Hi Curious! My name is Sam and I've been working with Trogan_1000 behind the scenes on your problem. I see you are online now, so let's see what we can do for you.
I believe that Bullguard is your problem. I'm assuming now that you don't have the installation file that you initially downloaded when you purchased Bullguard. But let me know if you do have it.
So let's check and see anything is amiss. Please click Start -> Run -> type in services.msc and click OK. You are looking for these services.
Well, Method 1 was NOT successful in correcting problem. I still cannot bring up IE. Method 2 keeps telling me it cannot copy IEXPLORER.EXE from my CD. I see the file in the i386 directory, but it won't copy it.
OK - finally some kind of success. I now have firefox setup on sick comp. I do however have to get IE fixed because most of the sites we use will only work with IE.
No, its not in Recycle, but that was a Booster the dial up service had me install when we had to temporarily use dial up because of Hurricane Rita. I can reinstall it from their website. Let me know.
Forgot to answer your question - NO WE'RE NOT ON DIAL UP NOW. THANK GOD.
By the way -
What antivirus/spyware cocktail do you suggest:
I currently have:
Adaware
Ewido - just loaded and used it for the first time.
Spybot
Bullguard-not sure its very good - doesn't seem to catch a lot that adaware, ewido do
What do you know about AVG (i think that's what its called) - i've seen mentioned on this forum
Logfile of HijackThis v1.99.1
Scan saved at 8:06:27 AM, on 10/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
AVG is very good, and I highly recommend it. I like Zone Alarm for a firewall also. I've not heard of Bullguard so I can't comment good or bad on it.
Here's some other suggestions to keep you out of trouble.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.
You can find instructions on how to enable and reenable system restore here:
Renable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Turbosurf requires that you set the proxy address to 127.0.0.1, so in removing turbosurf, that proxy address entry is still there. You can remove it by going to Tools --> Internet Options --> Connections --> Lan Settings, and ensure that the 'Use a Proxy' checkbox is NOT checked. (see below screen shot)
Give that a shot (sorry if the issue was already resolved)..
When I originally looked at your HJT log, I did not ask you to remove turbosurf, becuase some dial-up ISPs use them. It is not necessary though, and usually does little, if anything at all, so it is good that you got it removed..
Comments
I believe that Bullguard is your problem. I'm assuming now that you don't have the installation file that you initially downloaded when you purchased Bullguard. But let me know if you do have it.
So let's check and see anything is amiss. Please click Start -> Run -> type in services.msc and click OK. You are looking for these services.
BullGuard LiveUpdate
BullGuard Main
BullGuard File Monitoring
BullGuard Firewall
BullGuard Email Monitoring
and anything else that says Bullguard also.
One at a time, double click to bring up Properties. If the service is stopped, click Start. Now change the startup type to Automatic.
Reboot your computer and check your connection.
Let's try this:
Note: Both methods listed require that the Microsoft Windows XP CD-ROM be available.
Method 1: Microsoft Internet Explorer 6.x Repair for Windows XP
- From the Start menu, select Run.
- In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
- Select the OK button.
- Follow the prompts throughout the System File Checker process.
- Reboot the computer when System File Checker completes.
Try Internet Explorer to see if this worked.Method 2: Microsoft Internet Explorer 6.x Repair for Windows XP
- From the Start menu, select Search, select All Files and Folders.
- Select More Advanced Options and place a checkmark beside Search Hidden Files and Folders option.
- Ensure that Search System Folders and Search Subfolders are also checked.
- In the All or Part of the File Name box, type ie.inf
- In the Look In drop-down menu, select C: or the letter of the hard drive that contains the Windows folder.
- Click the Search button.
- In the search results pane, find the ie.inf file located in Windows\Inf folder.
- Right click the ie.inf file and click Install on the context menu.
- Reboot the computer when the file copy process is complete.
Let me know how it goes.Please download Firefox to use an alternate browser. Once installed, let me know if you get a connection with Firefox.
http://www.mozilla.org/products/firefox/
Thank you so much for helping me.
http://www.microsoft.com/downloads/details.aspx?FamilyID=1e1550cb-5e5d-48f5-b02b-20b602228de6&DisplayLang=en
Let me know how it goes.
Setup unable to download info about available installation sites.
Setup may have been unable to use your current proxy server settings.
Click "Advanced" if you know your proxy settings.
Thanks
C:\Program Files\Turbosurf
If so, restore it and try IE again.
If not, uninstall it via the Control Panel -> Add/Remove programs.
Check your connection and try the installation again. If it still doesn't work we'll look at some settings in IE.
Well, I need to get that thing off all my other machines.
I guess now I can get back to getting rid of spyware/virus.
I just cannot thank you enough for all your help. Your are absolutely an angel from God.
Thank you, thank you, thank you.
We got off track a bit with fixing IE. Can you post a new hijackthis log and we'll see if there's anything left to deal with.
By the way -
What antivirus/spyware cocktail do you suggest:
I currently have:
Adaware
Ewido - just loaded and used it for the first time.
Spybot
Bullguard-not sure its very good - doesn't seem to catch a lot that adaware, ewido do
What do you know about AVG (i think that's what its called) - i've seen mentioned on this forum
Logfile of HijackThis v1.99.1
Scan saved at 8:06:27 AM, on 10/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\HiJackThis.exe\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eastex.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Eastex Net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe -b
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe" -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 4.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard, Ltd. - C:\Program Files\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
O23 - Service: BullGuard Main (BGMainSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: BullGuard File Monitoring (BsFileSpy) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: BullGuard Firewall (BsFirewall) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: BullGuard Email Monitoring (BsMailProxy) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
AVG is very good, and I highly recommend it. I like Zone Alarm for a firewall also. I've not heard of Bullguard so I can't comment good or bad on it.
Here's some other suggestions to keep you out of trouble.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
- Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
- Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
- Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
- Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
- Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.You can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore
or
Windows XP System Restore Guide
Renable system restore with instructions from tutorial above
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
I'm going to apply all your suggestions on all four of my machines and then update the logs on the other three to get those cleaned up as well.
Like I said - you are an angel from God. I just cannot thank you enough.
I truly pray that God Blesses you in everything your hands touch.
I believe I know what the problem was:
Turbosurf requires that you set the proxy address to 127.0.0.1, so in removing turbosurf, that proxy address entry is still there. You can remove it by going to Tools --> Internet Options --> Connections --> Lan Settings, and ensure that the 'Use a Proxy' checkbox is NOT checked. (see below screen shot)
Give that a shot (sorry if the issue was already resolved)..
When I originally looked at your HJT log, I did not ask you to remove turbosurf, becuase some dial-up ISPs use them. It is not necessary though, and usually does little, if anything at all, so it is good that you got it removed..
Best Regards,
Mike
Thank you so much for your help.
God Bless You.
Curious: I'm glad your problem is sorted and sorry I didn't have the proper knowledge to help you further