Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Internet Explorer Help

Started by AneX , Jan 05 2004 02:38 PM

  • Please log in to reply
1 reply to this topic

#1 AneX

AneX

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 05 January 2004 - 02:38 PM

Im having a problem with my internet explorer connecting to the internet when im on aol, it says RES://C:/windows/system/shdoclc.dll/dnserror.htm#http://www.google.com and loads a page cannot be displayed but when im not on aol it works <_< . Iv'e ran norton utilities 2004, kaspersky anti virus, ad-ware, spybot, spy hunter, i've called aol and im getting the run around, iv'e tried reinstalling aol, and reinstalling ie6sp1 but it wont cause it says something about security sertificate hasnt been approved for windows xp, lol. I had to change the ie settings in regedit from 1 to 0 just so the install wouldnt say i have a rewer version of ie on my system. Can someone help me please?


my hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 2:03:31 PM, on 1/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Windrop\eggdrop.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\mIRC\mirc.exe
C:\PROGRA~1\Serv-U\SERVUA~1.EXE
C:\PROGRA~1\Serv-U\SERVUT~1.EXE
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\PROGRA~1\NETPUM~1\NETPUM~1.EXE
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\America Online 7.0\waol.exe
C:\warpedserver\warpedserver.exe
C:\warpedserver\warpedclicker.exe
C:\Program Files\Outlook Express\msimn.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\AneX.Ownz.Jen\Application Data\Mozilla\Profiles\default\zlbz1flz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\AneX.Ownz.Jen\Application Data\Mozilla\Profiles\default\zlbz1flz.slt\prefs.js)
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ServUTrayIcon] C:\PROGRA~1\Serv-U\SERVUT~1.EXE
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O4 - Startup: Shortcut to eggdrop.lnk = C:\Windrop\eggdrop.exe
O4 - Startup: Trillian.lnk = ?
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7987.8274305556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D647C94E-0207-4FD3-85B0-B56D341DD7E6}: NameServer = 205.188.146.146

Edited by AneX, 05 January 2004 - 02:42 PM.

    Advertisements

Register to Remove

#2 Budfred

Budfred

    Malware hound

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts
  • Interests:++

Posted 10 January 2004 - 04:36 PM

Hello, sorry for the delay in getting a response. First thing to look at is that you are running HJT from a Temp folder. This means that any changes you make will not be restorable. It is a good idea to extract HJT to a folder such as C:\Documents or another folder you create such as C:\HJT... That said, you have a pretty clean log. There are a few items that look suspicious and if you get HJT into a permanent folder, you can fix them and then Restore later if that causes a problem... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file) O4 - Startup: Shortcut to eggdrop.lnk = C:\Windrop\eggdrop.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{D647C94E-0207-4FD3-85B0-B56D341DD7E6}: NameServer = 205.188.146.146 The other thing you can do is to run one or more of the online virus scans to see if they are able to find and fix anything. I have links for 2 at the bottom of this post. Once you are done, please reboot and run HJT again, then open your browser and post the new log here....
Budfred

Post a complaint about malware here!!

MS MVP 2006 and ASAP Member since 2004

"So how did I get infected in the first place?"

Related Topics

Back to What the Heck? · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Discussion
  3. What the Heck?
  4. Privacy Policy
  5. Terms of Use ·