Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Still can't access Hotmail or Yahoo


  • Please log in to reply

#1
Lidflipt

Lidflipt

    Member

  • Member
  • PipPip
  • 57 posts
Hi there... I recently posted a topic that never was attended to. It's okay... I just had time tonight to go through the "Click Here" before posting HJT logfile once again and there may have been things I needed to update in order for you guys to get back to my issue...

Anyway, I have completed all of those and I even got the AVG firewall compatability settings in place... but I still can't get into hotmail or yahoo. I type in hotmail and just get a blank page. Even if I use MSN. Is there something still infecting this hunk of &%$???

It runs pretty slow as it is and I'm not sure if it's time to just take it out to pasture or what... It's only 3 years old!!

Thanks, and here's a new HJT log (new version... neato!)

-flipt

Logfile of HijackThis v1.99.1
Scan saved at 11:00:26 PM, on 4/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\HPConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\America Online 6.0\aoltray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 6.0\waol.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093325881822
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?322
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B8AAD88-9A9B-4296-A2B2-C744CDF9705C}: NameServer = 205.188.146.145
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
  • 0

Advertisements


#2
bartenders35

bartenders35

    Member

  • Member
  • PipPip
  • 27 posts
If you want to post help in the Malware Removal forum here at GTG, you need to be a staff member. Click here to join Geek U.

ScHwErV :tazz:

Edited by Geek U Moderator

Edited by ScHwErV, 20 April 2005 - 12:49 PM.

  • 0

#3
Lidflipt

Lidflipt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Ummmm... I can't even really help myself let alone others... I think staff member is a little out of my league. Unless that was directed towards someone else?

I do still need help with this virus on my computer... I guess AVG detects it and says it can't clean it b/c it's archived?

If anyone can help I'm all ears. Thanks-

Flipt
  • 0

#4
Elrond

Elrond

    Malware Expert

  • Visiting Consultant
  • 8 posts
  • MVP
Hi
Welcome to Geeks to Go Forums.
I looked over your log and it seems to be free of malware. It could be some setting in IE that gives you trouble. Have you tried using Firefox or Opera as your browser?

It could be worthwhile to post in the open forums. Often somebody has experience with your problem.

Now that your computer seems to be free of malware, I want you to take some precautions to avoid being re-infected.
If something does not pertain to your version of Windows please just skip that instruction.

Settings and maintenance

1. Clean out temporary files etc.
Download and install CleanUp!
a. Click Start > Programs > "CleanUp!" > "CleanUp!".
b. A dialog will appear. Click on the button labeled "CleanUp!".
c. Reboot.
You should do this every few weeks to avoid buildup of unnecessary junk. Run it for each user account on the computer.

2. Clean Out System Restore. (Only ME and XP)
Malware could get backed up in System Restore.
For Win XP follow these instructions to delete all restore points.
a. Go to "Start" > "Control Panel".
b. Make sure the Control Panel is in "Classic View". If it is not, click "Switch to Classic View" towards the top-left of the screen.
c. Double-click "System" and go to the "System Restore" tab.
d. Check "Turn off System Restore" and click "OK" and then "Yes".

After restarting your computer you should turn it back on by following the above procedure and uncheck "Turn off System Restore".

You can find out more about this subject at
Managing Windows Millennium System Restore
or at
How to turn off or turn on Windows XP System Restore

3. You reconfigured Windows to show hidden files and you should reset this to its original state using the instructions from here except that
1. Under the "Hidden files and folders" heading put a mark for "Do not show hidden files and folders".
2. Uncheck "Display content of system folders"
3. Check the "Hide protected operating system files (recommended)" option.

4. Make your Internet Explorer more secure

a. Less restrictive but less secure:
Adjust your browser settings: Change your(active x) settings in IE. With IE open go to tools, internet options, security tab. Click on the internet globe, then custom level. Set the first option "download signed active x controls" to prompt, the next two to disable. Read more in
Internet Explorer Privacy & Security Settings
Working with Internet Explorer 6 Security
Many exploits are directed at Internet Explorer, you don't have to use it. Try a different browser like
Firefox . It is also worth trying
Thunderbird for controlling spam in your e-mail.

b. More secure but very restrictive.
This can be done by following these simple instructions that apply to all "Windows" except "Windows XP with SP2". In SP2 many of those setting are the default settings but check your settings anyhow. The settings can become restrictive but you should use them anyhow. If there are sites that will not show up right with those settings and that you rely on to be free of malware place them in the trusted zone.

