0

:mad: OK, I have already posted one thread and have not gotten any response from my last post which was 2 days ago......I really need someone's help! Here is my latest HIJACTHIS LOG FILE....If you can help.....PLEASE REPLY!! :cry: :!:

Logfile of HijackThis v1.98.2
Scan saved at 11:59:28 AM, on 10/01/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\YEDIEx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Survey Alerts Manager\skinkers.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ergas Family\Desktop\HIJACKTHIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mycampus.aiu-online.com/default2.asp?code=&referer=&logout=0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SAMCluster] C:\Program Files\Survey Alerts Manager\skinkers.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://*.1098-t.com
O15 - Trusted Zone: http://www.ebay.com
O15 - Trusted Zone: http://www.liquidloot.com
O15 - Trusted Zone: http://adfarm.mediaplex.com
O15 - Trusted Zone: http://v5.windowsupdate.microsoft.com
O15 - Trusted Zone: http://download.microsoftupdate.com
O15 - Trusted Zone: http://www.paypal.com
O15 - Trusted Zone: download.windowsupdate.com
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.8.6.20/holdem/holdem-ob-assets.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02DF1A18-1106-4320-9561-00724B4303BD}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{02DF1A18-1106-4320-9561-00724B4303BD}: NameServer = 205.188.146.146

4
Contributors
8
Replies
9
Views
12 Years
Discussion Span
Last Post by pshaw
0

Try the following advice from chetnet.co.uk:

Open Internet Options.

Clear the Secure Sockets Layer (SSL) slate and AutoComplete history. To do so:
Click the Content tab.
Under Certificates, click Clear SSL Slate.
Click OK when you receive the message that the SSL cache was successfully cleared.
Under Personal information, click AutoComplete.
Under Clear AutoComplete history, click Clear Forms. Click OK when you are prompted to confirm the operation.
Click Clear Passwords. Click OK when you are prompted to clear all previously saved passwords, and then click OK two more times.
Verify that Internet Explorer is configured to use SSL 2.0 and SSL 3.0. To do so:
Click the Advanced tab.
In the Settings box, under Security, click to select the Use SSL 2.0 and Use SSL 3.0 check boxes (if they are not already selected), and then click OK.

Verify that the Date and Time Settings on Your Computer Are Correct
To verify that your computer is configured with the correct date and time settings:
Click Start, and then click Control Panel.
Click Date, Time, Language, and Regional Options, and then click Date and Time.
Click the Date & Time tab.
Make sure that the date and time settings are configured to use the current date and time, and then click OK.

Verify that Your Computer Is Using 128-Bit Encryption
To do so:
In Internet Explorer, on the Help menu, click About Internet Explorer.
The level of encryption on your computer appears next to the words Cipher Strength. Verify that the Cipher Strength value appears as 128-bit.
Click OK.

0

everything is how it should be, but still no secure sites.....doesn't anybody know what is wrong with my computer????? Crunchie, I am not saying you don't know, it is just that I have had tons of experts tell me the same thing you are telling me, and nobody knows what is wrong.

0

Open Event Viewer (in your Administrative Tools folder) and look through your logs for any errors relating to DNS, SSL, or Certificates. If you find such any errors, please post the full text of the messages, especially the specific error codes.

- I see that you have AOL, which uses a modified version of Internet Explorer. Does the problem happen when using AOL's browser or the stand-alone version of IE, or does it only happen with one or the other? As a related test, you could download Netscape or Firefox and see if problem occurs in those browsers as well as IE. Doing so would at least let us know if the problem is specific to IE or not.

- How are you connected to the Internet? If you're going through a hardware router/firewall or a proxy, it's possible that the problem lies there.

0

I do not have any errors for DNS, SSl or Certificates. I do have a few errors telling me something about the registry and about IPSEC filters. This problem occurs using both IE and AOL browsers. I attempted to use Netscape a few months ago and got the same error. I am connecte through dial-up at the moment, but in 10 days I will be up and running DSL. No router and all firewalls are disabled.

0

I had difficulty with secure (https) websites. I found this post on another site. I didn't trust winsockxpfix so i just manually ran netsh int ip reset logfile.txt and rebooted. That did the trick.It is advisable to back up your registry first since that command changes registry entries.

The second post, I pasted at the bottom, Was also helpful for some people.

Good luck!!!

++++++++++++++++++++++++++++++++++++++++++++++++++
FIXING THE TCP/IP STACK AND WINSOCK

TCP/IP stands for Transmission Control Protocol / Internet Protocol and the TCP/IP Stack is the set of layers of communications protocol that connects computers on the internet. In Windows, this is controlled by a file called Winsock.dll. If you are having troubles relating to this type of problem, some of the symptoms you encounter may be that you can "ping" pages on the internet, but your browser always returns a "page cannot be displayed" error.

Sometimes this type of error develops as a result of running a program like LavaSoft's AdAware or SpyBot Search & Destory in order to get rid of "spyware" running behind the scenes on your computer. These programs may inadvertently destroy your internet connectivity by removing certain necessary Registry entries. You might also develop such a problem after removing network software incorrectly or uninstalling a firewall improperly, or even running a Registry cleaner a little too recklessly.

In previous versions of Windows, you can reinstall the TCP/IP protocol fairly easily, but in Windows XP the TCP/IP stack is a core component of the OS. However, you can "reset" the TCP/IP to the same state it was in as when you first installed Windows XP, as described in this Microsoft Knowledge Base article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;299357
How to Reset Internet Protocol (TCP/IP) in Windows XP

What you basically have to do is to type at a Command Prompt a command like the following:

netsh int ip reset logfile.txt

When this command is executed, it rewrites pertinent registry keys that are used by the Internet Protocol (TCP/IP) stack to achieve the same result as the removal and the reinstallation of the protocol. The registry keys affected are at the following:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP\Parameters\

There is a program available called WinsockXpFix.exe that does the above, and that also does some other things that are aimed at fixing Winsock in XP. It replaces Registry keys here:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2

It backs up a file called Hosts in the folder WINDOWS\system32\drivers\etc and then replaces it with a default new one. The Hosts is a plain text file linking web or network addresses with their IP addresses; this file may contain invalid entries due to modified web page addresses, and may become corrupted as the result of spyware, trojans, the use of file transmission networks such as KaZaa, etc.

After doing all this it reboots the computer.

The WinsockXpFix.exe program can be downloaded directly from the author, here:

http://members.shaw.ca/techcd/WinsockXPFix.exe
+++++++++++++++++++++++++++++++++++++++++++++++++++

Basically I found an article at Microsoft's site
entitled "How to troubleshoot situations where you
cannot complete MSN sign-up or connect to SSL secured
(128-Bit) Web sites by using Internet Explorer in
Windows XP" ... for some reason this forum is not
letting me add a link to the article. Let me know if
you can't find the article and need a link.

To make a very long story short ... all I had to do
was re-register the following .dll files:

Softpub.dll
Wintrust.dll
Initpki.dll
Dssenh.dll
Rsaenh.dll
Gpkcsp.dll
Sccbase.dll
Slbcsp.dll
Cryptdlg.dll

To re-register these files, follow these steps:

-----------------------------------------------

1. Click Start, and then click Run.

2. In the Open box, type one of the following
commands, and then click OK (copy and paste is your
best friend):

regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 cryptdlg.dll

4. Click OK when you receive the message that says
DllRegisterServer in FileName succeeded.

5. Repeat for each command line listed above

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.