|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
April 16th, 2004, 10:38 AM
|
||||
|
||||
IE won't open, getting bounced from security forums,downloads
This is the fourth time I have tried to post my HJT log, I don't know what I am doing wrong, it keeps saying "go back" and log in(?I am logged in?). Then my whole post disappears, so here goes, IE won't let me on th 'net or open my start page, I have to find complicated ways to get on and it is a hassle! I have updated IE, Window, run Spybot S&D, AdAware 6, CWS, SpywareBlasters, SpywareGuard, WinPatrol, McAfee Internet Security Suite 6, and I ran that stinger and PHag-a-bot from F-secure, and STILL IE insists on saying it has to close. I clicked on the tech button, curiously, and it is trying to send COMPLETE files, different ones each time, I turned off the error reporting thing long ago, a pest, it was. (Is that it?) CWS found smartsearch, said it kept changing (
 )something. I noticed Spybot finds alot of app: wrong path, but I'm just learnin' all this. My (Dell WinXP Sp1) 'puter is 7 months new to me, HELP!! HAPPY HUNTING!! THANKS SO MUCH!!! MarjaLogfile of HijackThis v1.97.7 Scan saved at 5:27:28 AM, on 4/16/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\WINDOWS\System32\cisvc.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\cidaemon.exe C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe C:\Program Files\EarthLink TotalAccess\MailClnt.exe C:\PROGRA~1\McAfee.com\Agent\McDash.exe c:\program files\mcafee.com\shared\mghtml.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfConsole.exe C:\Documents and Settings\MMC\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe C:\Documents and Settings\MMC\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/mor...on/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmtrans.html O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Privacy Bar (HKLM) O9 - Extra button: Real.com (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: www.bluemountain.com O15 - Trusted Zone: www.hallmark.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...6/mcinsctl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25ee804b...p/RdxIE601.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...865.1383564815 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...19/mcgdmgr.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...13/mcfscan.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = earthlink.net O17 - HKLM\System\CCS\Services\Tcpip\..\{E047ACE1-209C-4BEA-B68D-83FBB985ADB5}: NameServer = 207.69.188.187 207.69.188.186 O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = earthlink.net O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 207.69.188.186,207.217.126.81 O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = earthlink.net O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 207.69.188.186,207.217.126.81 O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.69.188.186,207.217.126.81
__________________
When you have come to the edge of all light and are about to drop off into the darkness of the unknown-Keep the faith- Faith is knowing one of two things will happen: There will be something solid to stand on or you will be taught to fly. (Patrick Overton) |
|
#2
April 16th, 2004, 11:11 AM
|
||||
|
||||
|
Re: IE won't open, getting bounced from security forums,downloads
Hi Marja,
Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in. These easily get lost in a Temp folder. Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25ee804...ip/RdxIE601.cab Then reboot and you should be able to access the options again. Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#3
April 16th, 2004, 12:53 PM
|
||||
|
||||
Re: IE won't open, getting bounced from security forums,downloads
Quote:
Hello Pieter, Thanks for answering, I had a hard time getting back on the 'net, then I realized I didn't reboot,duh! Also, it is morning here and a dentist has my name on his drill  So, I just wanted you to know I will have to check back much later and not ignoring your help! I was wondering what in the world are all those name servers and addresses at the end? Thank you soo much for your time, next time I will remember to REBOOT!!
__________________
When you have come to the edge of all light and are about to drop off into the darkness of the unknown-Keep the faith- Faith is knowing one of two things will happen: There will be something solid to stand on or you will be taught to fly. (Patrick Overton) |
|
#4
April 16th, 2004, 02:23 PM
|
||||
|
||||
|
Re: IE won't open, getting bounced from security forums,downloads
Quote:
Those are the DNS servers of Earthlink Your requests to see an internet page go through those, where the urlīs (f.e. www.google.com) are translated into IP addresses (f.e. 64.233.167.99 ) Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
