Thread: Can't access Internet through network
View Single Post
  #1  
Old May 29th 04, 07:57 PM
matero
external usenet poster
  
Posts: n/a
Default Can't access Internet through network
I have been fighting this problem for more than a week!
I had trojan downloader.keenval.j. Browser kept trying
to default to incredifind, but could not access the
internet. It appears that I have been able to clean up
the trojan, but I still can't access the internet from
the previously infected computer. The other computers on
the network have no trouble. The infected computer can
access other computers on the network and other computers
can access it. Hijack This log follows:

Logfile of HijackThis v1.97.7
Scan saved at 12:44:02 PM, on 5/29/2004
Platform: Windows ME (Win9x 4.90.3000A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TASKMON.EXE
D:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\CYB2K.EXE
D:\PROGRAM FILES\IE NEW WINDOW MAXIMIZER\IEMAXIMIZER.EXE
D:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
D:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
D:\PROGRAM FILES\ROCKET SOFTWARE\ROCKETTIME\ROCKETTIME.EXE
D:\PROGRAM FILES\D-LINK\D-LINK AIR UTILITY\UTILITY.EXE
D:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS
SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
D:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.alltel.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.microsoft.com/isapi/redir.dll?prd=
{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = http://www.google.com/keyword/%s
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = 192.168.0.103:3128
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - D:\PROGRAM FILES\ADOBE\ACROBAT 5.0
\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE
TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ScanRegistry]
C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth]
C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE
O4 - HKLM\..\Run: [IE New Window Maximizer] D:\Program
Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\GRISOFT\AVG6
\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1
\ZONEAL~1\zlclient.exe
O4 - HKLM\..\RunServices: [*StateMgr]
C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] D:\PROGRA~1
\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector]
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Rocket.Time.lnk = D:\Program Files\Rocket
Software\RocketTime\RocketTime.exe
O4 - Startup: D-Link Air Utility.lnk = E:\Program Files\D-
Link\D-Link Air Utility\Utility.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk =
D:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O8 - Extra context menu item: &Google Search -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page -
res://D:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1
\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1
\Plugins\NPBelv32.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.co...6/ansi/iuctl.C
AB?37880.4788194444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/s.../cabs/flash/sw
flash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/s.../cabs/director
/swdir.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C}
(ICSScannerLight Class) -
http://download.zonelabs.com/bin/free/cm/ICSCM.cab

It was suggested to someone with a similar problem that
port 80 could be blocked. How do I check this? How do I
unblock it?

I have no good restore points. I must fix this problem.
Please help!