My brother is visiting me for a few weeks before he stars his summer job, and he brought his laptop up with him. He cannot access the internet, and he asked me to help him out. He didnt have any virus protection or firewall, so I added Outpost and Avira, since i've used them since I've gotten help for my own computer from here. I also installed Malwarebytes Anti-malware, and ran a Clamwin Portable scan. Mos of this was done in safe mode, and i logged in as the Admin, not under my bro's profile. Under the admin profile, I can access the internet fine with no problem. I ran clamwin, and 4 infections came up, so those were removed. I then ran MBAM, and a whopping 811 infections popped up! After clearing those, I had to restart, and when I logged into his profile I installed Avira and Outpost from my thumbdrive. I clearly had thought that it was malware that prevented him from accessing the internet under his profile.
When i tried to update Avira, it got a message saying that there was an error downloading the update. I tried to get into the internet using IE7 (what he has installed on there), and i see at the bottom just before i get the error connecting to the site message, that it was redirected to res://ieframe.dll/dnserror. Ironically, when doing windows update (NOT GOING THROUGH THE WINDOWS UPDATE SITE, but AUTOMATIC UPDATES), those files are downloaded fine with no problem.
Am I missing something? Why would i be able to access the internet under the Admin profile, but not my brother's (which also has admin rights)?
Here is the HTJ Log:
HEEEEEEEEEELP!!!!!
i dont want to share laptops with my brother!
When i tried to update Avira, it got a message saying that there was an error downloading the update. I tried to get into the internet using IE7 (what he has installed on there), and i see at the bottom just before i get the error connecting to the site message, that it was redirected to res://ieframe.dll/dnserror. Ironically, when doing windows update (NOT GOING THROUGH THE WINDOWS UPDATE SITE, but AUTOMATIC UPDATES), those files are downloaded fine with no problem.
Am I missing something? Why would i be able to access the internet under the Admin profile, but not my brother's (which also has admin rights)?
Here is the HTJ Log:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:50 AM, on 6/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesAviraAntiVir Desktopsched.exe
C:AcerEmpowering TechnologyePerformanceMemCheck.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLService.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesAviraAntiVir Desktopavshadow.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32ScsiAccess.EXE
C:Program FilesComcastDesktop Doctorbinsprtsvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wscntfy.exe
C:Program FilesAcerAcer ArcadePCMService.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:AcerEmpowering TechnologyePowerePower_DMC.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
C:Program FilesJavajre1.6.0binjusched.exe
C:Program FilesLexmark 1200 Serieslxczbmgr.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesLexmark 1200 Serieslxczbmon.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:PROGRA~1LAUNCH~1LManager.exe
C:WINDOWSsystem32ctfmon.exe
C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
C:Program FilesOpenOffice.org 2.2programsoffice.exe
C:Program FilesOpenOffice.org 2.2programsoffice.BIN
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesAviraAntiVir Desktopavscan.exe
c:program filesaviraantivir desktopavcenter.exe
G:PROGRAMFILESHiJackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0binssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [PCMService] "C:Program FilesAcerAcer ArcadePCMService.exe"
O4 - HKLM..Run: [Acer ePresentation HPD] C:AcerEmpowering TechnologyePresentationePresentation.exe
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [ePower_DMC] C:AcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [Boot] C:AcerEmpowering TechnologyePowerBoot.exe
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [SkyTel] SkyTel.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [eRecoveryService] C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0binjusched.exe"
O4 - HKLM..Run: [Lexmark 1200 Series] "C:Program FilesLexmark 1200 Serieslxczbmgr.exe"
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir Desktopavgnt.exe" /min
O4 - HKLM..Run: [OutpostMonitor] C:PROGRA~1AgnitumOUTPOS~1op_mon.exe /tray /noservice
O4 - HKLM..Run: [OutpostFeedBack] "C:Program FilesAgnitumOutpost Firewallfeedback.exe" /dump:os_startup
O4 - HKLM..Run: [ntiMUI] C:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:Program FilesOpenOffice.org 2.2programquickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: c:progra~1agnitumoutpos~1wl_hook.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:AcerEmpowering TechnologyePerformanceMemCheck.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:PROGRA~1AgnitumOUTPOS~1acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopsched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopavguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:WINDOWSsystem32ScsiAccess.EXE
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:Program FilesComcastDesktop Doctorbinsprtsvc.exe
--
End of file - 9228 bytesHEEEEEEEEEELP!!!!!
i dont want to share laptops with my brother!