system problems

hi, i couldn't find my last post to add this to it. my internet is still bugged with something (accoount:blank). i've tried everything. i can't get a firewall set up. maybe that's what i need. here's my log. please help. thanks.

Logfile of HijackThis v1.97.7
Scan saved at 8:30:23 AM, on 5/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Bill Good Marketing\Gorilla\b2.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ryan Norr\Local Settings\Temp\Temporary Directory 19 for hijackthis1977.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mcahddc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mcahddc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mcahddc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mcahddc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mcahddc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mcahddc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C17B772-AC36-4CF7-9DA4-F5F6706238DD} - C:\WINDOWS\System32\mcahddc.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38098.3580787037
O16 - DPF: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_04) - https://www2.myofficeonline.com/downloads/jinstall-1_3_1_04-win.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E173E8-0001-41AD-9080-8276320F9DA4}: NameServer = 206.13.30.12,206.13.29.12

 

Hi rufio12,

Can you please download :

http://tools.zerosrealm.com/dllfix.exe

Open and install it in a folder on your C drive

Click on start.bat and choose option 1

A txt file called 'output.txt' will be created in the folder you installed dllfix in

Copypaste complete contents of output.txt here pelase

Thnx

Cheers,

 

here's the "output" log. thanks.

--==***@@@ FIND-ALL' VERSION 5.2 -5/18 @@@***==--

Thu 05/20/2004
12:50 PM

System Info:

Microsoft Windows XP [Version 5.1.2600]
C: "" (906F:ADDE) - FS:NTFS clusters:4k
Total: 79 957 946 368 [74G] - Free: 69 484 138 496 [65G]


*IE version and Service packs:
6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;SP1;Q837009;Q832894;Q831167;

*Google Toolbar version and Attributes:
2.0.108.0 C:\Program Files\google\googletoolbar1.dll
Defaults: "A" ;"R"
File not found - C:\Program Files\google\googletoolbar2.dll
A R C:\Program Files\google\GoogleToolbar1.dll

*UserAgent:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


*Wmplayer version:
8.0.0.4490 C:\Program Files\Windows Media Player\wmplayer.exe
6.4.9.1125 C:\Program Files\Windows Media Player\mplayer2.exe

*M$Java version:


*PC uptime:
12:50am up 17 days, 3:26
Locked or 'Suspect' file(s) found...
\\?\C:\WINDOWS\System32\HLPHP.DLL +++ File read error
\\?\C:\WINDOWS\System32\HLPHP.DLL +++ File read error


*List of top level windows:
HWND PID PRIO TITLE
16f01fe 3928 norm SysFader
200ea 3928 norm CiceroUIWndFrame
4500b2 3928 norm _Shell_TrayWnd
1880490 112 norm SysFader
770614 1240 norm SysFader
2603ba 2292 norm Cancel Changes
20502ee 1240 norm SysFader
1390242 1240 norm SysFader
1013e 368 norm CiceroUIWndFrame
10130 368 norm TF_FloatingLangBar_WndTitle
10026 680 high NetDDE Agent
12a0244 2832 norm CiceroUIWndFrame
12101a2 2832 norm CiceroUIWndFrame
2f00226 1240 norm CiceroUIWndFrame
1a001b0 1240 norm CiceroUIWndFrame
3300306 1240 norm CiceroUIWndFrame
16202da 1240 norm CiceroUIWndFrame
54055c 1240 norm CiceroUIWndFrame
8f0632 1240 norm CiceroUIWndFrame
47007d2 112 norm CiceroUIWndFrame
1e00588 112 norm CiceroUIWndFrame
560048a 2832 norm Send
11401ba 2368 norm C:\WINDOWS\System32\cmd.exe
16801d6 3480 norm OfficeWatson
b0162 1240 norm Wilders Security Forums - system problems - Microsoft Internet Explorer
10e006e 3928 norm dllfix
50172 3928 norm Acrobat IEHelper
2d3038c 2292 norm _Static
3550370 2292 norm Gorilla 2.15 - [Scheduler]
22803da 2292 norm Baseline 2.1
3508ce 2832 norm Text
4d08aa 2832 norm Text
1a08ec 2832 norm Text
5c0908 2832 norm Synonym
210858 2832 norm Synonym
380916 2832 norm Synonym
12901e6 2832 norm Microsoft Word
3108c4 112 norm MCI command handling window
5708f6 112 norm IMMIF UI
48a0512 112 norm DDE Server Window
26f0528 112 norm Acrobat IEHelper
16f05a2 3400 norm AdbeAcroFocusWatch
14d059c 1240 norm session Window
233062a 1240 norm session Window
a305a6 1240 norm AdbeAcroFocusWatch
28c067e 1240 norm transport Window
2460664 1240 norm IMMIF UI
233066a 3400 norm session Window
e305d4 3400 norm DDE Server Window
9e065c 3400 norm Font Capture
11d05fe 3400 norm transport Window
17e05a0 3400 norm Adobe Reader
1830606 1240 norm Acrobat IEHelper
120128 3860 norm Notification Wnd for RNAdmin
1fa02d0 1240 norm IMMIF UI
42103e6 1240 norm Acrobat IEHelper
16018e 636 norm _Static
c0194 636 norm Gorilla 2.15
3101d8 636 norm Baseline 2.1
1a901d4 1240 norm MCI command handling window
f601be 1240 norm IMMIF UI
d40190 1240 norm DDE Server Window
11a01a4 1240 norm Acrobat IEHelper
295034e 3928 norm MCI command handling window
3300332 3928 norm PrintUI_QueueCreate
6004c 3928 norm Connections Tray
5004e 3928 norm Power Meter
5002c 3928 norm MS_WebcheckMonitor
156018c 2832 norm DDE Server Window
27017c 2960 norm VirusScan Console
b603b4 3276 norm VSHWKMON_ReceiverWndProc
3c01aa 2164 norm VShieldWin_Class
500ca 3276 norm VirusScan Status
500cc 3276 norm NAI_VS_STAT
90068 3708 norm VirusScanSynchMgrClass
2302a4 3920 norm NotifyAlert
2101d2 3920 norm WindowsFormsParkingWindow
2a0138 3920 norm Hidden NotifyIconTarget Window
260134 3920 norm .NET-BroadcastEventWindow.1.0.5000.0.3
20120 2376 norm Auto Update Client Window
10142 380 norm DLBKBMON
10114 1564 norm Dell Media Experience
1011a 1936 norm DLBKBMGR
10116 1764 norm Music Match Tray Applet
10110 1860 norm Support
1010c 1548 norm HkWndName
20044 1540 norm dlbk POR Monitor
6002a 1540 norm LEXLMPM
10066 1604 norm
10064 1604 norm LexPPS BCE Comm Window
1e0294 3920 norm GDI+ Window
162025e 1240 norm Bill Good Marketing >> SYSTEM USERS ONLY - Microsoft Internet Explorer
90690 1240 norm http://www.billgood.com/docs/downloads/Isom_Landis_News_100603.pdf - Microsoft
12c04a0 112 norm ESPN.com - Microsoft Internet Explorer
200e6 3928 norm Program Manager
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C17B772-AC36-4CF7-9DA4-F5F6706238DD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{00475AC7-0270-4A97-8831-5F1388937149}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{00475AC7-0270-4A97-8831-5F1388937149}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/xml]
"CLSID"="{807553E5-5146-11D5-A672-00B0D022E945}"

*Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Users
(IO) ALLOW Read BUILTIN\Users
(NI) ALLOW Read BUILTIN\Power Users
(IO) ALLOW Read BUILTIN\Power Users
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM