You didn't get all of your log. Please try again. Once it shows you the log in notepad just Edit, Select All then Edit Copy then move to a reply and Edit, Paste.
Logfile of HijackThis v1.99.1
Scan saved at 8:03:54 PM, on 4/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Unpack to your desktop and run it. If you have green print at the top then just
press Restore Original Hosts then OK.
IF you have red print then press make Hosts Writeable first.
After you Restore Original Hosts then press Make Hosts Read Only?
Select Options then Advanced and uncheck the box in front of:
Only Delete file in Windows Temp folders older than 48 hours.
Now select Cleaner
Under Cleaner Settings, Windows
uncheck everything on the first page
except:
under Internet Explorer
- Temporary Internet Files
under System
- Empty Recycle Bin
- Temporary Files
Under Cleaner Settings, Applications uncheck everything
except:
Under Internet
- Sun Java
Run Cleaner.
This should clean out all of the temp files including those of your java program
(where recently we are finding a lot of garbage. You really should be running
the latest version of java and uninstall all old versions). The reason I have
you uncheck most of the options is that I have had problems with it deleting
too much so I want to limit it to things where I think malware might be hiding.
Start, Run,
ipconfig /flushdns, OK
(SPACE after the ipconfig. Nothing much will happen. Just a quick black box appearing and disappearing.)
The above steps just clean up possible corruption. If it fixes thing fine. If it doesn't we go to round two:
Start, Run, sigverif, OK. When the new program comes up press Start and wait for it to finish. Do you see wininet.dll? Sort the list by date by clicking on the Modified column header. Look for new files (since the problem started.) What do you find?
Rightclick on the clock and select Task Manager then Processes then click twice on CPU. The top process should now be System Idle with over 95% of the CPU Usage. IF not what are the top three and what Percent CPU usage do they have?
If System Idle was the top process and was over 95% then Start, right click on My Computer and select Manage then Device Manager then find IDE ATA/ATAPI Controllers and hit the + in front of it. Find the first Primary Channel and double click on it then Advanced Settings. If the Current Transfer Mode for device 0 says PIO then go back to the Primary Channel and right click on it and Uninstall then reboot.
You can also try RootKitRevealer from SysInternals and see if it finds anything:
click > scan then > next,
If any items show have blacklight rename them except for wbemtest.exe"
Do not rename "wbemtest.exe" it's a windows file
The tool will ask if you want to reboot (restart) choose yes.
check the event viewer to see if there are some services timing out.
Start, Run, eventvwr,msc, OK then select System. Look for red marked events near the time of your last boot. Doubleclick on one to open it then copy the text by clicking on the bottom of the three buttons then move to a reply to this post and Edit. Paste (or Ctrl + v). Repeat for each different error. (If you have multiple copies of the same error just post one copy and tell me you have 10 of these or whatever.)
And see if your symptoms and the time they started match up with the time the update was installed. Look in Add/Remove Programs in your Control Panel and check Show Updates to see when they were installed.
we are getting a lot of complaints about this upgrade even from people without HP software. Supposedly a new version came out Tuesday and fixed the problem at least for HP and nvidia users.
Okay, I've run through through most of the steps given- had a terrible time downloading some of these programs. So far, nothing obvious has turned up. Anyway, these are the errors from the event viewer- I'm listing a couple from today:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 5/1/2006
Time: 2:42:51 PM
User: N/A
Computer: BOB
Description:
The Human Interface Device Access service terminated with the following error:
The specified module could not be found.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 5/1/2006
Time: 2:42:51 PM
User: N/A
Computer: BOB
Description:
The IPSEC Services service terminated with the following error:
The attempted operation is not supported for the type of object referenced.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
**************************************************
There was nothing under the Internet explorer heading, and no errors under security; applications, however, had several. I uninstalled Java and went to download and re-install today- that is this error:
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 32 34 37 32 30 33 32 34 24720324
0010: 37 0d 0a 7..
Thanks for the feedback. That has to be unique to your ISP. I switch modems and even PCs on my AT&T Worldnet dialup account all of the time and it would never occur to me to tell them about it.
Ron
A Few Recommendations.
You can delete any programs we had you install but leave Hijackthis for now. You can also run Hijackthis, View the List of Backups and Delete All. If we used killbox its backup files can be removed now too. Run Killbox and select File, Cleanup, Delete All Backups. If you have an antivirus, check its quarantined files and delete any it had found.
