Author Topic: Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet  (Read 21585 times)

0 Members and 1 Guest are viewing this topic.

thefixer

  • Guest
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #15 on: December 30, 2004, 03:55:18 PM »
Thanks for your help everyone.  Will not be able to work on the pc problem until late tonight( Thursday).

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #16 on: December 30, 2004, 08:19:51 PM »
Thanks for your help everyone.  Will not be able to work on the pc problem until late tonight( Thursday).

Ok, we're waiting... Good luck  8) ;)
The best things in life are free.

thefixer

  • Guest
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #17 on: December 31, 2004, 05:05:05 AM »
Getting late here and I had so much fun deleting NAV manually...item by item. I wasn't able to delete the following files....told be "access is denied"
apwgmd.dll
apwutil.dll n32alert.dll
n32call.dll
n32exclu.dll
n32inoc.dll
n32pdll.dll
n32serve.dll
n32xutil.dllnavapw32.exe

thefixer

  • Guest
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #18 on: December 31, 2004, 05:11:26 AM »
To continue:
navashell.dll
s32navn.dll
v32scan.dll
When I was doing these deletes....it sounded as if my modem was trying to dial out...but I still can not connect to the internet.

 In reference to my HJLog and the deletions:
Should I delete these:

THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTIME FOR THE SYSTEM TO WORK PROPERLY:
--------------------------------------------------------------------------------
o4 - hklm\..\run: [pgu.exe] c:\windows\temp\pgu.exe
o4 - hkcu\..\run: [ie new window maximizer] c:\program files\ie new window

Please advise and I'll perform tomorrow AM along with the others that were specified.
Thanks!

neal62

  • Guest
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #19 on: December 31, 2004, 05:26:15 AM »
I didn't see which version of NAV you are trying to uninstall. If you have Norton 2003 or earlier you may want to go HERE to use their tool to remove Norton files completely. :)

thefixer

  • Guest
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #20 on: December 31, 2004, 11:01:30 AM »
Ref: Post by neal62

 Thanks for the link......it was NAV5

I found that link thru this site last night ( took me a while to locate). I was unable to use the uninstaller since my pc kept telling me that nav95.isu is not valid or the data has been corrupted. Uninstallation will not continue.
I followed the manual uninstall instructions based upon that link(NAV).

My prior two posts show the files which I am unable to delete that were in the NAV program files.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
The best things in life are free.

thefixer

  • Guest
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #22 on: December 31, 2004, 04:40:18 PM »
Here's a copy of my latest HJL:


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31073
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #23 on: December 31, 2004, 05:32:02 PM »
Please save the log as txt and not as a word document. This log is unusable.

thefixer

  • Guest
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #24 on: December 31, 2004, 05:46:48 PM »
Ref: My last post....ie...word doc.

Sorry...I'm unable to copy the log file to a floppy. As soon as I start....a series of BBBBBBBBBBBBBBBBBBB begin to destory everything.  I actually did copy it to word and it was there....but I just opened it now and it is gone.
 
Any suggestions on how I can post the log without typing it out line by line?

Thanks

thefixer

  • Guest
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #25 on: December 31, 2004, 05:53:46 PM »
Ref: Word Doc.

If I copied the doc. here........would that be acceptable??
I can open the word doc. from the prior post.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31073
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #26 on: December 31, 2004, 05:56:57 PM »
If you have to 'transport' it from 1 system to another, floppy, cdr(w), dvdr(w), external drive, thumbdrive etc etc. Or print it and scan it on another system as txt. (OCR)

