No internet connection and other problems!!

Hi
I have a laptop that is runninng slow and now refuses to show any internet pages even though windows says it's connected and the virus scanner appears to update itself (but Ad-aware does not). I have tried all the steps in your 'Read & run me 1st' but can't do the online stuff and I am still having problems. Spybot reports 3 entries of 'Command Service' but can't clear 2 of the entries. Can someone help please???
Regards
Leebert

 

Please post a HijackThis log as an attachment.

Downloading, Installing, and Running HijackThis

 

Thanks for getting back so quickly.
A bit more background info...
Dell Inspiron 1100, Intel Celeron 2.4 GHz, 256 Mb RAM, XP Home 2002 SP2.

CCleaner - cleaned.
Microsoft Malicious tool found nothing.
Ad-aware found 7 issues, all fixed.
Spy-bot - found 3 entries of Command Service, 1 cleaned and the other two it couldn't.
AntiSpyWare - all clear, nothing found.

Attached is the HJT logfile.

Cheers Leebert

 

Uninstall WinAntiVirus Pro 2006, I don't know about this version but it's predecessor, WinAntiVirus 2005, is on the list of Rougue Anti-Spyware applications. http://www.spywarewarrior.com/rogue_anti-spyware.htm

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now scan and have HJT Fix the following:

Download
- Pocket Killbox
- ExplorerXP

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Hi
I did all you put in your post. The four Windows AntiVirus 2006 files in the first HJT scan were not there so the uninstall must have been sucessful I guess.
Some of the other items you asked me to remove weren't there either - is this OK?

Attached is the latest HJT log as requested.

Many thanks
Leebert.

 

Scan with HijackThis and fix the following:

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Follow the directions for Running WinPfind by OldTimer.

Post teh WinPFind.txt and a fresh HijackThis log.

 

Hi
Followed instructions and have attached WinPFind and HJT logs as requested.
Cheers
Leebert

 

Hi
Went through L2Me fix and then ran HJT. Logs attached
Regards
Leebert

 

I think so.
I am running in normal windows mode (as opposed to Safe mode) - is this correct?
I am the only user account on the machine. If I go into User Accounts in control Panel it describes me as a Computer Administrator. Am I missing something??
The only thing that was different was the l2mfix.bat sequence of events. The computer scanned first (after opening a second batch file) and then requested a reboot after it had finished.
I am a bit, no, a lot of a newbie at this level!!

 

Also, the service was Started and Automatic.

 

I'll Check on the install. Just one thing... Does L2Mefix need an internet connection? I ask as I am posting this on a seperate PC as the laptop IE doesn't work. Sorry if this is a stupid question. I'll post the L2M dir files in a min...
Leebert

 

In the L2mfix dir there is the following...

3 dirs:
backregs (9 reg entries)
dlls (dir empty)
regfixes (2 reg entries)

backup.zip
cleanup.bat
direct.txt
echo.reg
fixautont.html
keypress.com
l2mfix.bat
locate.com
log.txt
ntrights.exe
process.exe
readme.txt
report.txt
restart.exe
second.bat
strings.exe
zip.exe

Leebert

 

Just ran L2mfix again and noticed when option 1 is selected that after is reports "scanning" a line comes up very briefly "can't find file.... ....user.???"
I can't reaad what it says as it is too fast.
Leebert

 

The file is "user1.txt"
Leebert

 

It reports...
RUNAS ERROR: Unable to run - C:\WINDOWS\System32\second.bat
1084: This service cannot be started in Safe Mode.


...Could not find C:\WINDOWS\System32\log.txt

...Please fix missing 020 with HJT after reeboot.

These are some other 'interesting' lines that the batch file reports

Leebert

 

Hi chaslang
I tried option 2 again with no luck. L2mfix still could not generate or use the second account. I haven't bothered posting the log as it was the same as last time.
Regards
Leebert

 

Hi
Have given up on the removal of the malware and re-installed the OS. Added ZoneAlarm et all and it seems OK now.

Thank you for your help so far.

Leebert