Hijack this log & internet connection problem

  • jonathaw
  • Beginner
  • Beginner
  • User avatar
  • Posts: 52
  • Loc: newfoundland, canada

Post 3+ Months Ago

Hey all,

I posted about a week ago, looking for some help with computer problems. I gave my log and was given a link to a lot of helpful stuff. Besides AdAware and Spybot, I've now got CWShedder, Bazooka and some other stuff. According to Bazooka I still have Cydoor, BuddyLinks, and systemdir.serachbar but I have the instructions on how to remove them and they'll be remove as soon as I go home.

The main reason why I post is that I can't get my adsl connection to work. I've spent the last few nights on the phone with my ISP trying to get this to work. The last thing that was done was to delete some entries in the registry. Now, I can be pinged from the outside but I can't ping out. So, according to them, the problem is one of three things:

1) A firewall
2) Spyware
3) Corrupted windows files

As for 1), I've never had a firewall install on my computer besides the on included in IE, so I don't think that can be it. I have Noron Antivirus 2003 but that doesn't seem to have any fire wall function and I'm not trying to connect through a router. Any other things I could look for to positively identify a firewal?

As for 2), Im getting rid of the last of the nasties as I've said above, although I don't think that's the problem. Ideas?

And , for 3) I've reinstalled X through the "Upgrade" option on the original install disk. I assume this installed a fresh copy of the windows files which may have been corrupted.

So, right now, I still don't have a connection to the internet which I need for school and that I'm paying for even though its useless to me. Could someone help?

Here's the log:


Logfile of HijackThis v1.98.2
Scan saved at 1:45:00 PM, on 23/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\SYS32.EXE
C:\WINDOWS\System32\STSVC.EXE
C:\WINDOWS\System32\t?skmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jonathan\Desktop\Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {19FC3F59-B41C-08CE-D623-63550CAD723B} - C:\WINDOWS\System32\mkivdj.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Windows Configuration] SYS32.EXE
O4 - HKLM\..\Run: [Settings Maker] STSVC.EXE
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [Settings Maker] STSVC.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Jbd] C:\WINDOWS\System32\t?skmgr.exe
O4 - HKCU\..\RunOnce: [Windows Configuration] SYS32.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O19 - User stylesheet: (file missing)


Thanks,

Jonathan
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

I'd recommend you use Trend Micro's Online scanner
http://housecall.trendmicro.com/housecall/start_corp.asp
Select your location and click go. Check 'Auto Clean' before scanning.

That should get some things out of the way. Looks like you have the W32.Mimail.Q worm.
Also, looks like you have the about:blank Hijacker. Download this after using Housecall:
http://www.downloads.subratam.org/AboutBuster.zip

Run this from safe mode. Follow the prompts and let it do two scans.

After all that, reboot, run hijack this and post a new log.
  • jonathaw
  • Beginner
  • Beginner
  • User avatar
  • Posts: 52
  • Loc: newfoundland, canada

Post 3+ Months Ago

I don't have an internet connection home (hence the first post) so I can't use HouseCall from there and it doesn't seem to download at school. A second window pops up, I agree to the conditions and then and error. Is there another location I can get this from. Thanks.

Jonathan
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Hello jonathaw, let's see if we can do this manually.

Run Hijack This, scan and check the following items (don't fix yet):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O2 - BHO: (no name) - {19FC3F59-B41C-08CE-D623-63550CAD723B} - C:\WINDOWS\System32\mkivdj.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Configuration] SYS32.EXE
O4 - HKLM\..\Run: [Settings Maker] STSVC.EXE
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [Settings Maker] STSVC.EXE
O4 - HKCU\..\Run: [Jbd] C:\WINDOWS\System32\t?skmgr.exe
O4 - HKCU\..\RunOnce: [Windows Configuration] SYS32.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O19 - User stylesheet: (file missing)

close all browsers and windows and Click 'Fix Checked'

Reboot into Safe Mode

Run Hijack this, go to Config > Misc Tools > Open process manager.
Select the following processes one at a time and click "Kill Process". It's okay if they are not all listed.

C:\WINDOWS\System32\SYS32.EXE
C:\WINDOWS\System32\STSVC.EXE
C:\WINDOWS\System32\t?skmgr.exe
C:\Program Files\Common Files\PSD Tools\blengine.exe

Display hidden files and folders
Go to Start > Run
Enter: control folders
Go to the View tab.
Check "Show hidden files and folders"
Uncheck "Hide protected Operating System files"
Click OK

Delete the following files:
C:\WINDOWS\System32\mkivdj.dll
C:\WINDOWS\System32\SYS32.EXE
C:\WINDOWS\System32\STSVC.EXE
C:\WINDOWS\System32\t?skmgr.exe <-- try to find any file that matches that pattern and delete it. txskmgr.exe for example. Any file except taskmgr.exe.
C:\Program Files\Common Files\PSD Tools\blengine.exe


Clear Temporary Folders\Files and Internet Files
Go to start > run
Enter: cleanmgr

Make sure only the following are checked:
Temporary Internet files
Recycle Bin
Temporary Files

Click OK

Repeat the steps for clearing temporary folders\files and internet files for all users.

