jmkraft Premium Member join:2002-04-11 Paris, IL |
jmkraft
Premium Member
2003-Nov-28 9:32 am
IE Problem - HiJackThis LogI have been trying to solve this problem in this post this post » [IE6.x] IE will not work and am still having the same problem: Can sign onto dialup ISP but cannot surf the 'net (cannot ping anything either). I have tried Adaware, lspfix, winsockfix, cwshreader, trojanhunter, spybot, and using SFC/ scannow to repair IE6.x I also you ran through all the available suggestions in » Security » I think my computer is infected or hijacked. What should I do? (»I think my computer is hijacked. What should I do?) except for the online scans for obvious reasons. This problem started when I used Spybot to get rid of some search toolbars that my wife "accidentally" let load and then started receiving alot of pop-ups. When I came home last week for 2 weeks leave (I am in the Army and stationed in Saudi Arabia) I tried to fix it like I have hundreds of times (use spybot, delete off HHD, delete from registry) and now cannot use IE 6.x Attached is my latest hijackthis log if someone can help me. I am going back to SA in 4 days. Thanks |
|
SparrowCrystal Sky Premium Member join:2002-12-03 Sachakhand |
Sparrow
Premium Member
2003-Nov-28 9:45 am
Logfile of HijackThis v1.97.7 Scan saved at 6:07:20 AM, on 11/28/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\mgabg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\PDesk\PDesk.exe C:\WINDOWS\System32\kxmixer.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\TrojanHunter 3.7\TrojanHunter.exe C:\Documents and Settings\John\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centurytel.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurytel.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50039 R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\System32\kxmixer.exe --startup O4 - HKLM\..\Run: [DXXLFIVF] C:\WINDOWS\DXXLFIVF.exe O4 - HKLM\..\Run: [WZADG] C:\WINDOWS\WZADG.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 3.7\THGuard.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/x3ro1.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/sw.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab |
|
|
satburn Premium Member join:2003-06-03 Columbia, MO |
to jmkraft
O4 - HKLM\..\Run: [DXXLFIVF] C:\WINDOWS\DXXLFIVF.exe O4 - HKLM\..\Run: [WZADG] C:\WINDOWS\WZADG.exe
What are these???
Shooting off the hip, it would sound like a proxy setting issue. Since you can hook up to your ISP but can't go anywhere make sure something hasn't put a setting (that isn't normally there) under the LAN Settings under IE's connection options. |
|
SparrowCrystal Sky Premium Member join:2002-12-03 Sachakhand |
Sparrow
Premium Member
2003-Nov-28 10:21 am
I am not an expert with HT logs, but this can be removed: R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
I can not find anything on these two: O4 - HKLM\..\Run: [DXXLFIVF] C:\WINDOWS\DXXLFIVF.exe O4 - HKLM\..\Run: [WZADG] C:\WINDOWS\WZADG.exe
These are cab files - do you have any idea what they are for? O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - »www.netpaloffers.net/NetpalOffers/DMO1..
Please check this one form SmileyCentral O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - »imgfarm.com/images/nocache/funwebprodu.. SmileyCentralInitialSetup1.0.0.6.cab |
|
dp MVM join:2000-12-08 Greensburg, PA |
to jmkraft
No log expert but the following are troublesome. Kill the running process - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe More info on this at » www.safersite.com/PestIn ··· arch.aspLet HJT fix the following: R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe (belt.exe is Abetterinternet adware related) |
|
EGeezer Premium Member join:2002-08-04 Midwest |
to jmkraft
Re: IE Problem - DNS ?Could be you have a DNS issue - if you can ping a site by IP but not by url, outbound DNS requests may be blocked somewhere on your PC or at the ISP - (UDP port 53, sometimes TCP port 53). It's also possible inbound replys are being blocked. If you can PING a known IP address like one of yahoo.com's at 66.218.71.198 but can't PING www.yahoo.com or the DNS IPs in your IP config, that would be a good clue.
This could be caused by a firewall setting, your IP configuration or a login problem that would be something for your ISP to resolve.
I haven't seen it in dialup connections, but some very early firmware releases of Netgear routers had problems in this area. |
|
1 edit
1 recommendation |
to Sparrow
Re: IE Problem - HiJackThis LogIt is odd that Adaware could not fix some of these items. What is the latest ref. file you have for that?
You need to disable System Restore during the fixes if you have not done so already. (How to disable or enable System Restore in Windows XP) http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
After a scan with HiJackThis,first close all browsers and open windows, place an x in the box next to the following items and hit *fix checked*.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »totalinternet.snap.com:8005/channel/se..
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = »www.websearch.com/ie.aspx?tb_id=50039
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [DXXLFIVF] C:\WINDOWS\DXXLFIVF.exe
O4 - HKLM\..\Run: [WZADG] C:\WINDOWS\WZADG.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - »www.netpaloffers.net/NetpalOffers/DMO1..
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - »imgfarm.com/images/nocache/funwebprodu..
