Jump to content


Photo

Internet Explorer Problems


  • This topic is locked This topic is locked
4 replies to this topic

#1 tutti08

tutti08

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 27 October 2005 - 10:52 PM

I am running Windows Xp Pro SP2, on a 900 Megahertz AMD Duron. I tried to update some of my spyware and anti-virus files and found out I could connect to the internet, but it wouldn't allow me to access any pages. It kept popping up with "page cannot be displayed" and the usual stuff below it that I checked. My connection, my security and all that I tried to no avail. I ran Av Personal anti-virus, Ad-Aware, Spybot, Trojan Horse and all came up negative. My usual homepage is sympatico.msn.ca. I had Zone Alarm, but deleted it and am now just using the Windows Firewall.

I also have Mozilla and this is a backup when IE doesn't work and it is telling me
"The connection was refused when attempting to contact the proxy server you have configured. Please check your proxy settings and try again."

I am not that computer savvy, but I don't remember doing anything that involved the proxies.

If someone can please have a look at my Highjack log and let me know where I am going wrong, and where I can clean up all the garbage I have collected over the past year. Oh and what basic running processes I can cut so I can save some time.

Thanx in advance,

Logfile of HijackThis v1.99.1
Scan saved at 11:40:29 PM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Turbo2Dialup\slipaccel.exe
C:\Program Files\WINZIP\WZQKPICK.EXE
C:\Program Files\Office Suite3.0\program\soffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Highjack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1:5400;*windowsupdate.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;download.mcafee.com;*.phobos.apple.com;localhost;localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Turbo2Dialup\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Startup: Office Suite 3.0.lnk = C:\Program Files\Office Suite3.0\program\quickstart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Turbo2Dialup Web Accelerator.lnk = C:\Program Files\Turbo2Dialup\slipaccel.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Turbo2Dialup\slipaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Turbo2Dialup\slipaccel.exe/227
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Freecell Solitaire - http://presence.game...og/y/fs10_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivil...ve/makeover.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?325
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F454741-E9C8-470A-B6A3-5F1B9EE72D3C}: NameServer = 66.38.192.233 66.38.192.231
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#2 qba11

qba11

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 28 October 2005 - 06:27 AM

Give this a try

Click Start -> Run and enter cmd in the open program box.
When this command line program opens do the following:
Type: netsh int ip reset c:\iplog.txt and hit enter
Type: ipconfig /flushdms and hit enter
Type: exit and hit enter
Reboot your system and try to connect again

Rgds
"Q"

Please disregard advice from untrained member. cnm

Edited by cnm, 28 October 2005 - 09:37 AM.


#3 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 28 October 2005 - 09:16 AM

qba11, Please see The various helper groups here. Do join the team if you want to post help, we'd love to have you with us. :)

tutti08, Your proxy settings do look odd; especially the Symantec and McAfee entries when you are not running either one, but have AVG instead. Symantec may have come with your HP and is notoriously difficult to uninstall completely.

Look in Control Panel, Add/Remove Programs, and uninstall if you find either Norton (Symantec) or McAfee present.

Make sure HijackThis is set to make backups (Misc Tools->Config) in case we make a bad move.

Scan, mark the boxes next to these, close all other windows, then click Fix Checked.
After that, Reboot..

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1:5400;*windowsupdate.microsoft.com;*windowsupdate.com;download.microsoft.com;
codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;
liveupdate.symantec.com;download.mcafee.com;*.phobos.apple.com;localhost;localhost;<local>


Let us know if that helps, and post a new log here please.
It would also be a good idea to ask your ISP how your IP configuration should be set.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#4 qba11

qba11

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 31 October 2005 - 11:18 AM

I would love to join but since I seem to be "untrained" you folk don't have much in the way of motivational language. I would rather pass.

I do apologise for not taking the time to read the post in full (was on lunch taking a break from teaching Windows XP to a class) Proxy settings look up the left and

Yes I did misspell one command it should be ipconfig /flushdns but either way none of the advice could do any damage to this PC.

I think in the future as an administrator of a forum you should think about what way you decide to put the technical abilities of someone who is trying to help across. A message along the lines of what you entered below mine just discredits the advice and even if I was to join the team how much credit would be given to any advice I give anyway?

Just a thought for future posts. Again apologies for this rant but you do not know my qualifications so you are in no place to call me untrained.

#5 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 31 October 2005 - 11:23 AM

We do not want people posting help with the HijackThis logs unless they have been trained here and we know them.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button