View Full Version : The page cannot be displayed
TED BEDARD
05-24-2006, 01:28 PM
" The page cannot be displayed" I get this alot but not all the time. I've searched the net and found hundreds of solutions all of which did not work. I had a problem trying to download a program from Mcafee.It wouldn't complete the download. They had me run several programs to clean my pc of virus,spyware and whatever none of which solved the problem. Defaulted my internet options. I run XP Pro with SP2,IE 6.0. I've disabled my firewall and popup blockers with no luck. Can anyone help without throwing the Tech manual at me?
PrntRhd
05-24-2006, 02:05 PM
Ted,
I hope you don't mind that I split this off the unauthorized wireless access thread. ;)
Have you tried a repair install of IE6?
What security programs are you running?
Have you tried an alternate browser like Opera or Firefox to see if they display?
Have you tried a HiJackThis scan and posting a log in Applications & Security forum? You can find HiJackThis here:
http://www.merijn.org/downloads.html
TED BEDARD
05-24-2006, 02:23 PM
no to the repair.AVG Free,virus,spyware and email scan,also windows firewall.
I haven't heard of those browsers.
I had HiJack This but deleted it (Don't know why)
Variable
05-24-2006, 03:35 PM
One of the problems is you are not seeing the real error message. I would go to Tools, Internet Options, click the Advanced tab and uncheck "Show friendly HTTP error messages" and click ok. Now when a page doe not display you will see the reason why, not a generic useless message. It sounds like a DNS problem. You could have some malware pointing to an odd DNS server or something could be blocking DNS.
Once you find out the real error message post back.
TED BEDARD
05-24-2006, 04:15 PM
"cannot find server or DNS error" I did a reg clean program and rebooted to see if that would help.I guess not. What else do you recommend.
TED BEDARD
05-24-2006, 04:18 PM
I also downloaded and ran HiJack This
I also downloaded and ran HiJack This
Then please post the log.
TED BEDARD
05-24-2006, 06:00 PM
Logfile of HijackThis v1.99.1
Scan saved at 1:27:51 PM, on 5/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
F:\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\TEDBED~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\TEDBED~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{F08555B0-9CC3-11D2-AA8E-000000000000} - (no file)
R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000000} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: (no name) - {6BF5DED8-A8F8-B1BD-E759-1333EB1E6DA6} - (no file)
O2 - BHO: (no name) - {F743CFF9-0169-4DBC-996D-71B50AD4B3D3} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader]
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\WINDOWS\system\band.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {3B92D300-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {3B92D301-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {3B92D302-5A93-11D8-8366-0050BAC0679C} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.bankofamerica
O15 - Trusted Zone: http://csb.sprint.com
O15 - Trusted Zone: http://www.voiceglo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144938977406
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Variable
05-24-2006, 07:10 PM
You probably just have a DNS problem. You can add the DNS servers given by your ISP to the TCP/IP properties of your NIC and/or router.
You may also want to check the
C:\WINNT\system32\drivers\etc\hosts file
Open it in notepad and make sure some malware hasn't added anything. It should say
127.0.0.1 localhost
everything else should have a # sign to the left of it. If there is anything else you can add a # sound to the left of that line and then click File and save.
This link seems helpful
http://www.mediacollege.com/computer/network/dns.html
TED BEDARD
05-24-2006, 07:53 PM
My C:\windows\system32\drivers\etc\host file Is empty. I don't have C:winnt\.
Should I add (127.0.0.1 localhost) to the host file or some other number?
Fred_Flintstone
05-24-2006, 09:59 PM
My C:\windows\system32\drivers\etc\host file Is empty. I don't have C:winnt\.
Should I add (127.0.0.1 localhost) to the host file or some other number?
I have XP Pro SP2 and my host file (same path as yours) contains the following:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
The above is an exact cut & paste of the contents if it's any help ;)
classicsoftware
05-27-2006, 04:30 PM
I hate to disagree, but you have remnants of a nasty spyware infection.
Please print out this post so that you have a hard copy of these instructions. You will need to keep Internet Explorer and Windows Explorer (including My Computer) closed throughout the entire process.
