Is something blocking me from HTML or the internet?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by scottie, May 19, 2005.

  1. scottie

    scottie Private E-2

    Hello,

    When I connect to the internet (ADSL) it will work for about 15 seconds, then everything after that times out. Any attempt to access a web page comes up immediately with the "This page can not be found" error. None of the other programes I use will update online either. My connection says it's connected, and my provider says all is good their end.

    The only application that seems to work without a problem is "the all seeing eye". That updates fine and from there I've connected to (and played online without a problem) the game "Battlefield 1942". The ingame server browser for the game does not work.

    There is another computere I share the connection with (this one), it work's just fine.

    The other thing I noticed is that when I open the control panel and select "add remove programes" it only stays open for about a second before closing without me doing anything.

    That also happens when I try to "run" a command (such as msconfig).

    My log is below;


    Edit by chaslang: Unrequested, old version, inline log removed



    Appreciate any help you could give me.
     
    Last edited by a moderator: May 19, 2005
    scottie, May 19, 2005
    #1
  2. TheDoug

    TheDoug MajorGeek

    Please read the Sticky at the top of this forum that asks you to read it first before asking for help, and the one about HJT logs..
     
    TheDoug, May 19, 2005
    #2
  3. scottie

    scottie Private E-2

    I have.
     
    scottie, May 19, 2005
    #3
  4. TheDoug

    TheDoug MajorGeek

    TheDoug, May 19, 2005
    #4
  5. scottie

    scottie Private E-2

    scottie, May 19, 2005
    #5
  6. TheDoug

    TheDoug MajorGeek


     
    TheDoug, May 19, 2005
    #6
  7. scottie

    scottie Private E-2

    You're obviously too busy jumping over posts to make any attempt to actually help.

    Forget about it, I'll go to another site .

    You keep screening everyone else though, hope it makes you feel good.
     
    scottie, May 19, 2005
    #7
  8. TheDoug

    TheDoug MajorGeek

    People on this site, including me, are more than happy to help people who can follow the rules. Have a nice day.
     
    TheDoug, May 19, 2005
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Scottie,

    All you need to do is follow forum guidelines and read the Announcement and the sticky threads. Has you followed them you would not be using an old version of HijackThis and you would not be posting a HijackThis log without being asked to post it, and you would not be posting it inline. Here is what you need to do:

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, May 19, 2005
    #9
  10. scottie

    scottie Private E-2

    As I said, which Doug had obviously not read in his quest to point out I had not followed the rules.....my problem is I can't connect to the internet!

    Kind of makes it hard to download latest updates and such no?

    And no, this PC does not have a burner, so I can't download them here and transfer them over.

    So you see, it makes it hard to do exactly what you require.

    I did everything I could do given the problem.
     
    scottie, May 20, 2005
    #10
  11. scottie

    scottie Private E-2

    So, I'll just go through it for what it's worth and tell you what steps I have been able to do as per your guide;

    getting prepared

    step 1.......done

    step 2......can't do it. One of the problems is that the run box only stays open for a second after I input a command.

    step 3..........done

    step 4..........I have ad aware SE & spybot instaled (and updated as of about three days ago). I've run them both a few times and now both are coming up with clear results. I can't d/l any of the others as I can't connect to the web.

    scanning and cleaning

    step 1......I can only do a scan with avg (up to date to days ago). this comes up clear. I can't get to any of the web sites.

    step 2.....done

    step 3......done (don't know about the extra bit for ad aware though)

    step 4....can't do as noted previously



    So there you go, that's the state of play.

    As you can see, I can't confirm 100% to your guidelines as so eagerly pointed out by one of the minions here. But I've done everything I can to attempt to.

    SO, whether or not you can help me from here...I dunno.
     
    scottie, May 20, 2005
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay see if you can get the current version of HijackThis ( HijackThis 1.99.1 ) onto the problem PC. This will fit on to a floppy disk assuming you have a floppy drive. If you cannot even do that, it may make things difficult since the newe versions are much better at finding and fixing problems. If you cannot do that, just tell me why and then use whatever version you do have and post a new HJT log from normal boot mode!
     
    chaslang, May 20, 2005
    #12
  13. scottie

    scottie Private E-2

    OK, well I'm back from a round trip drive of 80 kilometres to use a PC with a burner. (It's not like I'm not trying)

    OK, let me update you with what I've now done;

    Getting Prepared

    1.....Done
    2.....Done
    3.....Done
    4.....got them all

    (Note: for all of these I was able to get web update. The web connection here will work for about 15-20 seconds when I connect. If I try often enough (which I did) and am quick, I can grab the updates before I get locked out. The I disconnect and repeat the preocess until I get evertything I need. But it's very hit and miss and takes several attempts before it works.

