943,523 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > spyware not allowing me to use internet explorer
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Sep 6th, 2004
0

spyware not allowing me to use internet explorer

Expand Post »
to anyone that can help:

my internet explorer is currently out of commission by what someone has said is spyware. it opens and just tells me that the page cannot be displayed and won't open anything else or refresh.

i'm using a compaq presario, windows XP, and i'm on a LAN connection.

here is my hijackthis log.

please help.

Logfile of HijackThis v1.98.2
Scan saved at 10:21:26 PM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Inverse IP InSight\PenTele\ARUpld32.exe
C:\WINDOWS\system32\msCMTSrvc.exe
C:\Program Files\Inverse IP InSight\PenTele\ARMon32a.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis-1.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5g6ppqf.slt\prefs.js)
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpyHunter] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://anti-virus.albright.edu/webinstall/webinst.cab
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
SolitaryIvy1 is offline Offline
11 posts
since Sep 2004
Permalink
Sep 7th, 2004
1

Re: spyware not allowing me to use internet explorer

Your log file is pretty clean; are you sure you don't have a DNS issue instead?

Try reaching a website by its IP address instead of its URL. Using Google as an example, in Internet Exploder's location bar, type the following:

http://64.233.167.99

Does that take you to Google?


Also try opening a DOS box and typing the following commands. Tell us the results of each:

ping www.google.com

ping 64.233.167.99
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003
Permalink
Sep 7th, 2004
0

Re: spyware not allowing me to use internet explorer

using the IP address still does not open the website.

and here is what i got in dos when i tried to ping.

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\OWNER>ping www.google.com

Pinging www.google.akadns.net [64.233.161.104] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 64.233.161.104:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\DOCUME~1\OWNER>
C:\DOCUME~1\OWNER>ping 64.233.167.99

Pinging 64.233.167.99 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 64.233.167.99:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\DOCUME~1\OWNER>
Reputation Points: 10
Solved Threads: 0
Newbie Poster
SolitaryIvy1 is offline Offline
11 posts
since Sep 2004
Permalink
Sep 7th, 2004
0

Re: spyware not allowing me to use internet explorer

Your HJT log doesn't report any evidence of a broken or corrupted TCP/IP stack, so...

How are you connected to the Internet (cable, DSL, Dial-up, etc.), and what hardware is involved?

If you have cable or DSL, are you using a broadband router or do you connect directly to the modem? If you use a router, can you ping the IP of the router (usually 192.168.0.1 or 192.168.1.1)?

If you use broadband and connect directly to the modem, is the connection USB or Ethernet?
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003
Permalink
Sep 7th, 2004
0

Re: spyware not allowing me to use internet explorer

i'm at a school with either a T1 or T3 connection i'm not sure.....and i use an ethernet connection. everything else is fuctioning other than the internet explorer itself.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
SolitaryIvy1 is offline Offline
11 posts
since Sep 2004
Permalink
Sep 7th, 2004
0

Re: spyware not allowing me to use internet explorer

Quote originally posted by SolitaryIvy1 ...
everything else is fuctioning other than the internet explorer itself.
Unfortunatley, everything else isn't functioning if you can't even ping.

- Try to ping the IP of your own machine.

- Try these two pings and post the results:

ping localhost
ping 127.0.0.1

Also- post the output of the following command:

route print
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003
Permalink
Sep 7th, 2004
0

Re: spyware not allowing me to use internet explorer

well when i meant that everything else is functioning i meant my messengers and netscape which is what i'm using to access the internet right now.

here is the information for what you said to do

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\OWNER>ping localhost

Pinging Beccascomputer [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\DOCUME~1\OWNER>ping 127.0.0.1

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\DOCUME~1\OWNER>
Reputation Points: 10
Solved Threads: 0
Newbie Poster
SolitaryIvy1 is offline Offline
11 posts
since Sep 2004
Permalink
Sep 7th, 2004
1

Re: spyware not allowing me to use internet explorer

I've seen this before:

O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL

It's part of some nasty, or at least, some on other forums have indicated so, might be worth taking a look into. One thing I know about this is that the filename isn't always the same. Hope this helps one of the experts get you squared away.
Reputation Points: 15
Solved Threads: 6
Unverified User
DuncanIdaho is offline Offline
277 posts
since Aug 2004
Permalink
Sep 7th, 2004
0

Re: spyware not allowing me to use internet explorer

Quote originally posted by DuncanIdaho ...
I've seen this before:

O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL

It's part of some nasty, or at least, some on other forums have indicated so, might be worth taking a look into. One thing I know about this is that the filename isn't always the same. Hope this helps one of the experts get you squared away.
Thanks DuncanIdaho, I totally missed that one- I guess that's what I get for posting at 1:30 AM. http://www.stevewolfonline.com/Downl...uals/sleep.gif

You're right- that entry should be fixed by HJT, and then the ATPART~1.dll file should be deleted if it still exists after the HJT fix and a reboot.


SolitaryIvy1,

The "~1" in the filename is a truncation, so ATPART~1.dll will not be the file's real, full name. In the Folder Options under the Tools menu of Windows Explorer, select "Show hidden files and folders", deselect "Hide protected operating system files, and then look in your C:\WINDOWS\System32 folder for the file whose name begins with ATPART. Delete that file if you find it.

Usually the inability to ping indicates something lower-level than a browser problem, but in this case, since you've said that Netscape works fine, my guess is that ping requests to/from the "outside world" are probably just being blocked by your school's IT dept. for security reaons.
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003
Permalink
Sep 7th, 2004
0

Re: spyware not allowing me to use internet explorer

Glad to help. I'm learning a lot watching you guys.
Reputation Points: 15
Solved Threads: 6
Unverified User
DuncanIdaho is offline Offline
277 posts
since Aug 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Please check this log
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Need help friends comp is full of junk





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC