Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Cant log on to internet

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Cant log on to internet

Unread postby B CAMP » August 17th, 2006, 11:48 pm

Iam having trouble getting on internet,it will work about one time out of ten,When I get on line and try to go any website all I get is page not found.And then it will loose conection.Have ran adaware,spybot,avg.no problems found,I do have another desk top to get on line I have HJT log If you could look take a look if you have time I would be very greatful. Thank YOU billLogfile of HijackThis v1.99.1
Scan saved at 10:30:31 PM, on 8/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\PeoplePC\ISP6330\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6330\Browser\PPShared.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6330\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - Global Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
B CAMP
Regular Member
 
Posts: 22
Joined: August 4th, 2005, 8:13 pm
Location: CLEARWATER,FL
Advertisement
Register to Remove

Unread postby SpotCheckBilly » August 19th, 2006, 4:52 pm

Hello B CAMP,

Welcome to the MWR forums.

Connection problems are often quite elusive and many times are created by software conflicts rather than with a Malware problem. Nothing in your log really jumps out, so....

Let's see if we can take care of your problem with a couple minor fixes. If not, we will dig deeper. Please read the information about Bartshel.exe, at Answers That Work. Rather than deleting it, I would recommend disabling it first. We can do that using the following steps:

Press Ctrl+Alt+Delete (All three together) to open Task Manager
1. Cclick (highlight) each of the following (if present):

C:\Program Files\PeoplePC\ISP6330\Browser\Bartshel.exe

2. Click End Process
3.Repeat for each process.
4. Exit Task Manager.

After ending the process, navigate to: C:\Program Files\PeoplePC\ISP6330\Browser, then rename Bartshel.exe to Bartshel.old. This way, if it causes any difficulties, you can reenable it by simply renaming back to .exe.

Run HiJackThis and click "Scan", then check(tick) the following, if present:

O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

With all windows closed except HiJackThis, click "Fix checked".

Next, let's do a little housekeeping:

Download and scan with CCleaner
NOTE: Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.

Before first use:
Sselect Options=>Advanced.
UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Select the items you wish to clean up.

A note regarding cookies: CCleaner allows you to keep the cookies from selected sites such as those which use cookies to save your login information.

From the main screen:
  • Click Options=>Cookies.
  • Highlight the web sites you wish to keep.
  • Click "->" button.
  • Click Cleaner button to return to main screen.
  • Windows tab:
    **Internet Explorer** header:
  • Select everything .
    **Windows Explorer** header:
  • Select all
    **System** header:
  • Select all
  • Advanced tab:
  • Select all entries
  • Select any others that you choose.
  • Applications tab:
    **Firefox/Mozilla header** (if you use it).
  • Select all
    **Opera** header (if you use it).
  • Select all
    **Internet** header.
  • Select Sun Java
  • Select any others thatyou choose.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • Click the "Run Cleaner" button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click "OK"
  • CCleaner will scan and clean your system.
  • When cleaning is complete:
  • Click "Exit".
  • Repeat for all usernames.
Post back a new log, and let me know if you are still having connection problems. We can go from there. :wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

Unread postby B CAMP » August 20th, 2006, 5:42 pm

spotcheckbilly First off thanks for looking at my problem.I did what you said changed name of bartshel.exe ran log of hjt tick the two lines as suggested Then I cleaned everything with crap cleaner.But when I tried to click on peoplepc icon ,no screen would apear to connect to internet so I removed peoplepc in adremove. THen I reloaded the program,when I click on icon on desk top I go to a screen to conect on line ,I was able to get on line one time at 4.5kbps,it stayed on line for 3 min and then lost conection,and wont reconect at all . I have been using peoplepc for about a year without any real problems with this computer but something is sure giving me proplems know .here is new hjt log. Again thanks for the help B camp

Logfile of HijackThis v1.99.1
Scan saved at 5:00:53 PM, on 8/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6300\Browser\PPShared.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6300\BIN\PPCOLink.exe -STATION
O4 - Global Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
B CAMP
Regular Member
 
Posts: 22
Joined: August 4th, 2005, 8:13 pm
Location: CLEARWATER,FL

Unread postby SpotCheckBilly » August 21st, 2006, 5:34 pm

Hello B CAMP,

Well, as I said earlier, connection problems are often elusive, so let's dig a little deeper.