You should also definitely toggle System Restore Off and then back On.
Following site has very clear instructions for turning it off. To turn it back on you just repeat the instructions but uncheck the box where it says to Turn Off System Restore on all Drives.
The reason we do this is to remove any archived copies of the infection from System Restore so that if you have to use SYstem Restore to fix a problem you won't accidentally reinfect your system. The next link explains how to use System Restore to go back in time if you hit a bad site or get infected.
One way to make an infection more obvious is to check everything in your current HijackThis and Add to Ignore List then set up Hijackthis to run at boot and to show you if it finds anything new. You do this by None of the Above Just start the program, Config (Main) and then check the box in front of Run Hiajckthis at startup and show it when items are found. OK. Then if Hijackthis opens after a boot it will show you any new programs that have been added. You can then decide if you want to keep them or not. If in doubt you can google for the .exe or .dll file at the end of the entry and see if what other people think of it.
Make sure you have removed any older versions of Java or JRE with Control Panel, Add/Remove Programs. Updates do not remove the older versions which have exploitable flaws.
If you have an older PC get rid of Microsoft Java Virtual Machine.
Following site explains how to tell if you have it:
If you feel that Internet Explorer is running a bit slower after the latest Java update you can try checking this line and then Fix Checked.
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
It was added by the latest version of Java. We don't know why. Earlier versions did not have it. It has been proven to slow down connections on some systems and removing it doesn't seem to hurt anything.
Other items you may wish to get rid of if you own a Dell are:
THese are from the MyWay Adware program installed on most Dells. The uninstaller was broken on many of them. To remove just close Internet Explorer, run HijackThis (scan only) and check them then Fix Checked.
If you are not running the latest version of Adobe you should consider updating. There are reports of a loophole for hackers in pre 7.03 versions. As an alternative you can dump adobe completely and use fox-it instead: http://www.foxitsoftware.com/pdf/rd_intro.php
If you do not have an antivirus program or the one you have was a trial that has expired then try the free antivirus for home users from Avast! http://www.avast.com/eng/download-avast-home.html (Uninstall any other antivirus program first.)
If you run Macromedia Flash make sure you have the latest version. We just got a warning the following versions are vulnerable: * Flash Player 8.0.22.0 and earlier * Flash Professional 8 * Flash Basic * Flash MX 2004 * Flash Debug Player 7.0.14.0 and earlier * Flex 1.5 * Breeze Meeting Add-In 5.1 and earlier * Adobe Macromedia Shockwave Player 10.1.0.11 and earlier
Thanks SO much for all of your suggestions- I do appreciate the help. I decided it was time to upgrade my modem anyway, and purchased a new one. Anyway, to make a long story short, when I contacted my ISP, they had a modem registered that hasn't been on our account in a couple years. Once she registered the new one and reset their servers, that seemed to do the trick.
Again- thanks for taking the time to try and help!
RKinner
2 Intern
•
5.9K Posts
0
April 26th, 2006 23:00
You didn't get all of your log. Please try again. Once it shows you the log in notepad just Edit, Select All then Edit Copy then move to a reply and Edit, Paste.
Ron
ninilynne
7 Posts
0
April 27th, 2006 09:00
Logfile of HijackThis v1.99.1
Scan saved at 8:03:54 PM, on 4/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.19.9/ttinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4744/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
RKinner
2 Intern
•
5.9K Posts
0
April 27th, 2006 14:00
http://www.funkytoad.com/
press Restore Original Hosts then OK.
IF you have red print then press make Hosts Writeable first.
After you Restore Original Hosts then press Make Hosts Read Only?
http://www.mvps.org/winhelp2002/DelDomains.inf and then right click on it and
Install. Nothing obvious will happen.
Get the latest version of ccleaner from:
from http://www.ccleaner.com.
(the actual download is at: http://www.filehippo.com/download_ccleaner/
click on on Download Latest Version)
Install it. Run ccleaner.exe,
Select Options then Advanced and uncheck the box in front of:
Only Delete file in Windows Temp folders older than 48 hours.
Now select Cleaner
uncheck everything on the first page
except:
under Internet Explorer
- Temporary Internet Files
under System
- Empty Recycle Bin
- Temporary Files
Under Cleaner Settings, Applications uncheck everything
except:
Under Internet
- Sun Java
Run Cleaner.
