_UserOfflineSmall Offline

I'm a firm believer that once you contract a virus on your computer, you can never be absolutely sure it's gone until you format the machine.

It may appear to be gone, or it could be lying dormant, in a file, waiting to be run again.

Or it may be running, but you can't see it.

Or it may cause Internet Explorer to quit working.

What error messages do you get when you launch IE?

Avatar
CarbonTerry
Member
Members
November 10, 2008 - 9:59 pm
Member Since: October 23, 2008
Forum Posts: 42
sp_UserOfflineSmall Offline

IE defaults to Google....
Message is : Website cannot be found.
Here is the log file from "HiJackThis"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:59 PM, on 11/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:WINDOWSSystem32smss.exe
I:WINDOWSsystem32winlogon.exe
I:WINDOWSsystem32services.exe
I:WINDOWSsystem32lsass.exe
I:WINDOWSsystem32svchost.exe
I:WINDOWSSystem32svchost.exe
I:WINDOWSsystem32spoolsv.exe
I:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
I:WINDOWSExplorer.EXE
I:WINDOWSALCXMNTR.EXE
I:WINDOWSsystem32spooldriversw32x863hpztsb09.exe
I:Program FilesHPhpcoretechhpcmpmgr.exe
I:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe
I:WINDOWSsystem32hphmon05.exe
I:Program FilesPinnacleShared FilesProgramsUSBTipUSBTip.exe
I:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe
I:Program FilesMSN MessengerMsnMsgr.Exe
I:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
I:Program FilesLinksys EasyLink AdvisorLinksysAgent.exe
I:PROGRA~1GrisoftAVG7avgupsvc.exe
I:Program FilesCommon FilesLightScribeLSSrvc.exe
I:WINDOWSsystem32nvsvc32.exe
I:WINDOWSSystem32svchost.exe
I:WINDOWSsystem32HPZipm12.exe
I:WINDOWSsystem32wuauclt.exe
I:WINDOWSsystem32xvyu5i4c.exe
I:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = 192.168.1.1
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE I:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE I:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..Run: [HPDJ Taskbar Utility] I:WINDOWSsystem32spooldriversw32x863hpztsb09.exe
O4 - HKLM..Run: [HPHUPD05] I:Program FilesHewlett-Packard{45B6180B-DCAB-4093-8EE8-6164457517F0}hphupd05.exe
O4 - HKLM..Run: [HP Component Manager] "I:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [HP Software Update] "I:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe"
O4 - HKLM..Run: [HPHmon05] I:WINDOWSsystem32hphmon05.exe
O4 - HKLM..Run: [USB2Check] RUNDLL32.EXE "I:WINDOWSsystem32PCLECoInst.dll",CheckUSBController
O4 - HKLM..Run: [USBToolTip] "I:Program FilesPinnacleShared FilesProgramsUSBTipUSBTip.exe"
O4 - HKLM..Run: [avgnt] "I:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKCU..Run: [MsnMsgr] "I:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [dlmMgr] "I:Program FilesCommon FilesAdobeESDAdobeDownloadManager.exe" restart=1
O4 - HKCU..Run: [EasyLinkAdvisor] "I:Program FilesLinksys EasyLink AdvisorLinksysAgent.exe" /startup
O4 - HKUSS-1-5-19..Run: [AVG7_Run] I:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [AVG7_Run] I:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [AVG7_Run] I:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [AVG7_Run] I:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = I:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 - Extra context menu item: Update Page Content - I:Program FilesMSNMSNIACCMSNCCWArefreshpage.htm
O8 - Extra context menu item: View All Originals On Page - I:Program FilesMSNMSNIACCMSNCCWAgetoriginal.htm
O8 - Extra context menu item: View Original Image - I:Program FilesMSNMSNIACCMSNCCWAgetoriginal.htm
O10 - Unknown file in Winsock LSP: i:windowssystem32nwprovau.dll
O10 - Broken Internet access because of LSP provider 'i:program filescommon filesis3anti-spywareis3lsp.dll' missing
O12 - Plugin for .spop: I:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink.....nkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:Program FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcp.....ysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: karna.dat
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - I:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - I:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:PROGRA~1GrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:PROGRA~1GrisoftAVG7avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:PROGRA~1GrisoftAVG7avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:WINDOWSsystem32nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - I:WINDOWSsystem32driverspclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - I:WINDOWSsystem32HPZipm12.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - I:Program FilesCommon FilesiS3Anti-SpywareSZServer.exe (file missing)

--
End of file - 6839 bytes

Avatar
CarbonTerry
Member
Members
November 10, 2008 - 10:00 pm
Member Since: October 23, 2008
Forum Posts: 42
sp_UserOfflineSmall Offline

I also think that a format is the best option.

