MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Unable to open any web page
April 04, 2020, 12:36:05 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 04, 2020, 12:36:05 PM

Login with username, password and session length
 Featured Sites:
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Unable to open any web page  (Read 2617 times)
mhuffaker
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« on: November 11, 2004, 11:27:58 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: XP Home ed.
Problem Application Name & Version: MS IE 6.0
Problem Hardware Make & Model:
Error Messages:

"The page cannot be displayed"  Unfortunately, I can see that the URL that I am entering is getting attached to the end of a new URL that some script or other program is entering in the Address bar and attempting to run.  The URL reads:

   "http://dw.dailywinner.net/securenet/affil/?URL="

For example, if I start up IE with my "Home" website, which is www.google.com, the offending script/program (above) will attach itself to my "Home" webpage:

   "http://dw.dailywinner.net/secuenet/affil/?URL=www.google.com"

Of course, this URL does not exist, so the browser gives me "The page cannot be displayed" error message.  The offending script/program then appends (to the beginning) of the URL another "http://dw.dail.....etc." and continues to do so in a looping feature that the offending script/program runs.  So I am forced to open Task Manager and End Process the iexplorer.exe process before I am able to regain control of my computer.

Obviously, a member of the family has clicked OK when prompted by the firewall, allowing this "dailywinner.net" script/program to install and run.  I have attempted to delete any references or exe's that I am not familiar with that do not match with what I have already installed.  I routinley go over the normal processes that I have allowed in on the machine, so I feel quite comfortable with which applications should be running and which are "foreign" to the system.

As for the software that I run, I have the free version of Kerio Personal Firewall, Engine version 2.1.5.  So the firewall had to of asked my family member first, and that person allowed the "dailywinner.net" in.

Lastly, I have read some of the other posts and followed the advice of the administrators and ran HijackThis.  I have attached the log file from that eval.

Logfile of HijackThis v1.98.2
Scan saved at 3:24:03 PM, on 11/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\NeroBurning\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Documents and Settings\Matt\My Documents\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\Program Files\se\v11\se.DLL (file missing)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - (no file)
O2 - BHO: Invisible Class - {7DD896A9-7AEB-430F-955B-CD125604FDCB} - C:\WINDOWS\System32\vernn16.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Program Files\Toolbar\toolbar.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin\apuc.dll (file missing)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Rebecca\Local Settings\Temp\4rJ.dll (file missing)
O2 - BHO: FavoriteMan Class - {EBBD88E5-C372-469D-B4C5-1FE00352AB9B} - C:\WINDOWS\System32\mmview_101.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - (no file)
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [InCD] C:\Program Files\NeroBurning\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [okmgpqda] C:\WINDOWS\System32\blyxxabk.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [s4QzShr] C:\documents and settings\rebecca\local settings\temp\s4QzShr.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\Rebecca\LOCALS~1\Temp\svcmm32.exe" /startup
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [s4QzShr.exe] C:\documents and settings\rebecca\local settings\temp\s4QzShr.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\DOCUME~1\Rebecca\LOCALS~1\Temp\cxtpls_loader.exe" /HideUninstall /HideDir /PC=CP.RAZR /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [180ax] c:\docume~1\rebecca\locals~1\temp\180ax.exe
O4 - HKLM\..\Run: [BCPC] "C:\Program Files\Bcpc\bcpc.exe"
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Matt\LOCALS~1\Temp\bundle.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\quickenw\bagent.exe
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - (no file)
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/diamond.cab
O16 - DPF: {EBBD88E5-C372-469D-B4C5-1FE00352AB9B} (FavoriteMan Class) - http://fad-407.mtl4.targetnet.com/ad/id=zaxa&opt=htj&pt=13725061017515921167&pfin=N94LKITJIG5I&cv=210&uid=1379226926&url=http://www.ouchvideo.com/mmviewer_101.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)

If there is anything else please feel free to ask.

Thanks,

Matt



« Last Edit: November 12, 2004, 12:37:42 AM by benditup » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: November 12, 2004, 12:48:14 AM »

Hi Matt, Access your Add/Remove Programs and Remove if found

WebSearch Toolbar
WebSearch Tools
Search Assistant
WinTools or Win-Tools Easy Installer


Restart your computer, don't restart until you have removed all the above, even if prompted to do so, try to uninstall them in the order I gave you

Once back in windows
Access your Add/Remove programs again
Look for and Remove any of these
ShopatHome
BullsEye Network

Restart your computer again if anything removed

After the above is done, could you please download these 2 spyware removers, both are yours to keep and hang onto, for free

===Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or later
If you don't have this verision, uninstall yours and install this one
After installation-CHECK FOR UPDATES
Do a Full system scan----Remove All Critical objects, right click in the pane and select All objects
RESTART your computer to finish the cleaning process

Once back in Windows
Download and Install Spybot S&D 1.3
After installation--SEARCH FOR UPDATES
Download all updates
Check for Problems---FIX everything in RED
Restart your computer again to Finish the Cleaning process

Post back a fresh hijackthis log afterwards

Could you also let me know if you have any Anti-Virus Software that you can install on your computer
If not we can find you a very good free version, we will want to get your log clean first though....
Logged

 
mhuffaker
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #2 on: November 15, 2004, 12:13:22 AM »

benditup,

I really appreciate your help.  I was getting tired of trying to figure out where the problem(s) was(were).