Step One: Please download Intermute's CWShredder from here:
http://cwshredder.net/bin/CWShredder.exe
Save it to the desktop, install the program and update it, but do NOT run a scan yet.
Step Two: Please download About:Buster from here:
http://www.malwarebytes.org/AboutBuster.zip
Unzip it to the desktop, run it, Check for Updates, and update the files, but do NOT run a scan yet.
Step Three: Please download, install, and update the NEW free version of Ewido trojan scanner (http://www.ewido.net/en/download/):
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main Ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Do NOT run a scan yet.
Step Four: Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) Just before the Windows starts to load, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
Step Five: Once in Safe Mode, please run CWShredder, and click Fix.
Step Six: Then please run About:Buster and click Start to begin the scan. If prompted to end the Explorer.exe process, click Yes. Your desktop may disappear --- this is normal. Allow the program to scan twice, and when complete click "Save Log". This will create a text file called "AB Logfile.txt" in the folder where About:Buster is saved. I will want to see this logfile later.
Step Seven: Then please run Ewido, and run a full scan. Save the log from the scan for me.
Step Eight: Finally, please run HijackThis, click Scan, and check:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\TEDBED~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\TEDBED~1\LOCALS~1\Temp\sp.html
R3 - URLSearchHook: (no name) - _{F08555B0-9CC3-11D2-AA8E-000000000000} - (no file)
R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000000} - (no file)
O2 - BHO: (no name) - {6BF5DED8-A8F8-B1BD-E759-1333EB1E6DA6} - (no file)
O2 - BHO: (no name) - {F743CFF9-0169-4DBC-996D-71B50AD4B3D3} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Close all open windows except for HijackThis and click Fix Checked.
Step Nine: Then please restart your computer in Normal Mode... Open a fresh HJT scan and fix any of the items noted already if they are still there...
Delete the the contents of your Temp and Temporary Internet folders.
You may have to show Hidden (http://www.xtra.co.nz/help/0,,4155-1916458,00.html) files
Step Ten: Reboot and post a new HijackThis log, as well as the logs from AboutBuster and Ewido.
As a side note:
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
this program is used to manipulate the TCP/IP stack and alter the number of concurrent connections. Did you install it? Why? What other network manipulations have you attempted on this PC?
TED BEDARD
05-28-2006, 04:00 PM
Classicsoftware
Before I start your repair proceedure you want me to run SP2 Connection Patcher? I don't remember if I ran this program before. I wasn't familar with it. My IPS comcast Tech Support walked me through several different steps that didn't work I couldn't tell you what had been done. After running SP2 should I start your proceedure?
No, follow the ten steps in order, exactly...worry about the connection patcher later, my guess is that it is something Comcast had you do.
TED BEDARD
05-28-2006, 07:44 PM
Logfile of HijackThis v1.99.1
Scan saved at 5:51:39 PM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HiJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader]
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\WINDOWS\system\band.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {3B92D300-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {3B92D301-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {3B92D302-5A93-11D8-8366-0050BAC0679C} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.bankofamerica
O15 - Trusted Zone: http://csb.sprint.com
O15 - Trusted Zone: http://www.voiceglo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144938977406
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
AboutBuster 6.02
Scan started on [5/28/2006] at [4:12:00 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 4:15:05 PM
AboutBuster 6.02
Scan started on [5/28/2006] at [4:15:39 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 4:18:46 PM
---------------------------------------------------------
TED BEDARD
05-28-2006, 07:47 PM
ewido anti-malware - Startup report
---------------------------------------------------------
+ Created on: 6:08:36 PM, 5/28/2006
+ Report-Checksum: 7E010C6F
Reg\HKLM\Run MCUpdateExe C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
Reg\HKLM\Run MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
Reg\HKLM\Run MPFEXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
Reg\HKLM\Run NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Reg\HKLM\Run NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Reg\HKLM\Run nwiz nwiz.exe /install
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
Reg\HKLM\Run MediaPipe P2P Loader
Reg\HKLM\Run RoxioDragToDisc "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
