|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
08-03-2006, 07:34 PM
|
#31 |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
I managed to get on and successfully get a HJT log...please take a look at the attached and let me know what I need to do..
Also, I don't know how to access the startup tab in msconfig. If I reinstall windows, do I lose all of my files....I haven't backed up anything :-( hijackthis.txt |
|
|
|
08-03-2006, 07:41 PM
|
#32 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
It is OK to paste your HJT log straight into the thread.
Logfile of HijackThis v1.99.1 Scan saved at 8:25:59 PM, on 8/3/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ishost.exe C:\WINDOWS\system32\issearch.exe C:\WINDOWS\system32\ismon.exe C:\WINDOWS\system32\isnotify.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\JB Brown\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.espn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast O1 - Hosts: 64.91.255.87 www.dcsresearch.com O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (file missing) O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GUpload] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\GRAS301\GUpload.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global User Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global User Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Support - {A28211E5-A21B-465B-9E1F-73C7DC7826F5} - http://www.comcastsupport.com (file missing) (HKCU) O9 - Extra button: Help - {E0C59839-A4DB-4C29-83E4-F3FF6E21BD51} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O9 - Extra button: ComcastHSI - {E19C2179-571F-49AB-9899-1C1E4D368D73} - http://www.comcast.net (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt2_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt1_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/game...ts/y/rt0_x.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/c137...73e23f3_35.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8787E4BA-8202-469F-BA85-B8B42F4ED217}: NameServer = 68.87.64.146,68.87.75.194 O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
__________________
Niwa no niwa ni wa, niwa no niwatori wa niwaka ni wani o tabeta. |
|
|
|
08-03-2006, 07:49 PM
|
#33 |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
Can you make heads or tails of all that??
|
|
|
|
|
08-03-2006, 08:00 PM
|
#34 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
You have too many programs starting when Windows starts, most of this junk is just phoning home for updates and is not required.
Click Start then Run, in the window that opens up type MSCONFIG and click OK. Click the "StartUp" tab then uncheck the boxes next to these: Pinnacle\PPE\ppe.exe nwiz.exe /install DSentry.exe digstream.exe realsched.exe" -osboot jusched.exe GUpload.exe TunesHelper.exe" qttask.exe" -atboottime Media Creator 8\Drag to Disc\DrgToDsc.exe" RoxWatchTray.exe" msmsgs.exe" /background Yahoo!\Messenger\ypager.exe -quiet netwaiting.exe TaskPanl.exe" -winstart Acrobat 6.0\Distillr\acrotray.exe EasyShare.exe Kodak Software Updater.exe Acrobat 6.0\Distillr\acrotray.exe EasyShare software\bin\EasyShare.exe Kodak Software Updater.exe Use HJT to fix the following: O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt2_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt1_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/game...ts/y/rt0_x.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/c137...73e23f3_35.exe O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8787E4BA-8202-469F-BA85-B8B42F4ED217}: NameServer = 68.87.64.146,68.87.75.194 Restart your machine, on restart a window will appear and tell you that you are using sytem configuration to trouble shoot your machine, click the check box so as not to have the window displayed everytime you start Windows and click OK. Last edited by rjfvillarosa; 08-03-2006 at 09:21 PM. Reason: removed incorrect entry |
|
|
|
|
08-03-2006, 08:02 PM
|
#35 | |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
Quote:
|
|
|
|
|
|
08-03-2006, 08:42 PM
|
#36 |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
I'll give this a try shortly and let you know what happens. I really appreciate all the help so far. My one concern is the issue with safe mode not booting..very bizarre. It comes on with the black screen, then lets me logon as myself or administrator. Once I do that, I briefly see the window that lets you know you are in safe mode, then it disappears. Then the screen stays black. Maybe doing the steps above will remedy that, well see. Stay tuned...
|
|
|
|
|
08-03-2006, 08:45 PM
|
#37 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
I must confess the safe mode issue is bothering me, but at least the machine is running so we are in with a chance of cleaning and repairing it.
|
|
|
|
|
08-03-2006, 09:09 PM
|
#38 |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
I did all thatm i still get a virus message, now it is saying that i may be a victim of software counterfeiting andm y copy of windows may not be genuine???? my windows is legit, what would that be about?
|
|
|
|
|
08-03-2006, 09:16 PM
|
#39 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
Wait for the little update shield to appear in the bottom right task bar once it updates it will recertify your copy of Windows,
It's my fault we deleted an entry that was ok in the HJT log. |
|
|
|
|
08-03-2006, 09:20 PM
|
#40 |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
no problem. I'll reboot, then run adaware and ewido and see what happens. is it possible that i'm not getting everything deleted since im not running in safe mode?
|
|
|
|
|
08-03-2006, 09:24 PM
|
#41 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
It is possible and we may still have a fair amount of work to do, but, if you do a format and reinstall you will want to save your personal files and there is always the danger that you will save the problem at the same time.
