Solved: Cheeseball - help!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Navi

Thread Starter
Joined
Mar 7, 2005
Messages
64
Hi there,

Cheeseball very effectively helped me with some issues recently and Flrman sometime before that. I have found that I am having troubles accessing some legitimate sites (username and password returns as invalid or simply refreshes when I know it is good) and other weird anomylies that didnt use to happen. Is it possible changes made to some settings could be the cause of this? Any help appreciated.

cheers

Navi
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Hi Navi :)

Can you post a Hijack This log? Let's make sure something fishy isn't going on.
 

Navi

Thread Starter
Joined
Mar 7, 2005
Messages
64
Thanks Cheeseball,

Attached is my HJT log, hope HJT v1.99.1 is the latest?

Navi

Logfile of HijackThis v1.99.1
Scan saved at 10:33:05 AM, on 7/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Telstra\Signup\tbpt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://telstra.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] C:\Program Files\Telstra\Signup\tbpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://telstra.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5A3C6507-730A-43B2-8EAC-4C430F2EF35E} (PortfolioManager Class) - https://portfoliomanager.westpac.com.au/portfoliomanager/portfoliomanager.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Deepsight Extractor (DeepsightExtractor) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
O23 - Service: DeepSight Extractor Service for NPF03 (ExtractorServiceNPF03) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for NPF04 (ExtractorServiceNPF04) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF04.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Yes it is.

The log seems okay.

Can you further explain the problem you're having?

I don't believe I remember seeing DeepSight Extractor in your log last time.
Is that something new?
 

Navi

Thread Starter
Joined
Mar 7, 2005
Messages
64
Yeah, sure. As I said when accessing some sites that require a user,password usually for reputable organisations the login is failing or not registering (example: logging in to my access provider user account). This has happened several times at similar sites.

Recently using MS sharepoint (a portal program) software a part of it failed to show on my machine, it is ok on all others even using my password and the sharepoint tech people have checked the software and have not seen this before.

I followed some of the "sticky" posting instructions that required settings changes and was recommended changes to some ActiveX security settings - could it be related to this stuff? (which I dont understand AT ALL!!)

DeepSight Extractor is a program that assists the download of a NASA resource at http://worldwind.arc.nasa.gov/ I have removed it in control panel. May not have been there last time.

Any ideas appreciated.

Navi
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
I'm thinking maybe it was due to any changes you made in the ActiveX settings. Assuming this started happening after the changes.

What are they set to right now?
 

Navi

Thread Starter
Joined
Mar 7, 2005
Messages
64
I am guessing you mean in Internet Options > Security
Custom Level
Under: Active X controls and plugins??

They are as follows:
 

Navi

Thread Starter
Joined
Mar 7, 2005
Messages
64
Auto prompting for ActiveX controls: Disable

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disable

Initialize and script ActiveX controls not marked as safe: Disable

All others under ActiveX controls and plugins are enabled.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Hmmm those seem okay. And you had no problems before doing the ActiveX changes? Which ones did you change?
 

Navi

Thread Starter
Joined
Mar 7, 2005
Messages
64
Cant say exactly which ones I changed but it was on the advice from this forum - that probably doesnt help much.

You can see my past discussions here and i made some changes as suggested in the sticky thread above about reducing the security threat to a computer.
 

Navi

Thread Starter
Joined
Mar 7, 2005
Messages
64
Sorry for slow reply, No I dont think I did change Nortons at all. I have loaded up the Beta MS anti spyware software and changed spywareblaster to "enable all" but that is all I can remember.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
I'm going to further investigate this. If I cannot find a solution, I will most definitely ask a Moderator to assist.

Let me just ask - when you attempt to log into these sites with your password - do you receive any specific error messages?
 

Navi

Thread Starter
Joined
Mar 7, 2005
Messages
64
Umm... it varies. One site gives me a non-specific "Login Error" and the others do not give any message they just return to the login page without any text in the boxes.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
A few things to try/check:

1. Open IE and click Help, About Internet Explorer and look at the Cipher Strength. Make sure it's 128 bit.

2. On the Tools menu in Internet Explorer, click Internet Options, and then click the Security tab.
Click the Advanced tab.
Under Security, click to select the Use SSL 2.0 and Use SSL 3.0 check boxes (if they are not already selected), and then click Apply.
Click Restore defaults.
Click Apply.
Click OK.

3. Click Start, right-click Internet Explorer, and then click Internet Properties.
Click the Advanced tab.
Click to clear the Enable third-party browser extensions (requires restart) check box.
Click Apply.
Click Ok.
Start Internet Explorer, and try logging in again.

4. On the Tools menu in Internet Explorer, click Internet Options, and then click the Security tab.
Click Internet, and then click Default Level.
Click Local Intranet, and then click Default Level.
Click Trusted sites, and then click Default Level.
Click Restricted sites, and then click Default Level.
Click Apply.
On the Privacy tab, click Default, and then click Apply.

5. Use the System File Checker tool to scan all files that are protected by Windows File Protection
Use the System File Checker (Sfc.exe) tool together with the /scannow parameter to immediately scan and verify the versions of all the system files that Windows File Protection helps protect. If the Sfc.exe tool detects that such a file was overwritten, the Sfc.exe tool retrieves the correct version of the file from the Dllcache folder or from the Windows XP installation source files, and then replaces the incorrect file. The Sfc.exe tool also verifies and repopulates the cache folder.

You must be logged on as an administrator or as a member of the Administrators group to run the Sfc.exe tool. To run the Sfc.exe tool together with the /scannow parameter, follow these steps:
Click Start, and then click Run.
In the Open box, type cmd, and then click OK.
At the command prompt, type sfc /scannow, and then press ENTER.
Type exit, and then press ENTER.

6. On the Tools menu in Internet Explorer, click Internet Options, and then click the General tab.
Click Delete Cookies, and then click OK.
Click Delete Files, and then click OK.
Click Clear History, and then click Yes.
Click OK.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top