Reg\HKLM\Run SM1BG C:\WINDOWS\SM1BG.EXE
Reg\HKLM\Run AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
Reg\HKCU\Run SP2 Connection Patcher "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
---------------------------------------------------------
ewido anti-malware - Connection report
---------------------------------------------------------
+ Created on: 6:09:35 PM, 5/28/2006
+ Report-Checksum: 662C5EFC
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 69.139.xxx.xxx:139 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:10110 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445
UDP 0.0.0.0:1031
UDP 0.0.0.0:1036
UDP 69.139.xxx.xxx:123
UDP 69.139.xxx.xxx:137
UDP 69.139.xxx.xxx:138
UDP 69.139.xxx.xxx:1900
UDP 127.0.0.1:123
UDP 127.0.0.1:1035
UDP 127.0.0.1:1900
---------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------
+ Created on: 6:10:16 PM, 5/28/2006
+ Report-Checksum: 43A38C13
0: System Process
4: System Process
324: \SystemRoot\System32\smss.exe
340: C:\WINDOWS\System32\alg.exe
380: \??\C:\WINDOWS\system32\csrss.exe
404: \??\C:\WINDOWS\system32\winlogon.exe
448: C:\WINDOWS\system32\services.exe
460: C:\WINDOWS\system32\lsass.exe
620: C:\WINDOWS\system32\svchost.exe
684: C:\WINDOWS\system32\svchost.exe
736: C:\WINDOWS\System32\svchost.exe
768: C:\WINDOWS\System32\svchost.exe
812: C:\WINDOWS\System32\svchost.exe
880: C:\WINDOWS\system32\spoolsv.exe
1096: C:\WINDOWS\Explorer.EXE
1176: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
1208: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
1240: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
1316: C:\WINDOWS\system32\nvsvc32.exe
1396: C:\WINDOWS\System32\svchost.exe
1480: C:\WINDOWS\system32\wdfmgr.exe
1524: C:\WINDOWS\System32\MsPMSPSv.exe
1664: C:\PROGRA~1\mcafee.com\agent\mcagent.exe
1672: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
1744: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
1828: C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
1836: C:\WINDOWS\SM1BG.EXE
1848: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
1988: C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
2200: C:\Program Files\Internet Explorer\iexplore.exe
2528: C:\Documents and Settings\Ted Bedard\Desktop\ewido-setup.exe
2548: C:\Program Files\ewido anti-malware\SecuritySuite.exe
2652: C:\WINDOWS\system32\NOTEPAD.EXE
2704: C:\WINDOWS\system32\NOTEPAD.EXE
I hope this is what you wanted.
classicsoftware
05-28-2006, 09:24 PM
The report I want from ewido is the one you get at the end of the scan. Did Ewido find anything? If so how many things did it find? Did you fix them. Is the PC still having the same problems?
TED BEDARD
05-28-2006, 10:07 PM
I couldn't fine the ewido log file so I 'm running it again and will try to save and locate the file. The PC is still doing the same thing.
TED BEDARD
05-28-2006, 10:25 PM
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 9:22:02 PM, 5/28/2006
+ Report-Checksum: 95D4F768
+ Scan result:
HKLM\SOFTWARE\Classes\BookedSpace.Extension.3 -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\IExplorr26.clsDW -> Adware.InetSpeak : Cleaned with backup
HKLM\SOFTWARE\Classes\IExplorr26.clsDW\Clsid -> Adware.InetSpeak : Cleaned with backup
HKLM\SOFTWARE\Classes\IExplorr26.clsIS -> Adware.InetSpeak : Cleaned with backup
HKLM\SOFTWARE\Classes\P2ECOM.EGP2ECOM.1 -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchHook.URLSearchHook -> Adware.CrackedEarth : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchHook.URLSearchHook\Cur Ver -> Adware.CrackedEarth : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchHook.URLSearchHook.1 -> Adware.CrackedEarth : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A}\\BandCLSID -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1715567821-2111687655-682003330-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} -> Adware.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\msbb321.dll -> Adware.BargainBuddy : Cleaned with backup
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup
C:\Program Files\Spy Cleaner Free Version\Backup\11_06_200423_19_34.zip/0.scl -> TrackingCookie.Coremetrics : Error during cleaning
C:\Program Files\Spy Cleaner Free Version\Backup\11_06_200423_19_34.zip/1.scl -> TrackingCookie.Coremetrics : Error during cleaning
C:\Program Files\Spy Cleaner Free Version\Backup\11_06_200423_19_34.zip/2.scl -> TrackingCookie.Coremetrics : Error during cleaning
C:\Program Files\Spy Cleaner Free Version\Backup\11_06_200423_19_34.zip/3.scl -> TrackingCookie.Coremetrics : Error during cleaning
C:\Program Files\Spy Cleaner Free Version\Backup\02_06_200512_00_34.zip/0.scl -> TrackingCookie.Coremetrics : Error during cleaning