Flush System Restore
Right Click on "My Computer"
Select Properties
Go to the System Restore Tab
Check 'Turn off System Restore on all drives'.
Click Apply
Unckeck 'Turn off System Restore on all drives'
Click OK

Reboot normally, run hijack this, scan and post the new log. We'll work from there if necessary.
  • jonathaw
  • Beginner
  • Beginner
  • User avatar
  • Posts: 52
  • Loc: newfoundland, canada

Post 3+ Months Ago

Will do. I'll post sometime soon.

Jonathan
  • jonathaw
  • Beginner
  • Beginner
  • User avatar
  • Posts: 52
  • Loc: newfoundland, canada

Post 3+ Months Ago

Hey JrzyCrim,

I went through the instructions that you gave. I didn't find any of those processes you told me to kill and none of the files you told me to remove but I followed the rest of the instructions. I noticed too that an error comes up on starup and shut down: a symantic error about tpc/ip or something not being set up or found. I don't have the peice of paper with me, sorry. I'll get that and post it ASAP.

Here's the new log:

Logfile of HijackThis v1.98.2
Scan saved at 1:30:50 PM, on 25/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\STSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jonathan\Desktop\Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Configuration] SYS32.EXE
O4 - HKCU\..\Run: [Settings Maker] STSVC.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html


Hope you can help me and thanks for all the help you've given me so far.

Jonathan
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Hello jonathaw. Post that error whenever you can. I'm not really sure what that's about. Has that error just appeared after the last fix?

Are you still unable to connect to the internet?

Run hijack this, scan, place a check next to this entry and fix:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>

Let's see if that changes anything.
  • jonathaw
  • Beginner
  • Beginner
  • User avatar
  • Posts: 52
  • Loc: newfoundland, canada

Post 3+ Months Ago

Hey,

It's Monday morning, just before class. Since I last posted, I reinstalled Xp over itself to try and fix up some corrupted windows files as instructed by a tech help guy. I ran Hijack this and got the new log:


/*

Logfile of HijackThis v1.98.2
Scan saved at 8:31:15 AM, on 27/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\STSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Jonathan\Desktop\Tools\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Configuration] SYS32.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [Settings Maker] STSVC.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


*/


I haven't anything with your last post yet as I still don't have the internet and I just got your message this morning.


As for the errors, I get two the first is when I try to connect my adsl:

****Error connectiing to High Speed
****Opening Port...
****Error 769: The specified destination is not reachable

That error is in the standard windows box while the other, which is generated on startup and shutdown, comes up in a Symantec Email Proxy that says:

****TCP/IP is not installed
****[link] Click here to go... [/link]
****1003.3

I don't know what's going on with all of this. I sure do hope I can get it fixed though. I'm going to give it until the end of this week at which point I'll be looking for some help on how to wipe my harddrive clean and reinstall windows (or will that even help?). Thanks again

jonathan
  • jonathaw
  • Beginner
  • Beginner
  • User avatar
  • Posts: 52
  • Loc: newfoundland, canada

Post 3+ Months Ago

Hey again,

Just wanted to point out something which had dissappeared from the Hijack this log but has since made an appearance on the newest one posted this morning:


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

I thought this was gone. If I light my computer ablaze will that help?
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Look at your local area network properties and ensure that you have TCP/IP installed for your NIC. If it is not installed you will need to install it. If it is showing as being installed, try uninstalling your NIC from device manager, then reboot. It will automatically redetect your hardware and reinstall it with default settings which should include TCP/IP. You may need to have your NIC driver's disk handy.

According to the message you are giving, there is something funky going on with your network connection. Try that troubleshooting and see if it takes care of it. When your computer is on, look at the NIC card itself where your cable is connected and make sure you have lights flashing on it. If you don't see any lights by your cable, you may have a hardware problem which could include anything from the wire, the NIC or even the modem. (I suspect though that it is a configuration problem and not a hardware problem. That port shown is not one I'm used to seeing.
  • jonathaw
  • Beginner
  • Beginner
  • User avatar
  • Posts: 52
  • Loc: newfoundland, canada

Post 3+ Months Ago

Just for the catharsis of closure...

Thanks to those who helped out. I finally (as of an hour ago) got my internet connection working.

My uncle, a sys admin, came over the last few nights and started digging. Lots of fun stuff along the way with various parts of windows acting quirky, hardware disabling themselves, and more stuff I can't even begin to undestand. A reformat, an installation of some commercial grade McAffee, and I'm good to go.

Hopefully, it'll stay that way.

Again, thanks
Jonathan

Post Information

  • Total Posts in this topic: 11 posts
  • Users browsing this forum: No registered users and 63 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.