TechSpot

Trojans, conhooks, and more

By needcomphelp
May 1, 2010
  1. I am trying to fix my moms computer that she just bought about 2 months ago. I currently have downloaded IObit Advanced System Care 3. The first time I ran the program it picked up 9,593 Security Defense problems. I am able to look at the problems. In those problems are trojans, and conhooks. As well as a lot of other items I have not seen before. A few of them that are listed several times are : KeenValue, a lot of different Hijacker listings, SearchBarCash, NetCash Dialer, DailerPlatform Dialer, and many, many more.

    Advanced System Care 3 lists the problems as being "(Immunized)", so im not sure if it Advanced System Care gets rid of them or not, but there are a few things that are not working right on the internet.

    How can I get rid of them with out having to reinstall the whole Operating System?

    Also, we are on a dial up connection, so does that make the chance greater of us getting trojans and conhooks on our computer?

    One more thing, We have Windows 7 Operating System on this computer, But we have a regular Internet Explorer, and Internet Explorer (x64). Neither of them are listed in the "Add and Remove Programs" under the Control Panel. Which one should I set as default and how do I get rid of the other one?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  3. needcomphelp

    needcomphelp TS Rookie Topic Starter

    ok thank you, I will give it a try! I just hope that it works. Again. Thank you so much!
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Sure thing :)
     
  5. needcomphelp

    needcomphelp TS Rookie Topic Starter

    ok... so ive done all the steps up to the GMER part.... i followed the instructions. I tried renaming it, and then running it in safe mode. in safe mode, after i press scan a window comes up saying something about windows/sys32 is already in use. Something along those lines. I am not sure if i did something wrong. Or if that is normal. If you would, please let me know. Right now im at a stand still.... Thank you so much for your help :)
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Skip GMER for now, proceed with other steps.
     
  7. needcomphelp

    needcomphelp TS Rookie Topic Starter

    Logfile of Advanced SystemCare 3 Security Analyzer
    Scan saved at 11:53:54 PM, on 5/1/2010
    Platform: Windows Vista (WinNT 6.1)
    MSIE: Internet Explorer v8.0 (8.0.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe
    C:\Program Files (x86)\Lexmark 5200 Series\ezprint.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\EarthLink\ISP\ISP8200\Browser\Bartshel.exe
    C:\Program Files (x86)\EarthLink\ISP\ISP8200\Browser\PPShared.exe
    C:\Program Files (x86)\EarthLink Accelerated\propelac.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files (x86)\EarthLink\Toolbar\ElnkPuB.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~2\EARTHL~2\PRPL_I~1.DLL
    O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files (x86)\EarthLink\Toolbar\ProtctIE.dll
    O2 - BHO: Earthlink Protection BHO - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files (x86)\EarthLink\Toolbar\uninsttb.dll
    O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files (x86)\EarthLink\Toolbar\Toolbar.dll
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files (x86)\EarthLink\ISP\ISP8200\BIN\PPCOLink.exe -STATION
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files (x86)\EarthLink Accelerated\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files (x86)\EarthLink Accelerated\pac-image.html
    O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://wimpro2.cce.hp.com/ChatEntry/downloads/msxml4.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_20) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: GameConsoleService (gpsvc) - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxbt_device - Unknown owner - C:\Windows\system32\lxbtcoms.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe



    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4058

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    5/2/2010 1:11:08 AM
    mbam-log-2010-05-02 (01-11-08).txt

    Scan type: Quick scan
    Objects scanned: 113351
    Time elapsed: 3 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)





