Home network problem

Hi all! Greetings from the Netherlands

As the next problem is probably related to some setting in a spyware program I'll ask here...

I have an XP system and a Win 2000 system in a homenetwork called "thuisnet" I use an ADSL modem and a Router from Draytek, the Vigor 2200E.
This home network is not working properly anymore. Since some time now the win 2000 system cannot look on my Harddisks. The share option is ok on my system. The little hand is visible on all HD's i want to share.
There is no problem going to the internet on both machines either.

So, where do i look and what can i try to fix?

Need more info? ASK!

Any takers?

Frans

 

Can you do this for the 2000 machine:
Please go to this link ,read the tuturial and download Hijackthis.
http://www.mjc1.com/mirror/hjt/

Do not fix anything yet. Most items are harmless and necessary for windows.

Post your hijackthis log here.

do you have any software firewalls on any of the machines?

 

Hi and thanks for the reply.

Yes I do have a firewall, but this has always been the case! I use norman AV and firewall and also a firewall within the draytec router.

Here's the hJT:

Logfile of HijackThis v1.97.7
Scan saved at 0:12:06, on 10-3-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\United Devices\UD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\MultiPro\MultiPro.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Program Files\United Devices\ud_6800466.exe
C:\Program Files\United Devices\ud_6800466_0.dir\ud_ligfit_Release.exe
C:\wincmd\WINCMD32.EXE
C:\HijackThis\HijackThis.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fun4u.101.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Startup: Outlook Express starten.lnk = C:\Program Files\Outlook Express\msimn.exe
O4 - Startup: MultiPro.lnk = C:\Program Files\MultiPro\MultiPro.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NPF Messenger.lnk = C:\Program Files\Norman\NPF\NPFMSG.EXE
O9 - Extra button: WIC Messenger (HKLM)
O9 - Extra 'Tools' menuitem: WIC Messenger (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.6131712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab

Eagerly awaiting your comment!

Regards

Frans

 

Hi Fraha

I can't help u with your log but i see that u have Messenger Plus 2! installed on your system.

Take a look at this link,

http://www.spywareinfoforum.com/newsletter/archives/june-2003/3.php

u may want to get rid of it.

Hope this helps.



snowbound

 

If this program is a problem, how come the spybot does not 'see' this?

Do I have a wrong setting in that program?

Frans

 

MessengerPlus itself is not a problem. It is the software that gets bundled that is spyware.
Either you paid attention during install or removed the spyware afterwards.

Regards,

Pieter

 

ok, thanks, but how does the rest of the hijackthis logfile looks to you?

All clean?

Frans

 

Yep,

Pieter