Please download SilentRunners from here:

Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.

Next, please Download and Install: Ewido Anti-Spyware 4.0.
Once installed, please make the following settings changes:
  • Under the Status menu (which opens by default), under "Your Computer's Security," Change Status on Resident Guard to Inactive
  • Click Update Now
  • Under the now-opened Update menu, uncheck "Download and Install Updates Automatically (Recommended)"
  • Click Scanner in the top bar
  • Click the Settings tab
    • Under "How To Act?" set "Default Action for Detected Malware" to Quarantine
    • Under "How to Scan" ALL boxes should be checked
    • Under "What to Scan," "Scan every file" should be highlighted
    • Under "Possibly Unwanted Software" ALL boxes should be checked
  • Under Reports select "Automatically generate report after every scan" and uncheck "Only if threats were found"
  • Do NOT scan yet: We'll do so shortly.
  • Exit ewido.
Reboot into Safe Mode:
  • Restart your computer
  • Contiunally tap F8 until a menu appears.
  • Use your up/down arrow key to highlight Safe Mode.
  • Hit enter.
Please close ALL open windows/programs/folders. Have nothing else open as it can interfere with ewido while performs its scan!

Run the Ewido Scan
  • Click on the Scan Tab
  • Click on Complete System Scan
  • Let the program scan the machine -- it can take a while, just give it time.
  • When scan has finished, at bottom of screen click Apply all Actions
  • Click Save Report
  • Click Save Report As ("Save As" window should pop up.)
  • Click Desktop
  • Click Save
  • Exit ewido
In your next reply, please include:
1. The log file created by Silent Runners.
2. The report created by the ewido scan. :wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

Unread postby B CAMP » August 22nd, 2006, 10:04 am

spotcheckbilly Well here are the scans,It still wont log on But it did find four things and quartined them again thank you for help "Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WinPatrol" = ""C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"" ["BillP Studios"]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AdaptecDirectCD" = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" ["Roxio"]
"Bart Station" = "C:\Program Files\PeoplePC\ISP6300\BIN\PPCOLink.exe -STATION" ["PeoplePC"]
"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED}\(Default) = "PeoplePC ScamGuard"
-> {HKLM...CLSID} = "PPCScamBHO Class"
\InProcServer32\(Default) = "C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll" ["EarthLink, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {HKLM...CLSID} = "Adaptec DirectCD Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Adaptec\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\BROWSEUI.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\PhotoFiltre-Wallpaper.bmp"


Startup items in "Jacqueline Campbell" & "All Users" startup folders:
---------------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Stickies" -> shortcut to: "C:\Program Files\stickies\stickies.exe" [empty string]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 30
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 55 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 11 seconds.
---------- (total run time: 94 seconds)
b camp---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:23:11 PM 8/21/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKU\S-1-5-21-1421531899-224621903-4127538081-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).


::Report end
B CAMP
Regular Member
 
Posts: 22
Joined: August 4th, 2005, 8:13 pm
Location: CLEARWATER,FL

Unread postby SpotCheckBilly » August 22nd, 2006, 6:09 pm

Hello B CAMP,

OK, believe it or not, we ARE getting somewhere. It would appear that your problem is not caused by malware. I'm going to check with some other experts to see if they concur, but in the meantime, we can check out a few other things.

Prior to the logon problem beginning, had you installed any new software? (Software conflicts are often a cause of connection problems.)

Have you tried doing a System Restore back to a point before he started having connection problems?