This should clean out all of the temp files including those of your java program
(where recently we are finding a lot of garbage. You really should be running
the latest version of java and uninstall all old versions). The reason I have
you uncheck most of the options is that I have had problems with it deleting
too much so I want to limit it to things where I think malware might be hiding.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
click > scan then > next,
If any items show have blacklight rename them except for wbemtest.exe"
Do not rename "wbemtest.exe" it's a windows file
The tool will ask if you want to reboot (restart) choose yes.
www.pandasoftware.com/activescan/activescan.asp?
http://housecall.trendmicro.com/
Also Spybot S&D.
http://www.safer-networking.org/en/download/index.html
AdAware.
http://www.lavasoftusa.com/software/adaware/
ninilynne
7 Posts
0
April 27th, 2006 20:00
ninilynne
7 Posts
0
May 1st, 2006 20:00
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 5/1/2006
Time: 2:42:51 PM
User: N/A
Computer: BOB
Description:
The Human Interface Device Access service terminated with the following error:
The specified module could not be found.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
**************************************************
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 5/1/2006
Time: 2:42:51 PM
User: N/A
Computer: BOB
Description:
The IPSEC Services service terminated with the following error:
The attempted operation is not supported for the type of object referenced.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
**************************************************
There was nothing under the Internet explorer heading, and no errors under security; applications, however, had several. I uninstalled Java and went to download and re-install today- that is this error:
Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 11606
Date: 5/1/2006
Time: 2:54:13 PM
User: BOB\Janine Pilkington
Computer: BOB
Description:
Product: J2SE Runtime Environment 5.0 Update 6 -- Error 1606.Could not access network location http://jdl.sun.com/webapps/download/GetFile/1.5.0_06plus-b05/windows-i586//ja150000.cab.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 33 32 34 38 46 30 41 {3248F0A
0008: 38 2d 36 38 31 33 2d 31 8-6813-1
0010: 31 44 36 2d 41 37 37 42 1D6-A77B
0018: 2d 30 30 42 30 44 30 31 -00B0D01
0020: 35 30 30 36 30 7d 50060}
(There were 10 more of these)
Also, there were 8 of these:
Event Type: Error
Event Source: Application Hang
Event Category: None
Event ID: 1001
Date: 5/1/2006
Time: 2:51:18 PM
User: N/A
Computer: BOB
Description:
Fault bucket 247203247.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 32 34 37 32 30 33 32 34 24720324
0010: 37 0d 0a 7..
RKinner
2 Intern
•
5.9K Posts
0
May 2nd, 2006 00:00
ninilynne
7 Posts
0
May 2nd, 2006 09:00
Do you think it's possibly a modem and/or router problem rather than a bug?
Message Edited by ninilynne on 05-02-200607:36 AM
RKinner
2 Intern
•
5.9K Posts
0
May 2nd, 2006 13:00
That's what we were checking with the pings. I thought we might see some drops but it appears OK. You can make the tests a bit tougher.
ping -n 100 -l 1200 IPADDRESS
That will give you 100 larger pings. Sometimes larger pings will show weaknesses that the smaller ones don't.
If that works OK then
close all programs except the cmd window and
netstat -s > \ipjunk.txt
wait 10 minutes. DO NOT OPEN ANY PROGRAMS OR DO ANYTHING ON THE COMPUTER! and then do
netstat -s >> \ipjunk.txt
notepad \ipjunk.txt
Edit, Select All and then Edit, Copy. Move to a reply and Edit, Paste.
Ron
RKinner
2 Intern
•
5.9K Posts
0
May 2nd, 2006 20:00
Thanks for the feedback. That has to be unique to your ISP. I switch modems and even PCs on my AT&T Worldnet dialup account all of the time and it would never occur to me to tell them about it.
Ron
A Few Recommendations.
You can delete any programs we had you install but leave Hijackthis for now. You can also run Hijackthis, View the List of Backups and Delete All. If we used killbox its backup files can be removed now too. Run Killbox and select File, Cleanup, Delete All Backups. If you have an antivirus, check its quarantined files and delete any it had found.
You should also definitely toggle System Restore Off and then back On.