C:\Program Files\Microsoft Games\Flight Simulator 9\FlightScenery\rmlbfz01.exe -> Dropper.Gobo.a : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\contexts -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\newssearchiconxp.png -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\newssearchicon.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\newssearchiconxp_over.png -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\newssearchicon_over.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png -> Adware.Starware : Cleaned with backup
TED BEDARD
05-28-2006, 10:33 PM
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@www2.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@webpdp.gator[2].txt -> TrackingCookie.Gator : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@bis.180solutions[1].txt -> TrackingCookie.180solutions : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@www2.enigmasoftwaregroup[3].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@adnetintads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ads.x10[1].txt -> TrackingCookie.X10 : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@secure.specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@s.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@spms.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ehg-attenza.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@www.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ehg-superwarehouse.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ehg-buyseasons.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ehg-idg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ehg-attworldnet.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ads08.hyperbanner[2].txt -> TrackingCookie.Hyperbanner : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ehg-buytelco.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@servedby.advertising[5].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@perf.overture[3].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@server.iad.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@stat.onestat[3].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\ted bedard@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mary Ann\Local Settings\Temporary Internet Files\Content.IE5\2BS5UZGB\exitpoplight1[2].htm -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\Mary Ann\Local Settings\Temporary Internet Files\Content.IE5\2BS5UZGB\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\Mary Ann\Local Settings\Temporary Internet Files\Content.IE5\2BS5UZGB\exitpoplight1[3].htm -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\Mary Ann\Local Settings\Temporary Internet Files\Content.IE5\4HEGOL76\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\Mary Ann\Local Settings\Temporary Internet Files\Content.IE5\KPAR4DIB\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\Mary Ann\Local Settings\Temporary Internet Files\Content.IE5\KPAR4DIB\exitpoplight1[2].htm -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\Mary Ann\Local Settings\Temporary Internet Files\Content.IE5\61Q70PQZ\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\Mary Ann\Local Settings\Temporary Internet Files\Content.IE5\61Q70PQZ\exitpoplight1[2].htm -> Trojan.NoClose.i : Cleaned with backup
C:\System Volume Information\_restore{F48267E1-C476-4DC2-B19E-0AEA6F5569C5}\RP256\A0093811.dll -> Adware.BHO : Cleaned with backup
::Report End
classicsoftware
05-28-2006, 11:14 PM
First it appears you tried to fix this problem with other software before you came here. You can break the LSP stack and basically you are screwed.
Did you allow Ewido to fix all that it found?
What did you do before you came here?
Can you get to any page? Can you get e-mail with outlook or outlook express?
Also, open Hijackthis and fix:
O4 - HKLM\..\Run: [MediaPipe P2P Loader]
Re-boot and post a fresh log.
TED BEDARD
05-29-2006, 12:46 PM
I thought this would be an easy fix so I didn't document or remember all the things I did. I followed all the instruction from Comcast Tech Support while on the phone also with McAfee because I couldn't complete a download for spyware. I tried to use one of my search program (dogpile) and the page wouldn't come up. There is a small percentage of web pages that can't open but they are some of the one's I use a lot. My email works fine
If the LSP stack is broken does that mean I have to reinstall windows? If not, then what. I'll run HiJackthis and post a fresh log.
TED BEDARD
05-29-2006, 12:58 PM
Logfile of HijackThis v1.99.1
Scan saved at 11:55:53 AM, on 5/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader]
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {3B92D300-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {3B92D301-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {3B92D302-5A93-11D8-8366-0050BAC0679C} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.bankofamerica
O15 - Trusted Zone: http://csb.sprint.com
O15 - Trusted Zone: http://www.voiceglo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144938977406
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
You haven't said anything about SP2 Connection Patcher weather I should run it or not.