1. Click "Start". Open "Control Panel".
2. Select the "Internet Options"
3. Select "Security" Tab and select the following settings.

* ActiveX controls and plug-ins
• Download signed ActiveX controls: Disable
• Download unsigned ActiveX controls: Disable
• Initialize and script ActiveX controls not marked as safe: Disable
• Run ActiveX controls and plug-ins: Disable
• Script ActiveX controls marked safe for scripting: Disable

* Downloads
• Font Download: Disable

* Microsoft VM
• Java permissions: Disable Java

* Miscellaneous
• Allow META REFRESH: Disable
• Display mixed content: Disable
• Drag and drop or copy and paste files: Disable
• Installation of desktop items: Disable
• Launching programs and files in an IFRAME: Disable
• Navigate sub-frames across different domains: Disable
• Software channel permissions: High Safety
• Userdata persistence: Disable

* Scripting
• Active scripting: Disable
• Allow paste operations via script: Disable
• Scripting of Java applets: Disable

* User Authentication
• Logon: Prompt for username and password
4. When all these settings have been made, click on the OK button.
5. If it prompts you as to whether or not you want to save the settings, press the Yes button.
6. Next press the Apply button and then the OK to exit the Internet Properties page.


These are a MUST to protect yourself from malware.
5. Always use a good anti-virus..
KEEP IT UPDATED

6. Always use a good firewall.
Be restrictive with access to the internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not make the block permanent.

Never run two Antivirus programs or two Firewalls at the same time. The can interfere with each other and cause problems.

Download and install “SpywareBlaster” and "SpywareGuard".

You will find the addresses for the programs that I recommend at this website . It is important that you go to there. It is good source of information about computer security. It will give you recommendations for more security tools as well as tips about how to stay clean on the internet. PLEASE FOLLOW THE RECOMENDATIONS TO PROTECT YOURSELF.

7. MOST IMPORTANT for all versions: You Need to keep “Windows” and "Internet Explorer” updated. Open ‘Internet Explorer” and go to”Start”> "Tools" > "Windows Update" or go to Microsoft Windows and Internet Explorer Updates to get the critical updates.

8.If you are running Microsoft Office, or any portion thereof you must keep it updated as well. Go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed. Update MS Office here.

9. Keep your programs updated.

10. I highly recommend downloading and installing the newest versions of “AdAware SE Personal” and “Spybot Search and Destroy”
After installing remember to update the definition files for each program.
I also suggest that you visit this website and follow the instructions on how to configure both programs for best detection. These instructions are the best even though they refer to a cleanup of an infected computer.

11. It is worth while to take a look at "So how did I get infected in the first place? for some good advice.


VERY IMPORTANT. Update all protective programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow these recommendations and your potential for being infected again will be dramatically reduced.

Do you have any problems with your computer besides the problems with Hotmail and Yahoo? If so please post the details.

It has been a pleasure helping you.

Best of luck and clean computing

Elrond :tazz:
  • 0

#5
Lidflipt

Lidflipt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Thank you SO much... I think things are running a little quicker now and I haven't even had the time to finish updating everything. I can tell you one thing, downloading Firefox was TOUGH!!! Everytime I'd try at the mozilla site, I was re-directed or the only part of the page that wouldn't load were the "download" buttons. This happened at about 3 or 4 sites... maybe IE's last attempt to cling onto it's life on my pc? An IE death-rattle perhaps?? Maybe. Either way I finally got around it and it works like a charm.

Also, I still plan on updating office and windows. I'm going to be sure my GF clicks on the "update now" buttons from here on out when coming from AVG, etc.

I just updated her AOheLL last night... I think she was running version 6.0. I think I got her 9.0 SE. I keep telling her to trash that isp but OH WELL... she can pay 23.00 a month if she wants!!

Thanks again for all of your help!

-Flipt
  • 0

#6
Lidflipt

Lidflipt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
After some additional research, I found that I actually had a scripting error in windows, or a VB (visual basic) scripting support had been corrupted in my copy of Windows. Not sure how or why this happened... but if anyone had trouble accessing Hotmail, Yahoo, or Bank of America (to name a very FEW) in any web browser... you might give this a try...

It's a pretty simple fix and it worked for me!!!

After you install the download (you can validate it prior to installation as well) restart your computer and see if it helped!!

Hope it did!


-FliPt
  • 0

#7
Elrond

Elrond

    Malware Expert

  • Visiting Consultant
  • 8 posts
  • MVP
Thank you. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP