denisepop
asked on
internet explorer is still red in highjackthis log after updating
well if asta is here you may still beable to help me for a good grade ....:) i did the upgrade on my internet explore as suggested and i ran the highjackthis again and still red if you need me to i can post it here to show you so now what do i do
OK, try this. I assume you saved the log, did you?
Paste the entire contents of your log here:
http://www.hijackthis.de/index.php?langselect=english
Then click ANALYZE
Then cut/paste all the lines that are shown as "NASTY" here for further analysis.
http://www.hijackthis.de/index.php?langselect=english
Then click ANALYZE
Then cut/paste all the lines that are shown as "NASTY" here for further analysis.
ASKER
yes i did here it is 0/27/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\HP Authorized Custom\Application Data\esis.exe
C:\WINDOWS\System32\wuaucl t.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.e xe
C:\Documents and Settings\HP Authorized Custom\Desktop\HijackThis. exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = http://hp.yahoo.com
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://hp.yahoo.com
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://hp.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-2 98DDF1699E 1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A 37C9A5676A 7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo n.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Tcna] C:\Documents and Settings\HP Authorized Custom\Application Data\esis.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsear ch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0 0B0D0A1DE4 5} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B 7D41EF1CB5 2} - C:\Program Files\AWS\WeatherBug\Weath er.exe (file missing) (HKCU)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098562779801
O16 - DPF: {644E432F-49D3-41A1-8DD5-E 099162EEEC 5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-9 9E8D254DB9 8} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{B 8CA5CA4-2C 91-47AF-AE 92-FAF1E3A 99368}: NameServer = 209.153.128.4 169.207.1.3
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\HP Authorized Custom\Application Data\esis.exe
C:\WINDOWS\System32\wuaucl
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.e
C:\Documents and Settings\HP Authorized Custom\Desktop\HijackThis.
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-2
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Tcna] C:\Documents and Settings\HP Authorized Custom\Application Data\esis.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsear
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {C81B5180-AFD1-41A3-97E1-9
O17 - HKLM\System\CCS\Services\T
Also please tell me what error messages or problem you are having.
Also which Operating System and version.... All this can be found as follows
start-run-msinfo32 on the first screen gives info.
Or in IE - Help - About to get the version of IE you're running.
Will listen and respond. About to cook dinner but will check back.
":0) Asta
Also which Operating System and version.... All this can be found as follows
start-run-msinfo32 on the first screen gives info.
Or in IE - Help - About to get the version of IE you're running.
Will listen and respond. About to cook dinner but will check back.
":0) Asta
Hello denisepop =)
>> MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
THis is still the old version i think :)
How did u use WIndows Update ??
>> MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
THis is still the old version i think :)
How did u use WIndows Update ??
OOPS.... too late.
This is the only item that I see that is irrelevant and can be deleted.
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B 7D41EF1CB5 2} - C:\Program Files\AWS\WeatherBug\Weath er.exe (file missing) (HKCU)
Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'WeatherBug ' is unknown.
Unnecessary (deactivated) entry that can be fixed.
No problems on the other items, no problems noted in IE>
This is the only item that I see that is irrelevant and can be deleted.
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B
Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'WeatherBug ' is unknown.
Unnecessary (deactivated) entry that can be fixed.
No problems on the other items, no problems noted in IE>
I'm using Windows XP SP2 and IE SP2, and love it. Would check WindowsUpdate for sure.
wait, u are using WInXP, and with WinXP the version which comes is 6.00.2600.0000 so that's the correct version for u :)
but hijackthis is telling that its old, coz it has stored in its databse the latest version 6.00.2900.2180 for IE which comes with WinXP SP2..... and as u are not using SP2, u dont have this version and thus that website is telling that Out of Date !!
ahhh stupidity.... =\
but hijackthis is telling that its old, coz it has stored in its databse the latest version 6.00.2900.2180 for IE which comes with WinXP SP2..... and as u are not using SP2, u dont have this version and thus that website is telling that Out of Date !!
ahhh stupidity.... =\
I'm also unclear about this item
C:\Documents and Settings\HP Authorized Custom\Application Data\esis.exe
Do you have HP hardware installed and do some updates for the devices?
O4 - HKCU\..\Run: [Tcna] C:\Documents and Settings\HP Authorized Custom\Application Data\esis.exe
Also see that you're running a Semantec product....
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.e xe
Is this with intent and have you checked for potential updates?
Also this one...
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsear ch.htm
Related to your ISP?
C:\Documents and Settings\HP Authorized Custom\Application Data\esis.exe
Do you have HP hardware installed and do some updates for the devices?
O4 - HKCU\..\Run: [Tcna] C:\Documents and Settings\HP Authorized Custom\Application Data\esis.exe
Also see that you're running a Semantec product....
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.e
Is this with intent and have you checked for potential updates?
Also this one...
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsear
Related to your ISP?
Really, the log looks OK to me, except the questions I've noted above.
Do you know how to check your Event Logs to see if there's anything noted there? Have you been getting errors or having problems that you can tell me about?
Been cooking, so sporatic in my responses, back soon.
Asta
Do you know how to check your Event Logs to see if there's anything noted there? Have you been getting errors or having problems that you can tell me about?
Been cooking, so sporatic in my responses, back soon.
Asta
ASKER
ok this is weird but on that start-run-msinfo32 it says version 5.1.2600 build 2600 microsoft xp home edition internet explorer help says version 6.0.2800.1106.xpclnt-qfe02 1108-2107 update version sp1 not really have a big problem except for being slow i also get a message when i go to restart somthing like program not responding ccap program havent a clue to what that is i did have a w32.spybot.worm that norton took care of and spybot search and destroy is showing a dso exploit which i got rid of once by deleting the 1004 but it came back apparently. but ran the highjackthis and get the red ! next to the internet explorer but doesnt give any problem with it
ASKER
that esis.exe i havent a clue what that is i know that norton came on saying that it was a medium risk so i blocked it and havent seen it since
ASKER
not sure what you are asking about the semantec question with ad blocking and no i dont know how to check my events log
Denis ur operating system is XP or XP SP1 ??
is this the real data which hijacthis told u >> 0/27/2004
or u srote it wrong :)
is this the real data which hijacthis told u >> 0/27/2004
or u srote it wrong :)
Everything I found on esis.exe is European.... For some reason I've gotten ZERO Email notifs of all this activity, and had no clue that I was not here alone... checked back here manually to find much activity. I don't get it ....
It looks almost like German, but isn't; maybe Dutch? Anyway, looks like there's a service pack 6 out there to fix problems, if I understand it correctly....
http://www.abzhw.nl/cgi-oic/pagedb.exe/show?no=1680&fromno=2488
http://www.abzhw.nl/cgi-oic/pagedb.exe/show?no=1680&fromno=2488
ASKER
i have xp but i think i upgraded to sp1 i know thats in my add and remove in controls lol all my dates are coming up wrong
• Lavasoft Ad-aware GREAT program.... be sure to try this and get updates for it, then configure it to do deep scanning and include your HOSTS file. If you need help with this, say.
• Spybot Search & Destroy (S&D) - Also excellent, get updates for it after you install it and be sure to then also use the IMMUNIZE function. If you need more, say.
http://www.microsoft.com/athome/security/spyware/default.mspx
More here...
https://www.experts-exchange.com/questions/20975384/Standard-response-material-re-Spyware-Adware-BHOs-and-other-Malware.html
• Spybot Search & Destroy (S&D) - Also excellent, get updates for it after you install it and be sure to then also use the IMMUNIZE function. If you need more, say.
http://www.microsoft.com/athome/security/spyware/default.mspx
More here...
https://www.experts-exchange.com/questions/20975384/Standard-response-material-re-Spyware-Adware-BHOs-and-other-Malware.html
ASKER
i was reading that well what i could understand of it kinda hard when you cant read whatever language that was the only thing google could come up with
ASKER
i have both programs but dont know how to do the host thing
AdAware here: http://www.download.com/3000-2144-10045910.html
Spybot S&D here: http://www.safer-networking.org/en/download/index.html
Back to cooking, return when I can.
Spybot S&D here: http://www.safer-networking.org/en/download/index.html
Back to cooking, return when I can.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> internet explorer help says version 6.0.2800.1106.xpclnt-qfe02 1108-2107
look, its telling the right version,,, its only that Hijackthis is picking up the Wrong version.... but tis picking up the wrong date also..... why we are thinking that system has problem,,,, why not that hijackthis has problem !! :)
look, its telling the right version,,, its only that Hijackthis is picking up the Wrong version.... but tis picking up the wrong date also..... why we are thinking that system has problem,,,, why not that hijackthis has problem !! :)
ASKER
ok thank you ill give it a whirl if you here anything about this esis.exe let me know
which version of hijackthis u are using denis.... is it 1.98.2 ??
ASKER
yes it is 1.98.2
Sorry for the delayed response, I've not been getting any Email notifications for anything due to a local Server Problem.
I'm so pleased I could help. If more is needed, please let me know and I'll check back manually in the morning.
Must finish cooking.
":0) Asta
I'm so pleased I could help. If more is needed, please let me know and I'll check back manually in the morning.
Must finish cooking.
":0) Asta