Results 1 to 7 of 7
  1. #1
    Member
    Join Date
    Jun 2006
    Posts
    2
    Points
    0

    Default computer wont connect to internet

    Hi,


    I used the detective to scan my Hijackthis log.

    Because I can't connect to the internet on the PC that I need help with, I had to manually type the log onto this computer.

    I have downloaded the following onto a disc and installed them on the computer that will not connect: killbox,winscokxpfix,spywareblast,spywareguard,trojanhunter,stf cleaner,swshredder,cleanup,ewido,spybot and destroy ( although i couldnt use this because i couldnt connect to the internet to update).

    I have ran all of these and cleaned everything up and now they all come back clean, but I still cannot connect to the internet.

    The following is my manually typed hijackthis log.




    Logfile of HijackThis v1.99.1
    Scan saved at 7:05:50 PM, on 6/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\NMSSvc.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\Systems32\msdtc.exe
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\TrohanHunter 4.5\THGuard.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard, ShellNext = https://iptu2.cendant.com/
    http://iptu2.cendant.com/jsp/index.jsp
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D794248F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\\MsnMsgr.exe" /background
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program FIles\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jrel.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools" menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jrel.5.0_06\bin\ssv.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools" menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Java\jrel.5.0_06\bin\ssv.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - file://C:\Program Files\Support.com\bin\IBMAccessSupport\common\install\ibmegath.cab
    018 - Protocol: msnim - {828030A1-22C1-4009-854F08E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti_malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Microsoft Networks DN (msndn) - Unknow owner - C:\WINDOWS\msndn.exe (file missing)
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Remote Access Routing (Terminal Services Manager) - Unknown owner - C:\WINDOWS\termsvcs.exe (file missing)



    If anyone can help me that would be great,


    Shauna

  2. #2
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    That's a big assumption to make...that you typed everything correctly.
    The entries in a HijackThis log can contain items of malware that are dangerously similar to genuine valid windows core file entries.

    It would be much better if you copied the HijackThis log to a floppy and transferred it to your working computer. Paste it from the floppy that you insert into your working computer into this thread. We then can make an appropriate evaluation of the log.

    Thanks!
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.

  3. #3
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    Check again first to make sure you typed everything correctly, then following these instructions below:

    Please boot into safe mode by doing the following:

    1. Restart your computer

    2. When the first black screen comes up, begin tapping the F8 key repeatedly until you see the "Advanced" log on menu.
    3. Select the first option, to run Windows in Safe Mode.

    When you are at the logon prompt, log in as an Administrator
    Once in safe mode, continue with the instructions below:

    Run HijackThis again and put a check in the box next to these entries:

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard, ShellNext = https://iptu2.cendant.com/

    O23 - Service: Remote Access Routing (Terminal Services Manager) - Unknown owner - C:\WINDOWS\termsvcs.exe (file missing)


    Close all windows except for HijackThis before clicking Fix Checked.

    Using Windows Explorer, locate and delete the following file indicated in Bold text:
    C:\WINDOWS\termsvcs.exe

    Reboot and see if you can connect to the internet to post back a new log.
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    If you still can't connect, please do this :-

    1. Download LSPfix from here: http://www.cexx.org/lspfix.htm

    Save it to a floppy disk

    run on the computer which will not connect to the internet.

    2. Click the Lspfix.exe file

    3. Make a note of everything in the keep & remove sides (make 2 lists)

    4. Exit the program with the X in the top right hand corner (do NOT click finish)

    5. Past the names of those files in your next post here...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Jun 2006
    Posts
    2
    Points
    0

    Default

    Quote Originally Posted by 1972vet
    Check again first to make sure you typed everything correctly, then following these instructions below:

    Please boot into safe mode by doing the following:

    1. Restart your computer

    2. When the first black screen comes up, begin tapping the F8 key repeatedly until you see the "Advanced" log on menu.
    3. Select the first option, to run Windows in Safe Mode.

    When you are at the logon prompt, log in as an Administrator
    Once in safe mode, continue with the instructions below:

    Run HijackThis again and put a check in the box next to these entries:

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard, ShellNext = https://iptu2.cendant.com/

    O23 - Service: Remote Access Routing (Terminal Services Manager) - Unknown owner - C:\WINDOWS\termsvcs.exe (file missing)


    Close all windows except for HijackThis before clicking Fix Checked.

    Using Windows Explorer, locate and delete the following file indicated in Bold text:
    C:\WINDOWS\termsvcs.exe

    Reboot and see if you can connect to the internet to post back a new log.

    ok,

    Looking at the entries that you had me check, they were all typed out correctly.

    I check to fix and rebooted, then looked for the file to delete the bold part but it was no where to be found.

    I ran hijackthis again and that entry is still in there.

    Im going home for the night but will bring a disc tomorrow so that I can save the log and add it using this computer.

    Thank you for your help so far.


    ~Shauna~

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    WE didn't expect you to find the C:\WINDOWS\termsvcs.exe (file missing)


    asking you to find and delete it, was just a precaution as the (file missing) could have been wrong...

    Don't worry about this entry not fixing with hijackthis ...

    O23 - Service: Remote Access Routing (Terminal Services Manager) - Unknown owner - C:\WINDOWS\termsvcs.exe (file missing)

    we can tell you how to stop the service running and delete it later...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    Please read this regarding the file termsvcs.exe.

    The Microsoft Windows Live Safety Center and the Malicious Software Removal Tool both have targeted that specific malware. You can use either application to run and remove the malware automatically.

    Read more here.

    I point out both of those links in case you would like to try the Live Safety Center after we get you back on the net.

    For now, please download the Malicious Software Removal Tool to a CD, transfer the application to the non-working PC.

    Run the tool and allow it to remove what it finds. Post back and let us know if you can now connect to the internet. Thanks!
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.