Weird Schtuff...Please Help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Servant of Eru

Thread Starter
Joined
Sep 13, 2003
Messages
2,106
I'm not sure if this is a Widows problem, an Internet problem, or even a security problem....but it's mostly isolated to internet related programs, so I'm posting it here.

First off, I'm on Windows XP, the problems seems to occur when trying to open or use a hyperlink for the most part. A new window just doesn't open, and it won't let me open the link in a new window by right clicking either. There's also problems with cutting and pasting, it simply won't cut or copy, therefore I can't paste. I tried resetting my internet settings using a Run based command I found in one of the threads I found doing a search....but my problems seems to be a little different. Could this be because of a virus? Also, when I try to access my email, it says there's an RPC error. I'm thinking that's because of what I did to fix the Blaster worm....is there a way to fix this? :confused:

Jim
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,435
I think a good place to start would be to post a Hijack This log for the experts to look at.

Click here: http://www.majorgeeks.com/downloadg...a8baee6434cfc13
to download Hijack This. Save it to it’s own folder (not temporary files). Click on the Hijackthis.exe.

Close all open windows and open HIJACK THIS. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.

Cookie
 

Servant of Eru

Thread Starter
Joined
Sep 13, 2003
Messages
2,106
Here's my latest HJT log. Enjoy. :rolleyes:

Logfile of HijackThis v1.97.7
Scan saved at 3:58:21 AM, on 1/5/2002
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\enbiei.exe
C:\WINDOWS\System32\mslaugh.exe
C:\WINDOWS\System32\sstray.exe
C:\WINDOWS\System32\teekids.exe
C:\Program Files\ATI Multimedia\main\launchPd.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jim\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://darkevil1.proboards27.com/index.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchPd.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: SATARaid.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38072.8894097222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E97C064-2433-464E-A0F9-C8DA51C319F3}: NameServer = 207.69.188.185 207.69.188.186

Windows Update is on the fritz as well, I think it might stem from the same problem...which is a big problem in itself as it leaves me open to attack. :eek:
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,435
Right off I can see the Blaster worm is still there (mslaugh.exe & msblast.exe).

Since I'm not qualified to tell you what to fix (I doubt if it's only the one entry), I will request that this thread be moved over to security and I'm sure someone will analyze your log for you.

Cookie
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,435
Oh, and teekids. is the lovsan worm so there is other stuff in there.

Hang tight......

Cookie
 
Joined
Jul 26, 2002
Messages
46,331
I've moved this to the Security forum.
Windows Update is on the fritz as well, I think it might stem from the same problem...which is a big problem in itself as it leaves me open to attack. :eek:
You don't have an AV running on this machine. What do you expect! ;)
 
Joined
Jul 26, 2002
Messages
46,331
I'm thinking that's because of what I did to fix the Blaster worm....
I don't know what you did to remove the blaster worm, but either you didn't remove it or you got it again.

Did you install the patch for the RPC buffer overrun vulnerability?

First go here and follow the intructions for downloading and running the Blaster removal tool:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

Imediately after you have run the removal tool go here and install the the patch for the RPC buffer overrun vulnerability, if you haven't done so already.

http://www.microsoft.com/downloads/...ae-a1ba-4d4a-b424-95d32cfc8cba&displaylang=en
 

Servant of Eru

Thread Starter
Joined
Sep 13, 2003
Messages
2,106
Originally posted by flrman1:
And for heaven's sake get an AV and a firewall!
Right now, I'm just trying to get the damn updates downloaded to patch up my security vulnerabilities. :(
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top