No firewall?? No IE?? Can't insatll service pack 2 and stay online

juey · 2006/08/03

Trying to help my nephew. He has lost his friewall! and IE...wasnt worried because had AOL. But now since switching to Cox, he wants IE again. I noticed he didnt have SP2, so I did some clean up first b4 installing it for him and left...well he couldnt get online after it finished. When he called Cox, of course its not on their end...they said he had 2 IP's showing...but all looked fine...???
Also has a Spyware problem, I wrote it down, the file name, but dont have it at home here...is all jibberish lettering......could that b hampering with things?
Going back out there tonite, will take care of that first off. then try installing SP2 again, as it gave him back the firewall and IE that he wanted.
Advice???
HiJack This mayb???
Ran adaware and found close to 200 probs...weeeeee

PeteC · 2006/08/03

An HJT log sounds a good idea

Please download HijackThis through Quicklinks in my signature and save it to a folder on your hard drive, say C:\HJT - not to the Desktop or a temporary location. When entries are fixed with HJT a backup is made to the folder from which HJT is run and this must be in a permanent location.

Open the folder in which you placed HJT and double click on hijackthis.exe and select Scan and save a log file - this will be saved in the folder from which you ran HJT.

Post the log here.
Click to expand...

and ....

Please download and install the 30 day trial version of Ewido Anti-Spyware

Run the program either from the Desktop icon if you chose to install one or from Start > Programs. On the main screen select the Update icon followed by the "Update now" link and click on the Start Update button. The update will start and a progress bar will show the updates being installed.

When the update has completed select the Scanner icon at the top of the window and click on the Settings tab.

On the Settings screen click on Recommended actions and then on Quarantine.

Under Reports select Automatically generate report after every scan and deselect Only if threats were found.

Close Ewido Anti-spyware. Do not run a scan just yet.

Boot into Safe Mode and log onto your usual account.

To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
Click to expand...

Do not open any other windows or programs while Ewido is scanning as this may interfere with the scanning proccess.

Start Ewido Anti-spyware by double-clicking the icon on your desktop or from Start > Programs and select the Scanner icon at the top of the window followed by the Scan tab and click on Complete System Scan. The scanning process will start and may take some time.

When the scan is complete if any infections were detected you will prompted for an action - select Apply all actions.

Then select the Reports icon at the top of the window and click on the Save report as button in the lower left hand corner of the screen and save it as a text file (be sure to remember where you saved that file, this is important).

Close Ewido and reboot your system back into Normal Mode and post the Ewido scan report here.
Click to expand...

Welshjim · 2006/08/03

juey--If he has Yahoo Toolbar, uninstall it along with the spyware/viruses/etc. that the procedure described by PeteC turns up.

juey · 2006/08/03

here's the log.
I am running McAfee now. Already picked up a couple of nasties
cdqebttf.sys
jtzrtjmb.dll
hzlnsoiq.dll
Alll located in Sys32

tell me what ta do guys! lol
TY so much too

Logfile of HijackThis v1.99.1
Scan saved at 6:57:37 PM, on 8/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Common Files\AOL\1129333714\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\NovaStor\NovaBackup\7\NSENGINE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\Program Files\Common Files\AOL\1129333714\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1129333714\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
c:\program files\common files\aol\1129333714\ee\aolssc.exe
C:\Documents and Settings\Craig\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F1 - win.ini: run=fntldr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
N3 - Netscape 7: user_pref( "browser.startup.homepage ", "HTTP://WWW.v2premier.com "); (C:\Documents and Settings\Craig\Application Data\Mozilla\Profiles\default\gvhyo9e4.slt\prefs.js)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\Craig\Application Data\Mozilla\Profiles\default\gvhyo9e4.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {52904906-05ED-B09E-EAEA-0C0D4B4134E8} - C:\WINDOWS\System32\xqzrmole.dll
O2 - BHO: (no name) - {6662ACCB-822A-7B70-5A06-B21A72EF06F7} - C:\WINDOWS\System32\hzlnsoiq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe "
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [yvbqwmefjc] C:\WINDOWS\System32\cqvtos.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\MCUPDATE.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Webroot\MYFIRE~1\Smc.exe -startgui
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129333714\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1129333714\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1129333714\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Capture Links - C:\Program Files\Insight Development\Net Knowledge Tools\common\MenuExtCaptureLinks.js
O8 - Extra context menu item: Capture Page - C:\Program Files\Insight Development\Net Knowledge Tools\common\MenuExtCapturePage.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Insight NetKnowledge Tools - {102910D3-CF07-4BED-ACDC-D165385B9B66} - C:\Program Files\Insight Development\Net Knowledge Tools\common\Insight NetKnowledge Tools.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104879343218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138673395640
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O18 - Protocol: iwd - {EA5F5649-A6C7-11D4-9E3C-0020AF0FFB56} - C:\Program Files\Insight Development\Net Knowledge Tools\common\IwdProtocol.dll
O20 - AppInit_DLLs: mtrbvv2d2lsx2w.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1129333714\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: yccxjchjpfqh (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe
O23 - Service: NsEngine - Unknown owner - C:\Program Files\NovaStor\NovaBackup\7\NSENGINE.exe
O23 - Service: My Firewall Plus (SmcService) - Unknown owner - C:\Program Files\Webroot\My Firewall Plus\Smc.exe (file missing)
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

PeteC · 2006/08/04

juey

There are a number of bad guys on that computer plus a few other problems ....

There are two antivirus programs - AOL and McAfee - this is not recommended due to possible conflicts.

There are two firewalls running - AOl and My Firewall Plus - again this is not recommended due to possible conflicts.

AOL software is still installed - I assume Cox has it's own software?

Before we get to work on the HJT log please download and run Ewido as requested and post the log. You can at least download it on another computer and transfer it across, although you will have to forgo the updates until an internet connection can be established. Likewise with the next request ....

Please download SmitfraudFix and unzip the contents to a folder on your Desktop.

Open the SmitfraudFix folder and double click on Smitfraudfix.cmd

If a Security Warning pops up hit the Run button

A command window appears > press any key to continue

On the line with the flashing cursor 'Enter your choice (1.2 ....) type 1 and press Enter

The program scans your system and when the scan has completed a Notepad window opens containing the scan report - a copy of this file is saved as C:\rapport.txt.

Post the SmitfraudFix log together with the Ewido report and we'll take it from there.

Log in or Sign up

No firewall?? No IE?? Can't insatll service pack 2 and stay online

juey Inactive Thread Starter

PeteC SuperGeek Staff

Welshjim Inactive

juey Inactive Thread Starter

PeteC SuperGeek Staff

Share This Page

Log in or Sign up

No firewall?? No IE?? Can't insatll service pack 2 and stay online

juey Inactive Thread Starter

PeteC SuperGeek Staff

Welshjim Inactive

juey Inactive Thread Starter

PeteC SuperGeek Staff

Share This Page

Useful Searches