I followed your steps (downloaded & ran the freeware).  Ran the HijackThis and got this log:

Logfile of HijackThis v1.98.2
Scan saved at 3:50:34 PM, on 11/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\NeroBurning\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Matt\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [InCD] C:\Program Files\NeroBurning\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [s4QzShr] C:\documents and settings\rebecca\local settings\temp\s4QzShr.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\Rebecca\LOCALS~1\Temp\svcmm32.exe" /startup
O4 - HKLM\..\Run: [s4QzShr.exe] C:\documents and settings\rebecca\local settings\temp\s4QzShr.exe
O4 - HKLM\..\Run: [180ax] c:\docume~1\rebecca\locals~1\temp\180ax.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\quickenw\bagent.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab

Unfortunately, I have tried connecting to www.google.com after all was complete, but I am still getting "The page cannot be displayed" error message.  I tried changing the "Home Page" address in the Tools/Internet Options menu to another website, but to no avail.  Any thing else or other options I can do?

Also, I noticed that three log entries are files or registry entries that I believe to be "foriegn" in my system.  They are:

O4 - HKLM\..\Run: [s4QzShr] C:\documents and settings\rebecca\local settings\temp\s4QzShr.exe

and

O4 - HKLM\..\Run: [s4QzShr.exe] C:\documents and settings\rebecca\local settings\temp\s4QzShr.exe

and

O4 - HKLM\..\Run: [180ax] c:\docume~1\rebecca\locals~1\temp\180ax.exe

Lastly, I do not have any Anti-Virus Software for the computer that is giving my trouble.  I would love to get my hands on it!

Thanks again for all your help,

Matt Huffaker
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: November 15, 2004, 09:45:30 AM »

Hi
Its best to run HJT in its own folder and not on the desktop.

Make sure you have already run Adaware, Spybot S & D(check for updates) and  as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then.....
Turn off your System Restore. http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405] See Here.Reinstate it and create an new restore point when your log is cleaned.Close your browser window and run hjt in safe mode... http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam] How To Run Safemode  and have "Hijack This" fix the following by placing a check in the appropriate boxes and selecting "fix checked". Files highlighted in BLACK will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders..www.xtra.co.nz/help/0,,4155-1916458,00.html] How To Show Files .Please post a new log when finished...

O4 - HKLM\..\Run: [s4QzShr] C:\documents and settings\rebecca\local settings\temp\s4QzShr.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\Rebecca\LOCALS~1\Temp\svcmm32.exe" /startup
O4 - HKLM\..\Run: [s4QzShr.exe] C:\documents and settings\rebecca\local settings\temp\s4QzShr.exe
O4 - HKLM\..\Run: [180ax] c:\docume~1\rebecca\locals~1\temp\180ax.exe
Logged

An Australian Member of

EDDY
mhuffaker
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #4 on: November 20, 2004, 11:48:18 PM »

Pancake,

I have followed your advice and here is the new log as you requested:

Logfile of HijackThis v1.98.2
Scan saved at 3:14:49 PM, on 11/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Matt\My Documents\hjt\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [InCD] C:\Program Files\NeroBurning\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\quickenw\bagent.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

Unfortunately, I am still receiving the same message, "The page cannot be displayed".  The link that it is trying to connect to is:
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=mshome

If I type in "www.cnn.com" I get the following error dialog box:
"Internet Explorer could not open the search page." - Could I have deleted IE's ability to 'search'?

I hope this helps you in diagnosing my problem.

Thanks,

Matt
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: November 21, 2004, 12:09:34 AM »

Its not a bug because you log is clean.Try an IE6 repair.
http://www.theeldergeek.com/repair_reinstall_ie_and_oe_6.htm

You could also try clearing out all your temp and temp internet files
Logged

An Australian Member of

EDDY
mhuffaker
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #6 on: November 21, 2004, 01:24:50 AM »

Unfortunatey, I was unable to fix the problem by reinstalling IE6.  I have cleared the temp internet files and offline content, but I am getting the same error message.

I read through The Elder Geek page and am starting to believe that the next step is format c:!!!!  I hope not.  If you have any other ideas, I will definitely try them.

Matt
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: November 21, 2004, 02:36:02 AM »

The only thing I can think of is to move to FireFox browser,as many are doing,as a tempory fix and then post the problem in the Internet forum and see if they can help.Also just check back over that last postings and make sure all the files that where listed have been removed.
Logged

An Australian Member of

EDDY
mhuffaker
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #8 on: November 25, 2004, 08:16:53 AM »

Well, I tried to work on this problem a little more by running Ad-ware and Spybot one more time.  They found 17 more issues since their last cleaning.  After a final reboot, I was still getting the error message, so I tried turning off my firewall (Kerio Personal Firewall) and tried to connect.  Amazingly, I was able to connect to all the sites I tried to connect to!  So, correct me if I am wrong, I am going to uninstall (Remove Programs) Kerio and reinstall so that I have a fresh, good working firewall that will allow me to enter the Internet without problems.

Benditup and Pancake, thank you for your time and advice.  I could not have done this without you.  In the end, I found out a lot about "cleaning systems" and will develop a routine where I frequently search for ad-ware and scripts running on my system(s).  You each have taught me lots of good information.

Lastly, Benditup, in an above post you mentioned that you could direct me to free anti-virus software, if you could point me to a website or two, I would be greatly appreciative.

Again, thanks to you both for your help,

Matt
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: November 25, 2004, 08:24:18 AM »

Benditup is not here but this is the one he ment and it is good.

http://www.majorgeeks.com/download886.html
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 26, 2018, 10:20:30 PM