Quote
s soon as I start....a series of BBBBBBBBBBBBBBBBBBB begin to destory everything
If you mean this happens if you try to use the floppy, than there is more wrong with that system besides the things you already mentioned here.
« Last Edit: December 31, 2004, 05:57:43 PM by Eddy »

thefixer

  • Guest
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #27 on: December 31, 2004, 07:52:59 PM »
Hi Again,
Thanks for your fast response.  The computer that I'm having all the problems with is an older Toshiba laptop, 366 mhz. that I've had for about 3 years. During that time I've never have used the external floppy drive....I believe the problem I described in my last post was due to bad connection between the laptop & floppy driver.
I disconnected everything and I tried again...this time it worked fine......
So here's the revised HJL:

Logfile of HijackThis v1.99.0
Scan saved at 1:22:58 PM, on 12/31/04
Platform: Windows 95 C (Win9x 4.00.1212)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOWER.DRV
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\WINDOWS\SYSTEM\TPWRMGR.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\NOPOPS\NOPOPS.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\IE NEW WINDOW MAXIMIZER\IEMAXIMIZER.EXE
C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\SNNPAPI.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hawk Communications
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [THotkey] THotkey.Exe
O4 - HKLM\..\Run: [TPwrMgr] TPwrMgr.Exe
O4 - HKLM\..\Run: [TDspOff] TDspOff.Exe B
O4 - HKLM\..\Run: [TFunckey] TFuncKey.exe
O4 - HKLM\..\Run: [TEscKey] TEscKey.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [NoPops] C:\PROGRAM FILES\NOPOPS\NOPOPS.EXE
O4 - HKLM\..\Run: [Pgu.exe] C:\WINDOWS\TEMP\PGU.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [TSPower] SPower.drv
O4 - HKLM\..\RunServices: [TDockNUndock] TEject.drv
O4 - HKLM\..\RunServices: [TWarmBay] TWarmBay.drv
O4 - HKLM\..\RunServices: [TWBrowse] TWBrowse.drv
O4 - HKLM\..\RunServices: [TCDPlay] TCDPlay.drv
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [JAguAr] Trayz.exe
O4 - HKCU\..\Run: [Bogobot] uio.exe
O8 - Extra context menu item: Fill Forms &] - file://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\RoboFormComSavePass.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\RoboFormComCustomizeIEMenu.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar   &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms   &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms   &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\RoboFormComSavePass.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll


Ref: Your 1st Analysis of HJL:

WE HAVE NO INFO ON THE FOLLOWING ITEMS. THEY CAN BE BAD OR GOOD.
YOU HAVE TO VERIFY THEM MANUALLY. PLEASE TELL US IF YOU HAVE INFO ON THEM :
--------------------------------------------------------------------------------
\program files\nopops\nopops.exe  ...This is pop-up killer
o4 - hklm\..\run: [nopops] c:\program files\nopops\nopops.exe
o4 - hkcu\..\run: [jaguar] trayz.exe.... do not know
o4 - hkcu\..\run: [bogobot] uio.exe ....do not know

How do you check them out???

Thanks again!

galooma

  • Guest
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #28 on: December 31, 2004, 11:56:13 PM »
it seems you are looking better but i would kill this one      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\SNNPAPI.DLL/sp.html (obfuscated)           Nasty
are you still having problems ? you int explorer is an old one.
the age of your equipment is always going to be holding  you back and leaving you vulnerable, do you visit windows update?
« Last Edit: January 01, 2005, 12:00:30 AM by ginblossom »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31073
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Urgent Help Needed ...3 Virus Plus and Unable to Connect to the Internet
« Reply #29 on: January 01, 2005, 03:20:06 PM »
Quote
you int explorer is an old one.
Not surprising since he is using Windows 95 ;)

Quote
\program files\nopops\nopops.exe  ...This is pop-up killer
I already guessed that. But which one exactly? Does it have ad-/spyware?

Quote
How do you check them out???
Normally by visiting several trusted security site to see if they have info on them. If they don't, Google. If that doesn't bring anything.... Analyzing the application/files manually. (decoding them and looking at the source)

Although Roboform can look like a handy util to some (many?) people..... Storing passwords, login names etc on a system is a security risk. Personally I would remove it.