Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Forgive me if I should've posted elsewhere, but I figured that you may know better here.
Recently, I downloaded a program (don't remember the name) that installed a toolbar into IE (In Windows XP). I think the bar was called AAccess or something like that (it started with an A). Now when I open Internet Explorer, it crashes and gives a runtime error. So I went to Add/Remove Programs, found the pesky toolbar, and removed it. I went back to IE, and it still crashed! Now I have to boot into Windows 2000 so I can surf the net. I tried a System Restore, but it wouldn't let me go to one of the bold colored previous restore points (it wouldn't highlight it when I clicked it) Any ideas? Thank you for any help.
Find HiJackThis! on the Internet, download it and run it.
98% of the population is asleep. The other 2% are staring around in complete amazement, abject terror, or both.
0 
If you want to post a Hijack This log you can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor to post the log.Maybe we can see where the problem files are.
0
Ok, here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 6:17:18 PM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\WINDOWS\system32\atievxx.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
D:\WINDOWS\system32\vmnat.exe
D:\WINDOWS\system32\vmnetdhcp.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\Explorer.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\IRControl\IRClient.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
D:\WINDOWS\system32\wuauclt.exe
\Hostc\C\Documents and Settings\Rayburn Davis\My Documents\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.1:21;gopher=192.168.0.1:6588;http=192.168.0.1:6588;https=192.168.0.1:6588
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_90.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - D:\WINDOWS\system32\azesearch4.ocx (file missing)
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.exe /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [BySoft IRClient] D:\Program Files\IRControl\IRClient.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: RRCClient.url
O4 - Startup: RRCServer.url
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exeThanks if you can figure it.
0
First you have a new.net infection so lets take care of it. Go to start>control panel>add/remove programs and uninstall these if found:
new.net
newdotnet
webhancer
savenow
Then restart the computer and post another HT log.
0
I went to Add/Remove Programs, and got rid of New.net. That's all I found. Internet Explorer quits freezing now, but the internet no longer works (I get this page cannot be displayed). The computer connects to a proxy server. The computer is on a wireless 802.11g adhoc network.
Here is another HTL as requested:
Logfile of HijackThis v1.99.1
Scan saved at 12:39:01 AM, on 10/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\WINDOWS\system32\atievxx.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
D:\WINDOWS\system32\vmnat.exe
D:\WINDOWS\system32\vmnetdhcp.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\Explorer.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\IRControl\IRClient.exe
D:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\ht\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.1:21;gopher=192.168.0.1:6588;http=192.168.0.1:6588;https=192.168.0.1:6588
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - D:\WINDOWS\system32\azesearch4.ocx (file missing)
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BySoft IRClient] D:\Program Files\IRControl\IRClient.exe
O4 - Startup: RRCClient.url
O4 - Startup: RRCServer.url
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exeThanks for all of the help.
0
While I look at the log download and run lsp fix from this link http://www.subratam.org/main/index.php?option=com_content&task=view&id=19&Itemid=41
It should restore your internet
0
Run another Ht scan and put a check by these items and click "fix checked".
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - D:\WINDOWS\system32\azesearch4.ocx (file missing)
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
Restart the computer. If you have regained internet capibilities then you should be clean but feel free to post another log if you need to.
0
Ok, my internet works now. I forgot to reenable my proxy server after using the internet at a motel. Everything works good again, but just for being really clean, I will delete the things you mentioned from HT, then post another log. Thanks for all of the help!!!
0
Sorry for the delay, but here is a new log:
Logfile of HijackThis v1.99.1
Scan saved at 11:13:38 PM, on 10/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\WINDOWS\system32\atievxx.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
D:\WINDOWS\system32\vmnat.exe
D:\WINDOWS\system32\vmnetdhcp.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
D:\Program Files\RRC\rrcclient.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\IEXPLORE.exe
C:\ht\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.1:21;gopher=192.168.0.1:6588;http=192.168.0.1:6588;https=192.168.0.1:6588
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BySoft IRClient] D:\Program Files\IRControl\IRClient.exe
O4 - Startup: RRCClient.url
O4 - Startup: RRCServer.url
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exeThanks!
0
Looks good to me.You should purge system restore by tuning it off reboot and turn it back on by following the directions at this link System Restore
Then make a new restore point by doing this:
Go to start>run>type "msconfig"without the quotes>ok>launch system restore>tick the circle beside "create a restore point">next>name it anything>create>home>restart the computer.
You should consider installing Spywareblaster, a top notch spyware preventer that runs in the background and re-writes malicious script before it can get into your computer. It's free and you can get it at this link http://www.javacoolsoftware.com/spywareblaster.html
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
