Unsolved
This post is more than 5 years old
1 Rookie
•
5 Posts
0
2513
October 27th, 2004 13:00
Ad-aware/McAfee/Blocked web sites
I have a frustrating and odd problem that I'm hoping someone can help with. I apologize for the lengthy description.
A few days ago my anti-virus software (McAfee) caught a virus and "cleaned" it while I wasn't home, but I saw the message when I returned that it was cleaned. Unfortunately I didn't make note of the name because I assumed it was taken care of. Just to be on the safe side, I ran Ad-aware and it came up with a "Possible Hijack Attempt" and made reference to a location in my registry files. I used Ad-aware to delete it and moved on. Then I opened IE and noticed that my home page was reset to
www.msn.com and it is usually blank. No biggie, I fixed it in settings. Then I tried to go to a site where I do quite a bit of chatting. The site wouldn't load. I assumed it was a problem with the site but over the next few days discovered that other friends were chatting just fine, however I still could not load the site. I ran Ad-aware again just out of curiosity and it came up with the same "Possible Hijack Attempt" in the same registry area. I delete it, but every time I restart my computer it comes back and my home page resets to
www.msn.com. McAfee Antivirus detects nothing. I'm not having trouble loading any other sites, but I still can't load my chat site. It doesn't display as "site not found" but instead just loads the page frame/border as if it's going to load and then just stops as if it's having trouble going all the way through the load. I checked my hosts file and they seem to be okay. I think something may have happened in my registry, but I'm not sure why it would pick this one obscure chat site as something to be blocked when I'm not having trouble loading any other pages.
On a side note, I'm not having any trouble loading the chat site at work or on my laptop. I'm not sure what the heck is going on. Anyone have any suggestions on how to fix this? I've been trying a variety of things for three days and I'm on the verge of reinstalling the OS which I do NOT want to have to do. Many thanks in advance to anyone that can offer some insight.
Josh
No Events found!
joshgaris
1 Rookie
•
5 Posts
0
October 27th, 2004 13:00
I'll try FireFox when I get home later this evening, but wouldn't that be running off the same Internet settings that IE does? Even so I'd rather correct the problem rather than mask it. The more forum posts I read about the same type of issues the more I think it's a registry problem. I'm also going to try Hijackthis later this evening and I'll post the log. Maybe someone can help with that? Thanks.
-j-:smileymad:
jamez kann
860 Posts
0
October 27th, 2004 13:00
jamez kann
860 Posts
0
October 27th, 2004 13:00
jamez kann
860 Posts
0
October 27th, 2004 17:00
joshgaris
1 Rookie
•
5 Posts
0
October 27th, 2004 20:00
Here are the results of the HijackThis scan. Any ideas?
Logfile of HijackThis v1.97.7
Scan saved at 5:30:36 PM, on 10/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QUICKENW\QAGENT.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\mrtMngr.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Josh\Desktop\HijackThis.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1,0,0,7/McUpdatePortal.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4400/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17D19E4F-A9C8-48CC-BBF2-9128240D5543}: NameServer = 151.201.0.39 151.201.0.38
O17 - HKLM\System\CS3\Services\Tcpip\..\{17D19E4F-A9C8-48CC-BBF2-9128240D5543}: NameServer = 151.201.0.39 151.201.0.38
jamez kann
860 Posts
0
October 28th, 2004 06:00
joshgaris
1 Rookie
•
5 Posts
0
October 28th, 2004 11:00
There is a pop-up blocker built in to winXP service pack 2 but it's not just the chat messenger that's being blocked, it's the entire web site. Besides, I've added the site to all the lists I could find to allow cookies and allow pop-ups just to be on the safe side.
I updated java software from java.com and I downloaded FireFox. Here is what I've discovered after much experimentation last night.
1. I don't have this problem when using FireFox. That said, I still want to know what the deal is with IE.
2. Every time I run Ad-aware it picks up the same data miner in my registry. I clean it, but it keeps coming back. What's the deal? It says it's in my registry and here is what it says: Object: HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Mail"Start Page" ("about:blank")
jamez kann
860 Posts
0
October 28th, 2004 12:00
http://www.bleepingcomputer.com/forums/topict956.html
http://www.bleepingcomputer.com/forums/tutorial42.html
http://homepage.ntlworld.com/dvk01uk/hjttut.htm
http://www.geekstogo.com/forum/index.php?showtopic=61
http://www.richardthelionhearted.com/~merijn/htlogtutorial.html
Message Edited by jamez kann on 10-28-2004 08:52 AM