Just wait until everything else is finished and and CS gives you the all clear.
I don't think it will be needed, but we'll wait to see what CS says. I'm guessing that Comcast had you run it in an attempt to fix your problem. I'm also guessing that for a complete fix it will need to be unistalled, again wait and see what Classicsoftware says...
classicsoftware
05-29-2006, 07:35 PM
Open Hijackthis and place a check next to:
O4 - HKLM\..\Run: [MediaPipe P2P Loader]
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
click fix checked.
Re-boot. New log and tell us how the system is running.
;)
Thought you might want that gone...
TED BEDARD
05-29-2006, 08:43 PM
Logfile of HijackThis v1.99.1
Scan saved at 7:35:14 PM, on 5/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HiJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader]
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {3B92D300-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {3B92D301-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {3B92D302-5A93-11D8-8366-0050BAC0679C} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.bankofamerica
O15 - Trusted Zone: http://csb.sprint.com
O15 - Trusted Zone: http://www.voiceglo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144938977406
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
The problem is still here. The other thing that happens now is when i bootup windows opens the SYSTEM32 folder. I always close all my folders before I shutdown so I only have desktop when I bootup
classicsoftware
05-29-2006, 08:51 PM
Are you fixing these things as they are still there?
TED BEDARD
05-29-2006, 09:11 PM
I run the HiJackthis scan and then check the box you told me to, and then click on fix. I reboot the computer, run HiJackthis, copy the log file and paste to the Quick Reply window. Is the fix suppose to remove them? I'm following your directions and not sure what's suppose to happen.
classicsoftware
05-29-2006, 10:03 PM
Let's boot into safe mode and try the fix that way and see what happens.
TED BEDARD
05-30-2006, 12:21 AM
Logfile of HijackThis v1.99.1
Scan saved at 11:09:55 PM, on 5/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HiJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader]
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {3B92D300-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {3B92D301-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {3B92D302-5A93-11D8-8366-0050BAC0679C} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.bankofamerica
O15 - Trusted Zone: http://csb.sprint.com
O15 - Trusted Zone: http://www.voiceglo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144938977406
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
I ran HiJackthis and checked O4 - HKLM\..\Run: [MediaPipe P2P Loader] O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
That didn't make any difference.
Have you ever seen this problem before? I know there's a lot of different ways to fix this problem from doing a search of the error. I think if I start trying to do them I'll really screw up my PC. I'll follow you advice until you run out of things to do.
CTL-ALT-DEL -> TaskManager -> Processes -> find SP2ConnPatcher -> rt click End Process
Then check in Add/Remove Programs and see if it has an unistall...
Run the uninstaller if found.
Also after killing the process, hunt down and rename the dang thing to SP2ConnPatcher.ex_
classicsoftware
05-30-2006, 12:36 AM
Have you ever seen this problem before? I know there's a lot of different ways to fix this problem from doing a search of the error. I think if I start trying to do them I'll really screw up my PC. I'll follow you advice until you run out of things to do.
Until we get this crapware off your PC, there is no point in trying anything else.
Be patient and see if you can kill the process and then remove with Hijackthis. Let is know if it's still in the log.
TED BEDARD
05-30-2006, 02:57 PM
Logfile of HijackThis v1.99.1
Scan saved at 1:54:24 PM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\Program Files\HiJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader]
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {3B92D300-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {3B92D301-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {3B92D302-5A93-11D8-8366-0050BAC0679C} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.bankofamerica
O15 - Trusted Zone: http://csb.sprint.com
O15 - Trusted Zone: http://www.voiceglo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144938977406
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
looks like it's gone. Should this program be there"O4 - HKLM\..\Run: [MediaPipe P2P Loader] "?
No...
Do the same as for the other one...and this time hunt down the executable named, mpp2pl.exe and then rt click on it, hold down the shift key and hit delete (in the menu).
TED BEDARD
05-30-2006, 03:24 PM
can't find mpp2pl.exe
Then use HJT to fix it and after rebooting run another scan to see if it is still there...