We can get a list of what is installed on your computer. Create an "Uninstall List" using HijackThis
To access the Uninstall Manager:
  • Launch HijackThis.
  • Click Open the "Misc.Tools" section.
  • Click Open Uninstall Manager.
  • Click Save list... and save to a convenient location-(Such as your Desktop.
  • Press Save
  • A Notepad will open with the contents of the "Uninstall List".
  • Close the "Uninstall List" file.
  • Exit Hijackthis.
In your next reply, please include:
1. The contents of the "Uninstall List" file. :wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

Unread postby B CAMP » August 23rd, 2006, 11:33 am

Spotcheckbilly I did try system restore but I only had a few restore points, none of which helped.I dont think anything was installed at that time other than windows up dates. When problem first started it would log on but,at a much slower speed, went from 45 down to 9.5&4.5 with a lot of page or server not found errors. herAd-Aware SE Personal
Adobe Acrobat 4.0, 5.0
ATI Control Panel
ATI Display Driver
Avance AC'97 Audio
AVG Free Edition
Balloon Kaboom
Balloon Kaboom Challenge
Belarc Advisor 7.0
Block Rox
Britannica Ready Reference
CCleaner (remove only)
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Desktop Graffitist
Drone
Dweebs 2 Special Edition
Dweebs Special Edition
DX-Ball 2 v1.25
Easy CD Creator 5 Platinum
EVEREST Home Edition v1.51
ewido anti-spyware 4.0
FavOrg
Four Orbs
Gonzo Heads
HijackThis 1.99.1
hp deskjet 3420 series (Remove only)
InterVideo WinDVD
Jewel Jam Special Edition
Launch Manager V1.2.0
Leap And Croak
Maze Cube
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5)
Mozilla Thunderbird (1.5)
MSN Messenger 6.2
MUSICMATCH Jukebox
OLYMPUS CAMEDIA Master 4.1
PA090
Pac-Man All-Stars
PeoplePC Online
PeoplePC:PeoplePal Toolbar 6.3
PhotoFiltre
Picasa 2
Quicken 2002 New User Edition
QuickTime
Return of Arcade Anniversary Edition
RTLSetup for Realtek RTL8139/810x Family NIC 3.00 (OEM A)
Scrabble
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Shockwave
SnapDialer
SnapSync Software
SoftK56 Data Fax
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Stay Organized Q&E
Stickies 5.2b
Sunken Treasure
Synaptics Pointing Device Driver
Uninstall Startup Inspector
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
USB Installer
Viewpoint Media Player (Remove Only)
VistaPrint Electronic Business Card
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Rights Management client
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPatrol
WordPerfect Office 2002
WordPerfect Office 2002

e is the unistall list
B CAMP
Regular Member
 
Posts: 22
Joined: August 4th, 2005, 8:13 pm
Location: CLEARWATER,FL

Unread postby SpotCheckBilly » August 24th, 2006, 5:05 pm

Hello B CAMP,

Thank you for the list. I will take a look at it. Meanwhile, please do the following, as suggested by wng_z3r0 (one of the teachers here at MRU).

Please download this network troubleshooting tool
Then you need to extract the file, and double click on the mynetwork.exe file. A black dos box will open up. Do not close this. Type in 'n' if it asks you if you want to include the dns cache. Click 'y' if it asks if you want to open this with notepad. A notepad window should now open. Paste the contents of the notepad file here.