Next, restart your computer in Safe Mode If you don't know how to boot into safe mode, read this: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
Delete the following:
MyWebSearch (folder)
belt.exe (file)
Submit (but don't delete yet) the two following suspicious files to Adaware & Spybot for analysis: C:\WINDOWS\DXXLFIVF.exe C:\WINDOWS\WZADG.exe
http://www.lavahelp.com/submit/ submissions@spywareinfo.com
You may also send them to the list in the FAQ http://www.dslreports.com/faq/8428 ............... Reboot your PC back into normal mode, and run a fresh scan with HijackThis, post the log.
There may be some I missed and we need to find out what the two suspicious files are before proceeding on those (however, the fix above by HJT should have stopped them from running at startup). |
|
crane Premium Member join:2000-12-31 Sebastian, FL |
to jmkraft
It may not mean anything,but the last 3 entries in my "hijack" log are registry items pertaining to DNS servers and TCP/IP. I don't see any such thing in his log. Makes sense sorta... no internet.
I see alot of things in there I wouldn't be scared to delete. |
|
|
said by crane: It may not mean anything,but the last 3 entries in my "hijack" log are registry items pertaining to DNS servers and TCP/IP.
If you are speaking of the Downloaded Program Files (016- DPF)items, only two are spyware parasites that I have included in the list to fix above. O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - »www.netpaloffers.net/NetpalOffers/DMO1.. =FavoriteMan Parasite » www.doxdesk.com/parasite ··· Man.htmlO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - »imgfarm.com/images/nocache/funwebprodu.. =Identified by SpywareBlaster as FunWebProducts (spyware)The other two are harmless, but if deleted can just be downloaded again by the program when it is run. |
|
jmkraft Premium Member join:2002-04-11 Paris, IL |
to CalamityJane
I did what CJ suggested only the C:\WINDOWS\DXXLFIVF.exe and C:\WINDOWS\WZADG.exe were no longer there after deleting MyWebSearch and Belt.exe
New Log:
Logfile of HijackThis v1.97.7 Scan saved at 1:38:05 PM, on 11/28/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\mgabg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\PDesk\PDesk.exe C:\WINDOWS\System32\kxmixer.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\John\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centurytel.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurytel.net/ O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\System32\kxmixer.exe --startup O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.7\THGuard.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/sw.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab |
|
SparrowCrystal Sky Premium Member join:2002-12-03 Sachakhand |
to jmkraft
It looks like everything CJ said to get rid of is gone. That's the good news. Now, are you able to get back online yet? |
|
|
to jmkraft
You new log looks good jmkraft I don't see anything else malicious in there. |
|
dp MVM join:2000-12-08 Greensburg, PA |
to jmkraft
Kudos to CalamityJane , jmkraft , are you now able to surf and ping okay? |
|
1 edit |
to jmkraft
said by dp: are you now able to surf and ping okay?
I'm wondering that too, dp and Crystal Sky Since you only have a short time left at home, take just a little bit of time to secure that PC before you leave. Here are some great prevention tips and tools in a very nice short write up from TonyKlein So how did I get infected in the first place? » www.computercops.biz/pos ··· 736.htmlYou need to be sure to get the Windows Updates (all the critical ones if you don't have them yet). At least get the SpywareBlaster & SpywareGuard and make sure your wife knows how to update them and does that often (at least once a week to check for updates) Update your Adaware if you haven't done that. Get an Antivirus Program (I don't see one running?) You can find several free ones and some very good paid ones listed up in the updates Sticky at the top of the forum. I would also follow Tony's advice on some basic changes in your IE security settings (disable Active X and set to prompt or disable). |
|
jmkraft Premium Member join:2002-04-11 Paris, IL |
jmkraft
Premium Member
2003-Nov-28 4:47 pm
No, I still cannot surf yet. Any other ideas?
Thanks. |
|
|
What kind of error are you getting?
If you have tried IE repair and the LSPfix, have you tried uninstalling/reinstalling IE? |
|
jmkraft Premium Member join:2002-04-11 Paris, IL 1 edit |
jmkraft
Premium Member
2003-Nov-28 5:35 pm
The error is the "The page cannot be displayed" message. I cannot ping any sites, I cannot browse to any sites. All I can do is sign on to my dial-up internet connection.
My IE is set to auto detect settings, no proxy server. IE just quit working when I deleted MySearch, Hotbar, and 2 others that highjacked my browser
I have not tried uninstalling/reinstalling IE yet. |
|
anthrorules Premium Member join:2003-09-14 Rollinsville, CO |
Manually check your HOSTS file in Windows\System32\DRIVERS\etc and make sure that it is either blank or the nasties have been deleted.
Also, look in the Windows\Help folder to make sure that there are no HOSTS file in that folder.
Also, run the following command:
ipconfig/flushdns
in your command prompt.
Then double check your TCP/IP properties in your Dialup Adapter settings. Make sure that your Primary and Secondary DNS server settings have not been inadvertantly deleted or changed to something else that won't work.