    NO GMER LOG- was having problems





    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Vanessia Thomas at 16:53:12.96 on Sun 05/02/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.1051 [GMT -5:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LSI SoftModem\agr64svc.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxbtcoms.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe
    C:\Program Files (x86)\Lexmark 5200 Series\ezprint.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\EarthLink\ISP\ISP8200\Browser\Bartshel.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\EarthLink\ISP\ISP8200\Browser\PPShared.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\EarthLink Accelerated\propelac.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\program files\windows defender\MpCmdRun.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Vanessia Thomas\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com
    uSearch Bar = Preserve
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    mLocal Page = c:\windows\syswow64\blank.htm
    uInternet Settings,ProxyServer = http=localhost:8080
    uInternet Settings,ProxyOverride = <local>
    mSearchAssistant = hxxp://search.earthlink.net
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files (x86)\earthlink\toolbar\ElnkPuB.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~2\earthl~2\PRPL_I~1.DLL
    BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files (x86)\earthlink\toolbar\ProtctIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files (x86)\earthlink\toolbar\uninsttb.dll
    TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files (x86)\earthlink\toolbar\Toolbar.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
    mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
    mRun: [Bart Station] c:\program files (x86)\earthlink\isp\isp8200\bin\PPCOLink.exe -STATION
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Refresh Pa&ge with Full Quality - c:\program files (x86)\earthlink accelerated\pac-page.html
    IE: Refresh Pi&cture with Full Quality - c:\program files (x86)\earthlink accelerated\pac-image.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
    Trusted Zone: facebook.com\apps
    Trusted Zone: yahoo.com\www
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/msxml4.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
    mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun-x64: [PC-Doctor for Windows localizer] c:\program files\pc-doctor for windows\localizer.exe
    mRun-x64: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\x64\3\LXBTtime.dll,RunDLLEntry
    mRun-x64: [lxbtmon.exe] "c:\program files (x86)\lexmark 5200 series\lxbtmon.exe"
    mRun-x64: [EzPrint] "c:\program files (x86)\lexmark 5200 series\ezprint.exe"

    ============= SERVICES / DRIVERS ===============

    S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-13 135664]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-25 1255736]

    =============== Created Last 30 ================

    2010-05-02 05:43:29 0 d-----w- c:\users\vaness~1\appdata\roaming\Malwarebytes
    2010-05-02 05:43:20 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-05-02 05:43:20 0 d-----w- c:\programdata\Malwarebytes
    2010-05-02 05:43:20 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2010-05-02 04:06:58 0 d-----w- c:\programdata\Recovery
    2010-05-01 22:25:36 0 d-----w- c:\programdata\Sun
    2010-05-01 21:29:22 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
    2010-05-01 21:29:22 153376 ----a-w- c:\windows\syswow64\javaws.exe
    2010-05-01 21:29:22 145184 ----a-w- c:\windows\syswow64\javaw.exe
    2010-05-01 21:29:22 145184 ----a-w- c:\windows\syswow64\java.exe
    2010-05-01 08:27:15 212864 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-01 07:42:30 0 d-----w- c:\users\vaness~1\appdata\roaming\IObit
    2010-05-01 07:42:30 0 d-----w- c:\program files (x86)\IObit
    2010-04-30 18:25:49 1446912 ----a-w- c:\windows\system32\lsasrv.dll
    2010-04-30 18:25:49 12867072 ----a-w- c:\windows\syswow64\shell32.dll
    2010-04-30 18:25:48 96768 ----a-w- c:\windows\syswow64\sspicli.dll
    2010-04-30 18:25:48 22016 ----a-w- c:\windows\syswow64\secur32.dll
    2010-04-30 18:25:48 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2010-04-30 07:39:41 0 d-----w- c:\programdata\McAfee
    2010-04-30 05:59:24 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2010-04-25 10:00:52 0 d-----w- c:\windows\syswow64\Wat
    2010-04-25 10:00:52 0 d-----w- c:\windows\system32\Wat
    2010-04-14 05:48:17 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-04-14 05:48:16 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
    2010-04-14 05:48:16 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
    2010-04-14 05:28:07 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-04-14 05:28:07 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-04-14 05:28:07 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-04-14 05:24:25 612352 ----a-w- c:\windows\system32\vbscript.dll
    2010-04-14 05:24:25 427520 ----a-w- c:\windows\syswow64\vbscript.dll
    2010-04-14 04:06:14 139264 ----a-w- c:\windows\system32\cabview.dll
    2010-04-14 04:06:14 132608 ----a-w- c:\windows\syswow64\cabview.dll
    2010-04-14 04:04:58 220672 ----a-w- c:\windows\system32\wintrust.dll
    2010-04-14 04:04:58 172032 ----a-w- c:\windows\syswow64\wintrust.dll

    ==================== Find3M ====================

    2010-03-18 03:20:56 0 ----a-w- c:\users\vaness~1\appdata\roaming\wklnhst.dat
    2010-03-09 01:29:23 1685 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_AY028AA-ABA CQ5300Y_YC_0Pres_Q4CE002_EA1NAv6PrA3_49_INARRA5_SPEGATRON CORPORATION_V5.00_B5.55_T091208_WUH0_L409_M1791_J320_7AMD_8Sempron LE-1300_92.3_#_N10DE03EF_Z11C10630_G10DE03D0.MRK
    2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll
    2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
    2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
    2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
    2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll
    2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll
    2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
    2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 16:53:25.51 ===============
     

    Attached Files:

  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. needcomphelp

    needcomphelp TS Rookie Topic Starter

    they were too many characters so i had to attach them
     

    Attached Files:

  10. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I don't see much here....