Are you OK with carrying on trying to repair it or do you want to do a reinstall? |
|
|
|
|
08-03-2006, 09:31 PM
|
#42 |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
the link it is taking me to for the geuine windows is not working...
|
|
|
|
|
08-03-2006, 09:38 PM
|
#43 |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
Actually...i can't get on the internet at all with my tower. Did we delete something else that we shouldn't have? I get the window about msconfig that pops up when i reboot, it is checked on selective startup, should i change it back to normal? Maybe it's not loading files i need to connect to the web?
|
|
|
|
|
08-03-2006, 09:43 PM
|
#44 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
This is one of the reasons I will not use the software that comes with some hardware, try rechecking this one in start up netwaiting.exe.
|
|
|
|
|
08-03-2006, 10:05 PM
|
#45 |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
still no internet. i left netwaiting checked
|
|
|
|
|
08-03-2006, 10:15 PM
|
#46 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
Possibly a quicker way than faffing about with that bloat in startup will be to create a new connection, it is very simple.
Go to Control Panel>Internet Options>Connections>Setup Run the setup wizard and select "LAN always on" click OK next page "no" to a new email account and it should create a new connection to the net. |
|
|
|
|
08-04-2006, 12:49 AM
|
#47 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,163
|
rjf, you had him blow away his DNS - you should have left that O17 alone.
|
|
|
|
|
08-04-2006, 06:40 AM
|
#48 |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
I'll give that a try when i get home (at work now). I saw a message this morning on my tower that said I have "iworm_attck_v122.02a" Internet worm. And I have a "spyquake" that keeps trying to launch. Norton is saying that it is a Trojan virus, and ad-aware couldn't delete it (keep in mind that I still can not start in safe mode).
|
|
|
|
|
08-04-2006, 08:09 AM
|
#49 | |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
Quote:
My mistake I will watch for that in the future. |
|
|
|
|
|
08-04-2006, 08:31 AM
|
#50 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,163
|
Both those entries trace to Comcast servers - that's legit if you are using Comcast.
|
|
|
|
|
08-04-2006, 08:36 AM
|
#51 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
What would you suggest is the fastest way to get it back, run the connection setup wizard?
|
|
|
|
|
08-04-2006, 08:36 AM
|
#52 | |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
Quote:
Will creating a new connection work, as rjf had mentioned. Or do I need to do something else? |
|
|
|
|
|
08-04-2006, 08:46 AM
|
#53 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
I have just been talking with glc and to be honest there is a lot of nasty stuff in that HJT log, also considering the "unknown folder" in your other thread there is a little bit of concern that your network could have been compromised, I am not saying it has but there is a strong possibility.
At this point the general feeling is that you should format and reinstall Windows on your tower and I strongly agree with that suggestion. If you are up for it we can talk you through that and at the same time show you how to make the wireless connection to your laptop more secure. This is a link to a site called backlight https://europe.f-secure.com/blacklight/ this site will guide you through the process of checking the tower for what are known as "rootkits", rootkits are an extremely dangerous type of data miner, that are looking at compromising your personal security or could even be used by a large corporation such as Sony (who are I believe still in court over their rootkit scandal) to view your harddrive contents, have a read of the backlight page for more information. Last edited by rjfvillarosa; 08-04-2006 at 08:52 AM. |
|
|
|
|
08-04-2006, 08:49 AM
|
#54 |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
I would be fine with that. Quick question though...what exactly will I lose when I format and reinstall windows? Everything on my C drive (apps, MS office files, etc?)
|
|
|
|
|
08-04-2006, 08:55 AM
|
#55 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
You will loose everything and considering the chance you may have a rootkit I would like to see you go as far as a zero fill of the harddrive.
Can you tell me what the tower is, store bought or custom built? |
|
|
|
|
08-04-2006, 09:00 AM
|
#56 |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
It is a Dell optiplex, "store" bought. Does it make sense to backup at this point, so I at least will have access to the files that I know are legit and can move them back onto my machine? If so, is there an easy way to do that, I have never backed up (horrible habit and will change now), but I don't know the typical procedure.
|
|
|
|
|
08-04-2006, 09:01 AM
|
#57 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
What sort of files are you talking about? pictures, music or word documents?
|
|
|
|
|
08-04-2006, 09:36 AM
|
#58 |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
Those would be easy enough, just save them to a disc. What about my internet favorites, settings, etc?
|
|
|
|
|
08-04-2006, 09:38 AM
|
#59 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
I have just downloaded the F-secure rootkit detector and run it on two of my machines, I have never had the need to run this detector before so I was curious to see how it worked and it took no more than a few minutes to run on both machines.
Have you run the setup wizard to reset the internet connection on your tower yet? If you look in "My Documents" there is a "Favourites" folder and all your favourite IE links are in there. My biggest concern with saving your documents is saving the virus or trojan as well. Last edited by rjfvillarosa; 08-04-2006 at 09:41 AM. |
|
|
|
|
08-04-2006, 09:46 AM
|
#60 |
|
Member (9 bit)
Join Date: Feb 2003
Location: New Jersey
Posts: 404
|
I am at work right now, don't have access to my tower, I'll probably do it later this evening. I'll post on how the network connection wizard works out, and also will run the F-Secure rootkit detector.
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
