Problem accessing web sites with XP

Discussion in 'adware, spyware & hijack cleaning' started by Hucklebey, Jan 4, 2004.

Thread Status:
Not open for further replies.
  1. Hucklebey

    Hucklebey Registered Member

    Joined:
    Jan 3, 2004
    Posts:
    8
    I run Spybot S&D and Adaware all of the time and have never found anything, but Dan said that Hijack This will sometimes pick up something that they miss, so I'm posting my log.
    I have XP Home Edition and a dial-up modem.
    After computer has been on for quite a while, I can connect with my ISP, but I can't access web sites. I get a "network problem" message. If I reboot, the problem is solved, temporarily. I leave the computer on all day and turn it off at night. I always have to reboot at least once a day, sometimes more often to correct this. Don't have this problem with my Win98 computer, so it appears to be an XP "thing".

    Logfile of HijackThis v1.97.7
    Scan saved at 11:43:56 PM, on 1/3/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\SK9910DM.EXE
    C:\WINNT\GWMDMMSG.exe
    C:\WINNT\System32\hkcmd.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Eraser\eraser.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\WINNT\system32\notepad.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/My%20Documents/opera723%20HTML%20List.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.gateway.net/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
    O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -CC
    O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.belarc.com
    O15 - Trusted Zone: http://cartalk.cars.com
    O15 - Trusted Zone: http://login.mail.eudoramail.com
    O15 - Trusted Zone: http://www.hgtv.com
    O15 - Trusted Zone: http://www.langalist.com
    O15 - Trusted Zone: http://www.opera.com
    O15 - Trusted Zone: http://*.windowsupdate.com
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37954.3772222222
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Hucklebey,

    Nothing that would cure that problem I think.
    Before you fix anything unzip HijackThis to a separate folder please. It can not make backups in the Temp folder you are running it from now.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

    Then reboot.

    Regards,

    Pieter
     
  3. Hucklebey

    Hucklebey Registered Member

    Joined:
    Jan 3, 2004
    Posts:
    8
    Pieter
    Unzipped hijackthis and installed it in its own folder. I knew I was supposed to do that, but when I double-clicked it nothing happened. Usually, when I double-click a downloaded zip file, it automatically unzips. This didn't, so I wasn't sure what to do. I did finally figure it out.

    I removed the two items you suggested.

    Should I repost a new hijackthis log?

    I noticed that several "Trusted Zone" items showed up on my hijackthis log, and I've never seen that in other logs. Is that normal?

    I had no idea what BHO was, so that sent me off on a whole new learning experience. So much to learn, so little time. :p

    Speaking of time, how do all of you find the time to do all that you do?
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Hucklebey,

    The sites in your trusted zone are trustworthy. Several would show up in my log too.
    The reason you see them very little in other logs is a sad one. The default security settings for the internet zone are low enough, for the sites to work properly.
    You probably raised your security settings and had to add a few sites to the trusted zone (highly recommended).

    I don't need to see a new log, unless you encountered some surprise, when you ran HijackThis again.

    Regards,

    Pieter

    PS If you know of a place where I can find more time, let me know. ;)
     
Thread Status:
Not open for further replies.