Start a Conversation

Unsolved

This post is more than 5 years old

L

153

October 5th, 2005 05:00

what do i delete on hijack this -- PLEASE HELP

​ Ive been having problems with my internet explorer. I am unable to log-into some of my online accounts, whenever i try instead of letting me log-in the page just refreshes. I have ran spybot, avg, ad-aware and hijack this. Im not exactly sure what the problem is but here is my log from hijack this. I dont know what to delete so if someone could help me out i would appreciate it greatly. I would also appreciate any other ideas as to why this might be happening. ​
​ ​
​ Running processes: ​
​C:\WINDOWS\System32\smss.exe ​
​C:\WINDOWS\system32\winlogon.exe ​
​C:\WINDOWS\system32\services.exe ​
​C:\WINDOWS\system32\lsass.exe ​
​C:\WINDOWS\system32\svchost.exe ​
​C:\WINDOWS\System32\svchost.exe ​
​C:\WINDOWS\Explorer.EXE ​
​C:\WINDOWS\system32\spoolsv.exe ​
​C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe ​
​C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe ​
​C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe ​
​c:\program files\mcafee.com\agent\mcdetect.exe ​
​c:\PROGRA~1\mcafee.com\vso\mcshield.exe ​
​c:\PROGRA~1\mcafee.com\vso\OasClnt.exe ​
​c:\PROGRA~1\mcafee.com\agent\mctskshd.exe ​
​c:\program files\mcafee.com\vso\mcvsshld.exe ​
​C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe ​
​c:\progra~1\mcafee.com\vso\mcvsescn.exe ​
​C:\WINDOWS\system32\svchost.exe ​
​C:\WINDOWS\system32\rsvp.exe ​
​C:\WINDOWS\system32\hkcmd.exe ​
​C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe ​
​C:\Program Files\Dell\Media Experience\PCMService.exe ​
​C:\Program Files\Real\RealPlayer\RealPlay.exe ​
​C:\PROGRA~1\mcafee.com\agent\mcagent.exe ​
​C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe ​
​C:\PROGRA~1\VISION~1\ONETOU~2.EXE ​
​C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe ​
​C:\PROGRA~1\mcafee.com\mps\mscifapp.exe ​
​C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe ​
​C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE ​
​C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe ​
​C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe ​
​C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe ​
​C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe ​
​C:\Program Files\Yahoo!\Messenger\ypager.exe ​
​C:\Program Files\Dell Support\DSAgnt.exe ​
​C:\Program Files\EarthLink TotalAccess\TaskPanl.exe ​
​C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe ​
​c:\progra~1\mcafee.com\vso\mcvsftsn.exe ​
​C:\Program Files\Messenger\msmsgs.exe ​
​C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe ​
​C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe ​
​C:\Program Files\Internet Explorer\IEXPLORE.EXE ​
​C:\Documents and Settings\Leslie\Desktop\hijackthis\HijackThis.exe ​
​ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ​​http://start.earthlink.net​​ ​
​R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ​​http://www.earthlink.net/partner/more/msie/button/search.html​​ ​
​R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ​​http://start.earthlink.net/AL/Search​​ ​
​R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ​​http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com​​ ​
​R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ​​http://www.yahoo.com/​​ ​
​R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ​​http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com​​ ​
​R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ​​http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com​​ ​
​R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = ​​http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html​​ ​
​R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ​​http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com​​ ​
​R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ​​http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com​​ ​
​R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ​​http://start.earthlink.net/AL/Search​​ ​
​R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = ​​http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com​​ ​
​R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ​​http://www.dell4me.com/myway​​ ​
​R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll ​
​R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) ​
​O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll ​
​O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll ​
​O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll ​
​O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll ​
​O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll ​
​O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll ​
​O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll ​
​O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll ​
​O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll ​
​O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll ​
​O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll ​
​O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll ​
​O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll ​
​O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll ​
​O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll ​
​O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe ​
​O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe ​
​O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe ​
​O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" ​
​O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER ​
​O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime ​
​O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask ​
​O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe ​
​O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe ​
​O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" ​
​O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe ​
​O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE ​
​O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe ​
​O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding ​
​O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" ​
​O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe ​
​O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE ​
​O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe ​
​O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP ​
​O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe ​
​O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe ​
​O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet ​
​O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup ​
​O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart ​
​O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe ​
​O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present ​
​O8 - Extra context menu item: &Search - ​​http://ka.bar.need2find.com/KA/menusearch.html?p=KA​ ​
​O8 - Extra context menu item: &Yahoo! Search - ​​file:///C:\Program​​ Files\Yahoo!\Common/ycsrch.htm ​
​O8 - Extra context menu item: Yahoo! &Dictionary - ​​file:///C:\Program​​ Files\Yahoo!\Common/ycdict.htm ​
​O8 - Extra context menu item: Yahoo! &Maps - ​​file:///C:\Program​​ Files\Yahoo!\Common/ycmap.htm ​
​O8 - Extra context menu item: Yahoo! &SMS - ​​file:///C:\Program​​ Files\Yahoo!\Common/ycsms.htm ​
​O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll ​
​O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll ​
​O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - ​​http://wwws.musicmatch.com/mmz/openWebRadio.html​​ (file missing) ​
​O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ​
​O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ​
​O16 - DPF: Yahoo! Euchre - ​​http://download.games.yahoo.com/games/clients/y/et1_x.cab​​ ​
​O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - ​​https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab​​ ​
​O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll ​
​O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - ​​http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab​​ ​
​O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - ​​http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128301944265​​ ​
​O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - ​​http://download.verizon.net/sfp/Cabs/hst/webinstall/HstWebInstall.cab​​ ​
​O17 - HKLM\System\CCS\Services\Tcpip\..\{AB0793D3-CE81-4D5F-BFA3-F4B702927A67}: NameServer = 68.238.0.12 68.238.112.12 ​
​O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll ​
​O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe ​
​O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe ​
​O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe ​
​O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe ​
​O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe ​
​O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe ​
​O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe ​
​O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe ​
​ ​

5.9K Posts

October 5th, 2005 20:00

Log looks OK tho a bit overloaded with BHOs.  Why don't you close Internet Explorer and then run Hijackthis and check all of these:
 
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
Then Fix Checked.  (we will restore them later)
 
Now start IE and go to the site you are having trouble with.  Any better?  IF not then restore them all by Hijackthis, View the list of Backups then check all of them and RESTORE.
 
If it helps then restore only half of them and see if that breaks it again.  If it breaks again then check half of the ones you just restored and Fix Checked.  If it doesn't break then restore half of the remaining items in the Backups list.  The idea is to isolate it down to one or two BHOs that cause the problem.  I would bet on the popup blockers myself.
 
If that doesn't help then uninstall one of your antiviruses.  Running two can cause problems.
 
Ron
 
 
 
No Events found!

Top