| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 74256 | 2006-11-16 07:32:00 | Cant connect to router. | peejay (1396) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 499727 | 2006-11-16 07:32:00 | When I try to connect to my router from my web browser (10.1.1.1) I am getting a page that has some sort of Arabic wrinting, then it says "access to the requested url is not allowed." At the bottom of the page is " cache3.jed.isu.net.sa Is this a virus or similair? |
peejay (1396) | ||
| 499728 | 2006-11-16 08:40:00 | Certainly looks suspiciously like it. Have you got a reputable antispyware program? Also have a look at your host file which is located windows\system32\drivers\etc\ and is called hosts. Make sure there isn't anything with the routers IP listed. Entries with 127.0.0.1 are OK. | Jen (38) | ||
| 499729 | 2006-11-17 07:21:00 | Yep, am running AV and firewall, Microsoft Anti-spyware, have scanned with AdWare, Spybot, Spyware Doctor. Its still there. | peejay (1396) | ||
| 499730 | 2006-11-17 18:26:00 | Checked the hosts file and nothing suspicious there. I checked the Firefire settings and found that it was now configured to connect via a proxy, 212.138.64.143 which is a site in the United Arab Emirates! I can change back to a direct internet connection and then I can access the router but when I close Firefox and re-open it, the setting has changed back to the proxy one. I have run scans with all the antispyware I can think of, any ideas? | peejay (1396) | ||
| 499731 | 2006-11-17 19:00:00 | You haven't installed a proxy service? What other software have you installed in the last couple of weeks? I assume IE also has the same problems as Firefox in accessing the router? Have you tried using HijackThis (www.majorgeeks.com)? Post a log back here if you need help with it. |
Jen (38) | ||
| 499732 | 2006-11-17 19:20:00 | One other point, you mention Microsoft Anti Spyware. This has long ago been superseded by Microsoft Windows Defender. Uninstall MSAS and install Defender. | linw (53) | ||
| 499733 | 2006-11-17 19:31:00 | Yep, am running AV and firewall, Microsoft Anti-spyware, have scanned with AdWare, Spybot, Spyware Doctor. Its still there. Adware? Or ADAware SE Personal?? Big difference. Run Hijackthis too. |
pctek (84) | ||
| 499734 | 2006-11-18 03:04:00 | Yep, have upgraded to Defender and sorry, Its AdAware Personal that I am using. Here is the HJT log.... Logfile of HijackThis v1.99.1 Scan saved at 3:57:45 p.m., on 18/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe c:\windows\inf\xb\3\5\2\smsc.exe c:\windows\inf\xb\3\5\2\egg\EXPL0RER.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PGPserv.exe C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Photos\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\wltray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\PROGRA~1\DELLSU~1\DSAgnt.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\D-Link\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe C:\PROGRA~1\D-Link\BLUETO~1\BTSTAC~1.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\uTorrent\utorrent.exe C:\unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.dell.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 212.138.64.143:80 F3 - REG:win.ini: run=, O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 127.255.255.255 www.alcohol-soft.com O1 - Hosts: 127.255.255.255 images.alcohol-soft.com O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 6 Pro\FpLaunch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [jv16PT - Privacy Protector] "C:\Program Files\jv16 PowerTools 2005\jv16PT.exe" -ExecTask "C:\Program Files\jv16 PowerTools 2005\Tasks\_PrivacyProtector\Task.jvb" O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Photos\Picasa2\PicasaMediaDetector.exe" O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe" /source=HKLM O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Corp Updates] install.exe O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [DU Meter] "C:\Program Files\DU Meter\DUMeter.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [AutoOS] C:\Program Files\Auto Power-on\AutoPowerOn.exe O4 - HKCU\..\Run: [LoadWatcher] Test O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Skype] "C:\Program Files\Communication\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [XemiComputers Scheduler] C:\Program Files\XemiComputers\Smooth Program Scheduler\Scheduler.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Birthday reminder check.lnk = C:\Program Files\Birthday Reminder\bday.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: PGPtray.exe.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100 O8 - Extra context menu item: Page Content Recorder - C:\Program Files\Right Web Monitor\iecontrec.htm O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1928.dll/blogimage O8 - Extra context menu item: Track with Right Web Monitor - C:\Program Files\Right Web Monitor\iecontext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Web Monitor - {AD794498-7E3E-4E00-9864-94A669EEB2BF} - C:\Program Files\Right Web Monitor\iecontext.htm (file missing) (HKCU) O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: *.stumbleupon.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - AppInit_DLLs: OCMAPIHK.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AppToService EXPL0RER (AppToService_EXPL0RER) - Basta Computing - c:\windows\inf\xb\3\5\2\smsc.exe O23 - Service: AppToService svchosts (AppToService_svchosts) - Basta Computing - c:\windows\inf\xb\3\5\2\smsc.exe O23 - Service: Auto Power-on (AutoPower) - Unknown owner - C:\Program Files\Auto Power-on\AutoPower.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe O23 - Service: FinePrint Dispatcher v5 - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Auto Power-on & Shut-down Service (PCAutoPowerOnService) - Unknown owner - C:\Program Files\Auto Power-on\PCAutoPowerOnService.exe O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe |
peejay (1396) | ||
| 499735 | 2006-11-18 03:36:00 | Going through my post above, I found in the log this setting, R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 212.138.64.143:80 which contained the suspect url. I removed it from the reg but after a re-boot the problem still occurs, still getting the proxy thing in both Firefox and IE. |
peejay (1396) | ||
| 499736 | 2006-11-18 04:56:00 | Run a cleaner such as Ccleaner first. ( www.majorgeeks.com ) Tick the boxes and run in SAFEMODE..... c:\windows\inf\xb\3\5\2\smsc.exe c:\windows\inf\xb\3\5\2\egg\EXPL0RER.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 212.138.64.143:80 F3 - REG:win.ini: run=, O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O9 - Extra button: Web Monitor - {AD794498-7E3E-4E00-9864-94A669EEB2BF} - C:\Program Files\Right Web Monitor\iecontext.htm (file missing) (HKCU) O23 - Service: AppToService EXPL0RER (AppToService_EXPL0RER) - Basta Computing - c:\windows\inf\xb\3\5\2\smsc.exe |
pheonix (36) | ||
| 1 | |||||