    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
      O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  11. needcomphelp

    needcomphelp TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ deleted successfully.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ deleted successfully.
    File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ deleted successfully.
    File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Vanessia Thomas
    ->Temp folder emptied: 395148 bytes
    ->Temporary Internet Files folder emptied: 12794895 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 585 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1686 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 525824 bytes

    Total Files Cleaned = 13.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.4.0 log created on 05022010_175001

    Files\Folders moved on Reboot...
    C:\Users\Vanessia Thomas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     

    Attached Files:

    • OTL.Txt
      File size:
      92 KB
      Views:
      0
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download OTC to your desktop. It'll remove most tools and logs we used so far. If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    • Double-click OTC.exe to run it. (Vista and 7 users, please right click on OTC and select "Run as an Administrator")
    • Click on the CleanUp! button and follow the prompts.
    • You will be asked to reboot the machine to finish the Cleanup process, choose Yes. If it doesn't ask you to reboot, restart computer manually.
    • After the reboot all the tools we used should be gone.
    • The tool will delete itself once it finishes.

    =========================================================================

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    Post fresh HijackThis log as well.
     
  13. needcomphelp

    needcomphelp TS Rookie Topic Starter

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Tuesday, May 4, 2010
    Operating system: Microsoft (build 7600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Tuesday, May 04, 2010 21:19:52
    Records in database: 4049719
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Objects scanned: 145710
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 01:43:09

    No threats found. Scanned area is clean.

    Selected area has been scanned.




    This one?


    Logfile of Advanced SystemCare 3 Security Analyzer
    Scan saved at 1:27:47 AM, on 5/5/2010
    Platform: Windows Vista (WinNT 6.1)
    MSIE: Internet Explorer v8.0 (8.0.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe
    C:\Program Files (x86)\Lexmark 5200 Series\ezprint.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\EarthLink\ISP\ISP8200\Browser\Bartshel.exe
    C:\Program Files (x86)\EarthLink\ISP\ISP8200\Browser\PPShared.exe
    C:\Program Files (x86)\EarthLink Accelerated\propelac.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files (x86)\EarthLink\Toolbar\ElnkPuB.dll
    O2 - BHO: EarthLink PopUp Blocker V2 - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~2\EARTHL~2\PRPL_I~1.DLL
    O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files (x86)\EarthLink\Toolbar\ProtctIE.dll
    O2 - BHO: Earthlink Protection BHO - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files (x86)\EarthLink\Toolbar\uninsttb.dll
    O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files (x86)\EarthLink\Toolbar\Toolbar.dll
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files (x86)\EarthLink\ISP\ISP8200\BIN\PPCOLink.exe -STATION
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files (x86)\EarthLink Accelerated\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files (x86)\EarthLink Accelerated\pac-image.html
    O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://wimpro2.cce.hp.com/ChatEntry/downloads/msxml4.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_20) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: GameConsoleService (gpsvc) - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxbt_device - Unknown owner - C:\Windows\system32\lxbtcoms.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Your computer is clean [​IMG]

    1. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Any word about your computer status?
     
  16. needcomphelp

    needcomphelp TS Rookie Topic Starter

    im sorry it has taken this long to reply back.. been really busy.. and the computer WAS doing a lot better...... until my modem screwed up... was on the phone with HP twice today ... and Earthlink lol ..i believe that the modem is kinda stuck lol .. i even unpluged the modem and plugged it into another slot inside the computer. and its still messed up.. there is nothing wrong with the phone line either. I am on another computer that i had that is an older dell. On dial up, just like the other one, and its working fine. I got them to send me the recovery disks for it..they were going to charge me for the shipping and handling but i told him i couldnt pay for it and i really needed the computer asap because i do a lot of work on the computer. so they waived the fee for me lol . But...if that doesnt work then they are going to send me a new modem free of charge. I have tried reseting the BIOS as well, and that didnt help. If you know of anything that i can do please let me know. When the phone line is plugged into the computer, i have no dial tone on any of my phones. When its unplugged, i have a dial tone on my phones. Help!! lol .. if you cant thats fine, just thought id ask. and thank you so much for your help with the other stuff
     
  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Since your current issue is not malware related, I suggest you start a new topic in Windows forum and I'm sure, someone will help you out.
    Here, your last post is pretty much buried deep into the thread, so I doubt anyone will pay any attention.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...