Have you tried using another web browser to browse the web? |
|
jmkraft Premium Member join:2002-04-11 Paris, IL |
jmkraft
Premium Member
2003-Nov-28 7:50 pm
I did the ipconfig/flushdns No changes in the TCP/IP The only thing in the hosts file is: "127.0.0.1 local host"
No hosts files in the Windows\Help folder
I have no other browser (but I will d/l one right now to check it out.) |
|
jmkraft |
jmkraft
Premium Member
2003-Nov-28 8:55 pm
Netscape 7.1 did not work either |
|
anthrorules Premium Member join:2003-09-14 Rollinsville, CO |
I think it's time for a System Restore, if you have a clean restore point. And then start over. Sorry, that is the only advice I have... |
|
Zupe MVM join:2001-11-29 New York, NY |
to jmkraft
Did you try the suggestion Kramer posted in your other thread? |
|
jmkraft Premium Member join:2002-04-11 Paris, IL |
to anthrorules
I would like to thank everyone for their help. System Restore did the trick (I should have thought of that 2 days ago...). Now I get to clean the computer out again...
Thanks. |
|
dp MVM join:2000-12-08 Greensburg, PA |
dp
MVM
2003-Nov-29 7:51 am
said by jmkraft: I would like to thank everyone for their help. System Restore did the trick (I should have thought of that 2 days ago...). Now I get to clean the computer out again...
Thanks.
I take it that you are connecting and surfing okay now? Before you let Spybot remove anything this time can you post a screenshot of what it is flagging? |
|
|
to jmkraft
Hi jmkraft When you run the various programs to clean, just remember to keep fixed items in recovery (Spybot) and quarantine (Adaware) until you are sure the PC is running properly. They are rendered harmless in the backups but also anything that might be causing a problem when fixed can be restored and brought to the attention of the developers for a new fix if necessary. HiJackThis will also keep backups of anything fixed with that program automatically. Once the PC is clean and you are sure all programs are working properly you can then go back and remove the items Spybot/Adaware/HJT etc. have in those backups. Good Luck! |
|
CalamityJane |
to jmkraft
Also, be sure to get the latest updates for All of these: Spybot, Adaware, CWShredder - all have had recent updates added (Adaware had one just last night) and CWShredder had a new Ver. 1.37.0. Spybot last updated on Nov. 24th. |
|
jmkraft Premium Member join:2002-04-11 Paris, IL 1 edit |
jmkraft to dp
Premium Member
2003-Nov-29 8:38 am
to dp
I have already started getting rid of them the correct way (add/remove programs) It was the MySearch and Search Assistant toolbars that were causing the problems when spybot removed them (I had to restore again) They also did not let me turn on the generic firewall in XP and they were unchecked in the spybot scan (everything else was checked) I checked them, then hit fix selected items, and could not connect again until I did a sytem restore again. I will post the remaining entries in a sec. |
|
jmkraft |
to CalamityJane
Here is my new hijackthis log...
Logfile of HijackThis v1.97.7 Scan saved at 7:53:50 AM, on 11/29/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\mgabg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\PDesk\PDesk.exe C:\WINDOWS\System32\kxmixer.exe C:\Program Files\ClearSearch\Loader.exe C:\WINDOWS\System32\SahAgent.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\John\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centurytel.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurytel.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centurytel.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file) O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1311.dll O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\System32\kxmixer.exe --startup O4 - HKLM\..\Run: [DXXLFIVF] C:\WINDOWS\DXXLFIVF.exe O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [WZADG] C:\WINDOWS\WZADG.exe O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.7\THGuard.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Sidesearch (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O10 - Broken Internet access because of LSP provider 'lsp.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/x3ro1.cab O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/turbo.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/sw.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/ASH19108/ashton.cab O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www101.coolsavings.com/download/cscmv5X.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37819.8343402778 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A736FB9F-4F41-411E-B191-CF6103C02DC9}: NameServer = 209.142.136.85 209.206.199.16 |
|
crane Premium Member join:2000-12-31 Sebastian, FL |
crane
Premium Member
2003-Nov-29 11:54 am
said by crane: It may not mean anything,but the last 3 entries in my "hijack" log are registry items pertaining to DNS servers and TCP/IP. I don't see any such thing in his log. Makes sense sorta... no internet.
I see alot of things in there I wouldn't be scared to delete.
It was the last entry that was causing the "no internet" problem. See it there.... #017 |
|
jmkraft Premium Member join:2002-04-11 Paris, IL |
jmkraft
Premium Member
2003-Nov-29 12:00 pm
Does that (O17 - HKLM\System\CCS\Services\Tcpip\..\{A736FB9F-4F41-411E-B191-CF6103C02DC9}: NameServer = 209.142.136.85 209.206.199.16) have anything to do with MySearch and Search Assistant toolbars? When I did the add/remove programs with those 2, then used spybot and adaware for the rest, I kept my internet connection. |
|