Avatar
Jim Hillier
Admin
November 11, 2008 - 6:08 am
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

Hi Terry - Not good news, the logfile is still showing signs of nasties.

Check out this entry:

O10 - Broken Internet access because of LSP provider 'i:program filescommon filesis3anti-spywareis3lsp.dll' missing

This is the cause of the broken internet connection.....please try this free repair tool first:
http://www.cexx.org/lspfix.htm

I hope that works for you but I would be suggesting to your friend that he backs up all his data...I reckon a format and fresh install is on the cards.

Avatar
CarbonTerry
Member
Members
November 11, 2008 - 5:23 pm
Member Since: October 23, 2008
Forum Posts: 42
sp_UserOfflineSmall Offline

We are going to reformat.
Thanks to all for helping.

Avatar
David Hartsock
Admin
November 11, 2008 - 8:41 pm
Member Since: August 7, 2011
Forum Posts: 1117
sp_UserOfflineSmall Offline

[quote="CarbonTerry":hgbdcd1j]
Here is the log file from "HiJackThis"

Running processes:
[color=#FF0000:hgbdcd1j]
I:WINDOWSsystem32xvyu5i4c.exe[/color:hgbdcd1j]
[color=#FF0000:hgbdcd1j]O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM..Run: [AlcxMonitor] ALCXMNTR.EXE
O10 - Unknown file in Winsock LSP: i:windowssystem32nwprovau.dll
O10 - Broken Internet access because of LSP provider 'i:program filescommon filesis3anti-spywareis3lsp.dll' missing
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: karna.dat
[/color:hgbdcd1j]
--
End of file - 6839 bytes[/quote:hgbdcd1j]
These are the entries that concern me. The toolbars are probably nothing to worry about and there are a few that I would need to check on, but xvyu5i4c.exe, karna.dat, and nwprovau.dll (which can be a windows file if you are actually using NetWare)are more than likely your problems.

I know that it seems moot at the moment, but when they say an ounce of prevention is worth a pound of cure it really is true. Several years ago spyware would drop a file on your computer and display popups. Delete the file and fix the infection. Today's spyware is MUCH more advanced. Almost any infection (today) does it's thing, but also installs other spyware.

Kind of like if a burglar broke into your house and went through your things to get what he wanted. Then he would pick up his cell phone and call all of his criminal friends and invite them to your house. In turn, they do the same. Lather, rinse, repeat.

Of course we haven't even scanned for rootkits at this point, so there are probably a few of those hiding.

I would recommend copying his personal files off to a flash drive or external HD. Reinstalling the OS and all updates. Installing one good antivirus program (ESET). Scanning the files on the flash or external drive and reinstalling his software. When everything is scanned, updated, and installed make a backup using True Image so he doesn't get to this point again.

Avatar
gazza
SE Queensland, Australia
Member
Members
November 12, 2008 - 6:53 am
Member Since: September 16, 2008
Forum Posts: 38
sp_UserOfflineSmall Offline

What else is connected to this PC that cause the default drive to be 'I' - not being 'C' drive can cause all sort of problems with updates, etc. I have struck this before with inbuilt card readers - they take first drive allocations and leave boot drive to become 'I'. This has caused some people a lot of problems when they load an application which expects default boot drive to be 'C'. I have fixed it by disconnecting internal card reader, reinstalling Windows XP and then reconnecting card readers. Card readers are connected by internal USB on motherboard.

Success is the ability to go from one failure to another with no loss of enthusiasm. (Winston Churchill)

Forum Timezone: America/Indiana/Indianapolis
Most Users Ever Online: 2303
Currently Online:
Guest(s) 70
Currently Browsing this Page:
2 Guest(s)
Top Posters:
Chad Johnson: 867
Mindblower: 681
carbonterry2: 356
Flying Dutchman: 278
grr: 211
Member Stats:
Guest Posters: 11
Members: 3231
Moderators: 7
Admins: 3
Forum Stats:
Groups: 8
Forums: 20
Topics: 1956
Posts: 13572
Newest Members:
Toastmaster, smartwindows, instaproapk, mousetesteronline, keshamatt
Moderators: Carol Bratt: 67, dandl: 740, Jason Shuffield: 1, Jim Canfield: 8, Terry Hollett: 0, Stuart Berg: 0, John Durso: 0
Administrators: Jim Hillier: 2709, Richard Pedersen: 212, David Hartsock: 1117
Scroll to Top

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!