Following site has very clear instructions for turning it off. To turn it back on you just repeat the instructions but uncheck the box where it says to Turn Off System Restore on all Drives.
http://www.f-secure.com/v-descs/sfc_dis1.shtml
The reason we do this is to remove any archived copies of the infection from System Restore so that if you have to use SYstem Restore to fix a problem you won't accidentally reinfect your system. The next link explains how to use System Restore to go back in time if you hit a bad site or get infected.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
One way to make an infection more obvious is to check everything in your current HijackThis and Add to Ignore List then set up Hijackthis to run at boot and to show you if it finds anything new. You do this by None of the Above Just start the program, Config (Main) and then check the box in front of Run Hiajckthis at startup and show it when items are found. OK. Then if Hijackthis opens after a boot it will show you any new programs that have been added. You can then decide if you want to keep them or not. If in doubt you can google for the .exe or .dll file at the end of the entry and see if what other people think of it.
To avoid going to a bad site you might want to install IE-SpyAd and SpywareBlaster and make the other changes recommended at:.
http://www.mvps.org/winhelp2002/restricted.htm
I used to recommend Spybot's Immunize system but have recently learned it is not as good as the one at:
http://www.mvps.org/winhelp2002/hosts.htm
Always run a firewall. The one in XP SP2 is pretty good tho I think the free one from Zone Alarm is better.
http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads
Turn on Autoupdates so you always get the latest patches from Windows.
Never hurts to do one of the free on line scans from Panda or Trend. They take a while but are pretty good.
www.pandasoftware.com/activescan/activescan.asp?
http://housecall.trendmicro.com/
I like to run Spybot S&D.
http://www.safer-networking.org/en/download/index.html
Also like to run AdAware once in a while.
http://www.lavasoftusa.com/software/adaware/
Get the latest version of
Java:
http://www.java.com/en/download/windows_automatic.jsp
Make sure you have removed any older versions of Java or JRE with Control Panel, Add/Remove Programs. Updates do not remove the older versions which have exploitable flaws.
If you have an older PC get rid of Microsoft Java Virtual Machine.
Following site explains how to tell if you have it:
http://www.java.com/en/download/help/uninstall_msvm.xml
The automated removal tool is no longer available on Microsoft's site but can be obtained here:
Download the MSJVM Removal Tool from:
http://www.majorgeeks.com/download4158.html
and run it.
If you feel that Internet Explorer is running a bit slower after the latest Java update you can try checking this line and then Fix Checked.
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
It was added by the latest version of Java. We don't know why. Earlier versions did not have it. It has been proven to slow down connections on some systems and removing it doesn't seem to hurt anything.
Other items you may wish to get rid of if you own a Dell are:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
THese are from the MyWay Adware program installed on most Dells. The uninstaller was broken on many of them.
To remove just close Internet Explorer, run HijackThis (scan only) and check them then Fix Checked.
If you are not running the latest version of Adobe you should consider updating. There are reports of a loophole for hackers in pre 7.03 versions.
As an alternative you can dump adobe completely and use fox-it instead:
http://www.foxitsoftware.com/pdf/rd_intro.php
If you do not have an antivirus program or the one you have was a trial that has expired then try the free antivirus for home users from Avast!
http://www.avast.com/eng/download-avast-home.html (Uninstall any other antivirus program first.)
If you run Macromedia Flash make sure you have the latest version. We just got a warning the following versions are vulnerable:
* Flash Player 8.0.22.0 and earlier
* Flash Professional 8
* Flash Basic
* Flash MX 2004
* Flash Debug Player 7.0.14.0 and earlier
* Flex 1.5
* Breeze Meeting Add-In 5.1 and earlier
* Adobe Macromedia Shockwave Player 10.1.0.11 and earlier
Also advise you to dump weatherbug if you have it. Start, Control Panel, Add/Remove Programs.
If you need weather then get The Weather Channel's program at:
http://www.weather.com/services/desktop.html?from=wxtoolspage&refer=wxtoolspage
Message Edited by RKinner on 05-02-200604:28 PM
ninilynne
7 Posts
0
May 2nd, 2006 20:00
Thanks SO much for all of your suggestions- I do appreciate the help. I decided it was time to upgrade my modem anyway, and purchased a new one. Anyway, to make a long story short, when I contacted my ISP, they had a modem registered that hasn't been on our account in a couple years. Once she registered the new one and reset their servers, that seemed to do the trick.
Again- thanks for taking the time to try and help!
-Janine