    Scanning & Cleaning Steps

    1....I can't do the online scans for the sites that are posted, I just can't stay connected long enough to get to them.I have instaled AVG (and updated), it's not picking up anything nasty.

    I don't get an option for safe mode when I tap F8. When I do it I get a blue screen with "Please select boot device" with these 4 choices;

    1st floppy drive
    CD rom drive #1 (it says model #)
    CD rom drive #2 " " " &
    3M-WDC WD1200JD-00GBB0

    There's also an option down the borrom to hit esc to boot using default...which I did.

    So, all the following steps I have taken have been done in normal mode;

    2....Cleaned
    3....Ad Aware - Done....all clean
    Ad Aware VX2.......all clean
    CCleaner......done
    Spybot......clean
    Spyware Blaster.....Instaled
    Stinger......run and done

    4.... CW Shredder.....done
    Kill2me..........done
    Buster..........done
    HS remove.....done

    The alternate scans mentioned again I can't do because of the connection.

    Next I've done the (current version) hijack this scan and log. From there I have removed a couple of things as per the thread;

    - Fixed 2 R0 entries where the homepage was "remove.com"......I've never used that site.

    Apart from that, there's nothing else that I can really establish that is problematic.

    Do you want to see the logfile now? I've done everything I can and gone to a fair bit of trouble to do it.
     
    scottie, May 20, 2005
    #13
  14. scottie

    scottie Private E-2

    OK...here is log file;

    Edit by chaslang: Inline log removed
     
    Last edited by a moderator: May 21, 2005
    scottie, May 20, 2005
    #14
  15. scottie

    scottie Private E-2

    Damn...sorry, here it is;
     

    Attached Files:

    scottie, May 20, 2005
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read my instructions for installing and using HijackThis again. You installed exactly where I asked you not to install it. That is, on your Desktop.
    C:\Documents and Settings\Scott\Desktop\New Folder\HijackThis.exe

    Please install it properly.

    Did you install this C:\WINDOWS\system32\DLLBOOT.EXE
    Is it some kind of key generator? If you do not know what it is, make sure you tell me.
    I would normally just request that an item that looks like this be removed immediately.
     
    Last edited: May 21, 2005
    chaslang, May 21, 2005
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please download this: ABIremover

    Unzip it into its own folder. Now boot into safe mode with no network support and do not open any browsers. Now run the the ABIremover.exe file.

    When done reboot into normal mode and follow the steps below. Some items may no longer be present so just ignore them and continue with all steps.

    Since I'm not sure at this point if the DLLBoot.exe program is something you know about, I'm leaving it out of the cleanup steps for now.

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
    C:\WINDOWS\system32\system33r.exe
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\scrss.exe
    C:\PROGRA~1\INTERN~2\mum.exe

    After killing all the above processes, click "Back".
    Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    F2 - REG:system.ini: Shell=explorer.exe system33r.exe
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O3 - Toolbar: Find - {8D029AEC-E412-4948-84B5-699A740946AE} - %SystemRoot%\System32\iefind.dll (file missing)
    O4 - HKLM\..\Run: [Microsoft Wininit (System33r)] system33r.exe
    O4 - HKLM\..\Run: [Video Driver Loading Service] scrss.exe
    O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\system32\msmsgs.exe
    O4 - HKLM\..\RunServices: [Microsoft Wininit (System33r)] system33r.exe
    O4 - HKLM\..\RunServices: [Video Driver Loading Service] scrss.exe
    O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
    O4 - HKCU\..\Run: [Video Driver Loading Service] scrss.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/277f1eed352bc8d8d414/netzip/RdxIE601.cab
    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\system32\system33r.exe
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\scrss.exe
    C:\Program Files\INTERN~2\mum.exe
    C:\WINDOWS\system32\msmsgs.exe

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working. Can you download now? If so, try running the online scanners from the READ ME FIRST.
     
    chaslang, May 21, 2005
    #17
  18. scottie

    scottie Private E-2

    Regarding the hijack this instalation. For the moment everything is in it's own folder on the desktop "new folder"...this will be renamed and stored for possible future reference once everything is resolved. So everything is still bundled together.