We will analyze the log and post back suggestions. :wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

Unread postby B CAMP » August 25th, 2006, 10:42 am

Spotcheckbilly
Well it still wont log on ,but I was able to log on once yesterday at 42.5 and it stayed on line for 7 to 10min. and then diconect tried about 20 more times with no luck.My other computer uses the same dial up phone line and I get 48kbps all the time,have used the same hook up for laptop with no luck.
So here is the new log,Thanks for being persistant


Windows IP Configuration



No ARP Entries Found
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
===========================================================================
Persistent Routes:
None

Route Table

Active Connections

Proto Local Address Foreign Address State PID
TCP Travellog:epmap 0.0.0.0:0 LISTENING 744
TCP Travellog:microsoft-ds 0.0.0.0:0 LISTENING 4
TCP Travellog:52673 0.0.0.0:0 LISTENING 1528
TCP Travellog:1028 0.0.0.0:0 LISTENING 380
TCP Travellog:10110 0.0.0.0:0 LISTENING 1444
UDP Travellog:microsoft-ds *:* 4
UDP Travellog:isakmp *:* 520
UDP Travellog:4500 *:* 520
UDP Travellog:ntp *:* 780
UDP Travellog:1900 *:* 952

Active Connections

Proto Local Address Foreign Address State

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 744
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:52673 0.0.0.0:0 LISTENING 1528
TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 380
TCP 127.0.0.1:10110 0.0.0.0:0 LISTENING 1444
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 520
UDP 0.0.0.0:4500 *:* 520
UDP 127.0.0.1:123 *:* 780
UDP 127.0.0.1:1900 *:* 952
Interface Statistics

Received Sent

Bytes 512 512
Unicast packets 4 4
Non-unicast packets 0 0
Discards 0 0
Errors 0 0
Unknown protocols 0

IPv4 Statistics

Packets Received = 4
Received Header Errors = 0
Received Address Errors = 3
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 4
Output Requests = 4
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

ICMPv4 Statistics

Received Sent
Messages 0 0
Errors 0 0
Destination Unreachable 0 0
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echos 0 0
Echo Replies 0 0
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0

TCP Statistics for IPv4

Active Opens = 0
Passive Opens = 0
Failed Connection Attempts = 0
Reset Connections = 0
Current Connections = 0
Segments Received = 0
Segments Sent = 0
Segments Retransmitted = 0

UDP Statistics for IPv4

Datagrams Received = 4
No Ports = 0
Receive Errors = 0
Datagrams Sent = 4
B camp
B CAMP
Regular Member
 
Posts: 22
Joined: August 4th, 2005, 8:13 pm
Location: CLEARWATER,FL

Unread postby SpotCheckBilly » August 25th, 2006, 5:50 pm

Hello B camp,

Thank you for the log file. I will have one of our networking experts take a look at it and we'll get back to with recommendations as soon as possible. Thank you for your patience. :wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

Unread postby B CAMP » August 29th, 2006, 7:12 pm

Spotcheckbilly
I still have same problem.But I was looking at another post the helper said posters java was out of date which open up vulnerbilties to the system. Will I cant find any java on my laptop,looked in control panel and Everest, is this something that I need. I looked on my wife desk top ,control panel and she has it. let me know what you think or if I should look someware else for it Thanks
B camp
B CAMP
Regular Member
 
Posts: 22
Joined: August 4th, 2005, 8:13 pm
Location: CLEARWATER,FL

Unread postby SpotCheckBilly » August 30th, 2006, 6:50 pm

Hi B Camp,

One of our networking experts wng_z3r0 is going to jump in and help take care of you. Thank you for your patience. :wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

Unread postby wng_z3r0 » September 1st, 2006, 4:32 am

Hi. Can you please go to start->run->ncpa.cpl

Please tell me what adapters you see present. For example, my computer has this:

Local Area Connection
connected, firewalled
3Com Gigabit (3c940)

thanks,
wng
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm

Unread postby B CAMP » September 1st, 2006, 10:58 am

wng_z3r0
Thanks for stepping in, It is slowly drive me nuts.
Peoplepc.com
disconnected,firewalled
conexant ambit soft 56 v.90(v.92)
mdc modem
b camp
B CAMP
Regular Member
 
Posts: 22
Joined: August 4th, 2005, 8:13 pm
Location: CLEARWATER,FL

Unread postby wng_z3r0 » September 4th, 2006, 3:38 pm

Are you using peoplePC via dailup for your internet?
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 306 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware