HJT! log, connection hijack- Terri_s4short
Hello everyone! I've encountered a bit of a problem as far as a hijacker is concerned, or at least that's what I think it is. I've run spybot as well as about 5 million different ad ware sweepers but I've yet to find anything.
I'll be able to connect to the internet for about 2-5 minutes before the connection is lost. The only way to reconnect is by restarting my computer. I'm running windows 98SE, on an empowered network usinc a cisco 260 modem and a D-Link router... I'm not quite sure what to look for so if someone could give me a hand I'd be very grateful!
Terri
Logfile of HijackThis v1.98.2
Scan saved at 6:13:52 PM, on 20/08/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GUARDDOG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDATE.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKAGENT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\DESKTOP\HJT\NEW FOLDER\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webroot.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webroot.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\49ywxktv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\49ywxktv.slt\prefs.js)
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GDIEHELP.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\PROGRA~1\MCAFEE.COM\VSO\MCVSSHLD.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKDETCT.EXE /startup
O4 - HKLM\..\RunServices: [GuardDogEXE] "C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GUARDDOG.EXE" /SERVICE
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\MCVSRTE.EXE /embedding
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GDIEHELP.DLL
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
I'll be able to connect to the internet for about 2-5 minutes before the connection is lost. The only way to reconnect is by restarting my computer. I'm running windows 98SE, on an empowered network usinc a cisco 260 modem and a D-Link router... I'm not quite sure what to look for so if someone could give me a hand I'd be very grateful!
Terri
Logfile of HijackThis v1.98.2
Scan saved at 6:13:52 PM, on 20/08/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GUARDDOG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDATE.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKAGENT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\DESKTOP\HJT\NEW FOLDER\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webroot.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webroot.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\49ywxktv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\49ywxktv.slt\prefs.js)
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GDIEHELP.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\PROGRA~1\MCAFEE.COM\VSO\MCVSSHLD.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKDETCT.EXE /startup
O4 - HKLM\..\RunServices: [GuardDogEXE] "C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GUARDDOG.EXE" /SERVICE
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\MCVSRTE.EXE /embedding
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GDIEHELP.DLL
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
0
Comments
You have a very clean log, I don't think your problem is spyware related. You may need to check your ethernet card, router and modem. Try different ports on the router. Get your ISP to do a remote diagnostic on the modem. Test a different router and ethernet card if you can, or take your computer to someone else's house or office and see if the problem continues. Make sure your router and modem are not too hot, move them away from other hot eqpt, and do not stack them on top of each other.
I see you have my least favourite brand of routers. I have replaced a lot of D-link routers that have had strange problems like this. As soon as a Linksys, SMC or USR router goes in, the problems disappear. In fact, I am assisting one real-life customer right now in replacing their wireless/wired D-Link router. The wireless works fine, but 3 out of 4 wired ports do not work. The unit is less than 1 year old. :shakehead:
Others may disagree with me, but based on my personal experience, D-Links have a high failure rate.
If you keep having problems after trying some of those things, either post in the networking forum here, or take your system to a paid tech for diagnosis.
Dexter...
Thanks a lot for your help,
Terri
Dexter...
We thought it was a proxy because virus scans couldn't find anything, no spyware or adware, tried different ports on the router, same problem stayed. I also read a bit online on how networks can be hijacked (it makes me so angry that complete noobs like myself can hijack others in a jiffy because of all those tutorials and programs...) and the recipe seemed to fit my computer. Also because I would share files it seems like I just flung my arms in the air and yelled "come and get me!!!" :s
I'm going to try to partition my hd and start fresh on the partition, see if it is in fact an outside influence or a fluke of the D-Link. Grr.
Terri
Dexter...
The modem and D-Link are nice and cool and dry, so I don't think that's the problem, just because my computer is the only one on the network of four computers that this is affecting and I've tried my computer on each of the other ports with the same results. The twisted pair cable is brand new, no kinks, the cable between the modem and router is older, but again I would find it strange that my computer would be the only one affected by it if that was the case.
I will call the ISP again... I just wish once and for all that my computer would be fixed... I've spent over 300 dollars in the last little while trying to get it together. :s
Terri