    I have no idea what "C:\WINDOWS\system32\DLLBOOT.EXE" is or where it came from.

    I'm doing everything form your other post now, I'll report back shortly.

     
    scottie, May 21, 2005
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Bad idea. The Desktop is not safe from improper deletions and other user accounts do not have access to your desktop. C:\Documents and Settings is a place to store documents and settings. It is not a place to store programs. That is what C:\Program Files is for. Putting it where we recommend removes those issues.

    Add the C:\WINDOWS\system32\DLLBOOT.EXE stuff to the list of things to fix. Kill the process, fix the lines in HJT and delete the file in safe mode.
     
    chaslang, May 21, 2005
    #19
  20. scottie

    scottie Private E-2

    OK, I will bow to your better knowledge and have moved it.

    I can't seem to be able to reboot in safe mode. I don't get an option for safe mode when I tap F8. When I do it I get a blue screen with "Please select boot device" with these 4 choices;

    1st floppy drive
    CD rom drive #1 (it says model #)
    CD rom drive #2 " " " &
    3M-WDC WD1200JD-00GBB0

    There is also a line under that to press escape for default, which I do. But that boots me up normally.
     
    scottie, May 21, 2005
    #20
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, May 21, 2005
    #21
  22. scottie

    scottie Private E-2

    OKAY!!

    Back online on my PC now. Everything seems to be working fine.

    A couple of new developments though;

    I get a RUNDLL error message upon start up. It says "Error Loading C:\Program Files\WildTangent\APPS\CDA|cdaEngine0400.dll
    The specified module can not be found.

    There is a reference to Wild Tangent in my HJL, should I fix it out of there?

    Other than that, the only other thing is that a heap of programs boot on startup now. I think I've fixed most of them though, look like their default setting got changed during the process somehow. The only two I can't seem to locate the preferences for are Adobe Version Cue & InterVideo WinCinema Manager, but this is of course ultra minor given the last four days I've had.

    My log is attached if you need it.

    Oh, also, the internode/MUM files were for a usage meter tool for my ISP....would it be OK to reinstal that?
     

    Attached Files:

    scottie, May 21, 2005
    #22
  23. scottie

    scottie Private E-2

    Yes, that last fix has done the job!!

    Just got to figure off how to shut down these other progs from starting automatically and I'm in business.

    Thanks from all of us here, we certainly appreciate it!!
     
    scottie, May 21, 2005
    #23
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes you can reinstall mum.exe but it seems like it is aleady running based on your HJT log.

    You should uninstall Messenger Plus! 2. It is can install a load of malware onto your PC and is the kind of software that cannot be trusted.

    I would also uninstall PCDoctor Online (O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe ) unless you buy it, it is of no use. Not very useful anyway.


    You never moved HJT to the proper folder and you are still forgetting to exit your browser before running HijackThis. You still have a problems. Stuff that I requested to be fixed is still there.

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    F2 - REG:system.ini: Shell=explorer.exe system33r.exe
    O3 - Toolbar: Find - {8D029AEC-E412-4948-84B5-699A740946AE} - %SystemRoot%\System32\iefind.dll (file missing)
    O4 - HKLM\..\Run: [Microsoft Wininit (System33r)] system33r.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [Configuration Default] WUXAT.EXE
    O4 - HKLM\..\RunServices: [Microsoft Wininit (System33r)] system33r.exe
    O4 - HKCU\..\Run: [Power2GoExpress] WUXAT.EXE

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    c:\windows\system32\system33r.exe
    c:\windows\system32\WUXAT.EXE
    C:\Program Files\WildTangent <--- the whole folder

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file. Let me know if you have any problems finding or deleting any of these files/folders.

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.

    Since you can download now, you should try running the Trend Micro online scanner from the READ ME FIRST.
     
    chaslang, May 21, 2005
    #24
  25. scottie

    scottie Private E-2

    I did move hijack this...it's in program files now, that's correct isn't it?

    As suggested, I have uninstaled messenger plus & PC Doctor Online.

    None of the files you mentioned to delete are there.

    Things seem 100% now.

    New log attached;
     

    Attached Files:

    scottie, May 21, 2005
    #25
  26. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, May 21, 2005
    #26
  27. scottie

    scottie Private E-2

    Terrific!!

    Thanks very much again for your assistance!
     
    scottie, May 22, 2005
    #27
  28. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Happy I could help!
     
    chaslang, May 22, 2005
    #28

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds