Update windows or on page links failing? :(

Discussion in 'adware, spyware & hijack cleaning' started by FukenFooser 007.5, Apr 19, 2004.

Thread Status:
Not open for further replies.
  1. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Hello
    My system is acting very weird! :(
    Screen flashes black once in a while but mostly when clicking on some thing.
    Windows update won't DL. Gets all the way to the little DL window then stops?
    most links @ websites fail But that is better now that I lowered my security setting. (That suc#@$# )!
    Trend Showed nothing, GFI also nothing.
    AntiVir shows the usual faulse ones and AGV nothing and Kaspersky Escan tool kit shows the usual false ones.
    I found "NETSKY.P" on my boss's computer saturday any advice there?
    Please look over my hijack and let me know. Ran Ad-ware.

    OK I can't attach my log! Same "Error on page" as I get in some other site links. Any advice there? :(

    thanks for any replies!
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Copy and paste the content of the log. That is easier for the helpers as well. :)

    Regards,

    Pieter
     
  3. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    No
    The link to open the box to past in dosn't work.
    "Error on page" shows in lower left corner of window?
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    I am sorry, but I don't understand how you can type something in a box you say you can't open. o_O o_O

    Regards,

    Pieter
     
  5. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Sorry Pieter.
    I was thinking as slow as system is acting.
    I'll cut n past in this box.
    Logfile of HijackThis v1.97.5
    Scan saved at 9:11:18 AM, on 4/19/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    F:\Downloads\WinMx Mxmonitor\MXMoni128Eb\MXMoni128Eb\MXMoniE.exe
    F:\Downloads\WinMX\WinMX\WinMX\WinMX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Eros\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38048.7486805556
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    NOW maybe you could look over and advise on any "funny" stuff.

    Thanks for your help and understanding!!!
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    All that for a clean log. :doubt:

    Can you shut down the debugging in IE and see if that helps?
    In Internet Explorer, go to Tools > Internet Options > on the Advanced tab uncheck "Disable script debugging" You might as well uncheck "Display a notification about every script error" when you are there anyway.

    Regards,

    Pieter
     
  7. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Thank you.
    "Clean"? Wow sure could have fooled me.
    But I DO need to study more about what programs should access the web and print me a list or something. I quess I am a bit parinoid from all the crashes I see the guys I work for do and get them selfs into.
    Any ideas about "NETSKY.P" I saw 902 infected files on that system and I fresh installed norton 03, updated, started a scan and left saturday afternoon.
    I'd like a plan for it when I go to work tomorrow.
    Thanks again to Pieter!!!!!!!!!!!!!!!!!!!!!!!!!!!!
     
  8. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Still unable to update windows?
    Stalls as sonn as pop-up window opens and just dousn't go any farther?
    If my hijack log is clean, are there any other logs or reports I could get looked at?
    Running AntiVir and AGV also kaspersky scan and used CWShredder with ad-aware n spybot.

    thanks
     
  9. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
  10. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Thanks for the reply but the link also failed. I copy n past in address bar then tried removing one at a time from back end untill adding a m to ".co." got me to a site for "email in your own name".
    This is straining the old "RAM" in my head. This is a legal copy of XP and it won't work. I helped a friend last night N that wasn't one and it updated just fine?
     
  11. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
  12. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Thanks for the reply. I have Zone fire wall set at max in Internet and trusted zones. should I lower the trusted zone to the middle setting?
    I'll try that and let you know.

    Thanks
    ff
     
  13. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Nope didn't help.
    I'd love to read there but the link don't work and cut n past in address bar failed also, I quess a link isn't the same as an address anyway. I think??
    thanks
    l8r
    ff
     
  14. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    do this please

    navigate to C:\WINDOWS\system32\drivers\etc using windows explorer

    it will be a hidden folder so do this first
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    double click on the file called hosts
    it will say what do you want to use to open this file, scroll down the list and select notepad

    when it opens copy everything in that file and paste the contents back here in a reply
     
  15. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho

    Thank you dvk01
    Very good directions!!!!!!! :D

    Here is the info from that file.
    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost
    Let me know and THANKS AGAIN!
    Please also let me know what to switch back.
    l8r
    ff :cool:
     
  16. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    that is normal standard file so the hijack isn't there then

    I am not sure what the problem is
     
  17. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    I am still at a loss as to what the problem is. :mad:
    All the sites to get help at, I can't click on the link to get it. :'(

    All on-line and in sys scans show clean? Do I maybe have the security setting to high somewhere?
    Worked fine a week ago and now all this. o_O

    Thanks to all that help, me or any other poor soul in need!

    Have a great day/night!!!!!!!!!!!!!!!!!!!

    ff

    :oops:
     
  18. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Re: Update/download not working:(

    NO-thing anywhere.
    I can't get a link to work or DL updates but the standard anti's all say they are getting up dates?

    lost :'(
     
  19. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: Update/download not working:(

    try thi sthen pleae

    open hijackthis, click on config/misc tools, tick both boxes about minor & empty sections and press generate start up list

    then post that log back here
     
  20. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Re: Update/download not working:(

    Logfile of HijackThis v1.97.5
    Scan saved at 11:28:22 PM, on 4/22/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    F:\Downloads\WinMx Mxmonitor\MXMoni128Eb\MXMoni128Eb\MXMoniE.exe
    F:\Downloads\WinMX\WinMX\WinMX\WinMX.exe
    C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
    C:\Documents and Settings\Eros\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38048.7486805556
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Thanks

    I did manage to get a few "cnet" downloads to work but nothing near a M$ site and I'd really like the updates fot xp and Nvidia.
    UT2003 errored out. Keeps telling me to delete "UT2003.ini" file?
    Deleted many times, (not work), can only find in sys folder. Can't do any searching in this sys either. Can't uninstall UT2003?


    Weird

    Thanks again

    l8r

    ff



    o_O
     
  21. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: Update/download not working:(

    please post the full start up list I asked for, that might show something that isn't showing in the hjt log

    open hijackthis, click on config/misc tools, tick both boxes about minor & empty sections and press generate start up list

    then post that log back here
     
  22. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Re: Update/download not working:(

     
  23. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: Update/download not working:(

    having 2 antiviruses both running at the same time, avg & Antivir doesn't help and might be contributing to the problem.

    they both want to check on every action and either both ignore it or both tryu and lock up especially on clicking links

    disable one of them from running if you can.

    if not uninstall one completely and see if that stops the problem
     
Thread Status:
Not open for further replies.