| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 68173 | 2006-04-20 02:23:00 | dail up | smilely_leo (7771) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 447838 | 2006-04-20 02:23:00 | :( my internet connection keeps on turning off every 10 mintues to 15 mintues then i have to keep dailing up.so i want to fix this promblem but dont kown how. on a 56 dail up,running windows xp,avg virus protector. thanks for the help. |
smilely_leo (7771) | ||
| 447839 | 2006-04-20 02:40:00 | It could be line noise, faulty modem or modem driver. How long has it been doing this? You could get the file in my signature below... It might be something else cutting you off. Are you running a firewall? |
Speedy Gonzales (78) | ||
| 447840 | 2006-04-20 03:15:00 | yes behind a firewall,the modem says its working | smilely_leo (7771) | ||
| 447841 | 2006-04-20 03:20:00 | Well post a hijackthis log here anyway. The link is in my sig below. | Speedy Gonzales (78) | ||
| 447842 | 2006-04-20 03:48:00 | Logfile of HijackThis v1.99.1 Scan saved at 2:45:34 p.m., on 20/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\webHancer\Programs\whAgent.exe C:\Program Files\webHancer\Programs\whSurvey.exe C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Shane\Local Settings\Temporary Internet Files\Content.IE5\01IVWPYF\hijackthis[1]\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ie.redirect.hp.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtramsn.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe" O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [hotelsolitaireSCSetup.exe] C:\DOWNLO~1\HOTELS~1.EXE /r O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q305&bd=presario&pf=laptop O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - zone.msn.com O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - cdn2.zone.msn.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - cdn2.zone.msn.com O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - download.games.yahoo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{2C6647CA-B504-4FDA-A9AA-96C407E63B11}: NameServer = 210.55.12.1 210.55.12.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{2C6647CA-B504-4FDA-A9AA-96C407E63B11}: NameServer = 210.55.12.1 210.55.12.2 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe |
smilely_leo (7771) | ||
| 447843 | 2006-04-20 03:50:00 | I'll leave the Hijack this log to Speedy but you need to be using some anti-spyware programs as well. Download: AdAware SE Personal Spybot Search and Destroy Both of them. You need to run them often too - they won't do anything by themselevs. If you are on the net a lot, especially downloading stuff, I'd recommend at least every day or couple of days. |
pctek (84) | ||
| 447844 | 2006-04-20 04:09:00 | You've got Webhancer - Spyware / or Trackware . Follow the info here ( . symantec . com/avcenter/venc/data/spyware . webhancer . html" target="_blank">securityresponse . symantec . com) Also, download the removal tool ( . symantec . com/avcenter/FixWebHancer . exe" target="_blank">securityresponse . symantec . com) from the same site above . Run this, let it scan for files relating to webhancer . (see if this removes the files from the system for webhancer) . Then boot into safe mode, run hijackthis again, and tick these entries, and tick fix checked . These entries belong to Webhancer C:\Program Files\webHancer\Programs\whAgent . exe C:\Program Files\webHancer\Programs\whSurvey . exe O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr . dll O4 - HKLM\ . . \Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent . exe" O4 - HKLM\ . . \Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey . exe" (See if the above entries still appear after you run the removal tool for webhancer) . O4 - HKCU\ . . \Run: [hotelsolitaireSCSetup . exe] C:\DOWNLO~1\HOTELS~1 . EXE /r - I dont know why this is running from a download folder . These files also belong to Webhancer . O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer +++++++++++++++++++++++++++++++++++++++++++++ O4 - HKLM\ . . \Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1 . 5 . 0_02\bin\jusched . exe - update for this is here ( . java . com/en/download/manual . jsp" target="_blank">www . java . com) O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask . exe" -atboottime O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background Post another hijackthis log, after you've done the above . |
Speedy Gonzales (78) | ||
| 447845 | 2006-04-20 06:26:00 | Logfile of HijackThis v1.99.1 Scan saved at 5:23:30 p.m., on 20/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Shane\Local Settings\Temporary Internet Files\Content.IE5\0LYRK5QJ\jre-1_5_0_06-windows-i586-p-iftw[1].exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\DOCUME~1\Shane\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ie.redirect.hp.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtramsn.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [hotelsolitaireSCSetup.exe] C:\DOWNLO~1\HOTELS~1.EXE /r O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q305&bd=presario&pf=laptop O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - zone.msn.com O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - cdn2.zone.msn.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - cdn2.zone.msn.com O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - download.games.yahoo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{2C6647CA-B504-4FDA-A9AA-96C407E63B11}: NameServer = 210.55.12.1 210.55.12.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{2C6647CA-B504-4FDA-A9AA-96C407E63B11}: NameServer = 210.55.12.1 210.55.12.2 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe |
smilely_leo (7771) | ||
| 447846 | 2006-04-20 06:38:00 | Do you know what this belongs to?? O4 - HKCU\..\Run: [hotelsolitaireSCSetup.exe] C:\DOWNLO~1\HOTELS~1.EXE /r I would run hijackthis again (close the browser/s), and tick this entry and tick fix checked. Is this installed? C:\Documents and Settings\Shane\Local Settings\Temporary Internet Files\Content.IE5\0LYRK5QJ\jre-1_5_0_06-windows-i586-p-iftw[1].exe I would tick this entry as well. And install this file. Are you staying online for more than 10-15 mins now?? Is it any better? |
Speedy Gonzales (78) | ||
| 447847 | 2006-04-20 06:55:00 | the downlo hotel is a game that i tried to download but woun't let me.and still only get 10-15 mintues online | smilely_leo (7771) | ||
| 1 2 | |||||