TED BEDARD
05-30-2006, 05:18 PM
I ran HJT in safe mode and normal mode. It's still there. Also I deleted any references to P2P, SP2 and mediapipe in the Programs directory
TED BEDARD
05-30-2006, 05:30 PM
I ran regedit and looked for any reference to P2P. SP2P showed up and Istarted to delete them. When I saw ISP2P I stop to check with you if this was a good or bad idea
TED BEDARD
05-30-2006, 05:31 PM
FAT32 partition
No, just don't blindly delete them.
List them out...I'm not sure that you actually need any P2P references, but it is better to be safe than sorry.
TED BEDARD
05-30-2006, 06:02 PM
I found MediaPipe P2P Loader In regedit at "HKEY Local Machine\Software\Microsoft\Windows\Run" and deleted it. Then I ran HJT and it didn't show up. I only deleted 2 or 3 SP2P references. I'm going to see if I can find what programs needed this reference before I reboot. It may reference a program I can reinstall as long as it don't affect the boot.
TED BEDARD
05-31-2006, 10:37 PM
Did everyone give up on this one or are you still trying to find a solution and don't have anything yet?
Variable
05-31-2006, 11:38 PM
Have you added the localhost to the host file? When you go to Start and RUN and type cmd and then hit enter, type ipconfig /all hit enter, what is are your DNS Server address's and what is your IP and Default gateway?
classicsoftware
06-01-2006, 03:22 AM
Did everyone give up on this one or are you still trying to find a solution and don't have anything yet?
Waiting to see if it affected the PC and look at a new log.
I think the spyware is probably gone and now we are looking at cleaning up the aftermath.
TED BEDARD
06-01-2006, 10:48 PM
The DNS is 68.87.74.162
38.87.68.162
IP Address: 69.139.43.xxx207
Default Gateway:69.139.43.xxx129
From the command prompt the ipconfig/all, doesn't work. I also tried run:ipconfig/all. It didn't work
TED BEDARD
06-01-2006, 10:51 PM
classicsoftware, I take it you want me to run HJT and post the results?
classicsoftware
06-01-2006, 11:05 PM
Yes I do. Do you have a router? I take it you do not. Does your Mcafee suite have a firewall?
TED BEDARD
06-01-2006, 11:13 PM
yes and it's on
classicsoftware
06-01-2006, 11:20 PM
I'd like to look at a fresh log.
You may want to turn the firewall off for a little bit and see if that is not causing your problem. If it improves then you have to reconfigure the firewall settings.
I also asked Budfred to take a look, maybe I'm missing something....
TED BEDARD
06-01-2006, 11:30 PM
Logfile of HijackThis v1.99.1
Scan saved at 10:26:37 PM, on 6/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {3B92D300-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {3B92D301-5A93-11D8-8366-0050BAC0679C} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {3B92D302-5A93-11D8-8366-0050BAC0679C} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.bankofamerica
O15 - Trusted Zone: http://csb.sprint.com
O15 - Trusted Zone: http://www.voiceglo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144938977406
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Iturned the firewall off and it didn't make any difference. I'm also using AVG Anti-Virus program. Windows security center is off to.
TED BEDARD
06-02-2006, 02:35 PM
I tried downloading Firefox but the download button was not there. Just the 2 arrows pointing to nothing. I disabled Mcafee firewall. Still nothing. This has got to be insane.
I tried to restore the system back before anything went bad and I can't do that. The restore calender shows all the dates that can be restored but no matter which one I pick it won't restore. It's hard to believe there is still something on my hard drive causing all these problems. You guys still have my attention!!!!
classicsoftware
06-02-2006, 10:54 PM
Can you download FF on another PC and burn a CD?
Or if you have a USB Flash drive you can try some of these (http://portableapps.com/). Load them on the drive on another machine and then run them on the 'crazy' one...
Get Portable FF and ClamWin (update ClamWin on the USB device...)
Then run FF...if it works, then we are looking at an IE problem.
Or something infectious...so run ClamWin and scan.
Heck, run ClamWin in any case...
Variable
06-03-2006, 11:36 AM
Your IP address on your local machine and the default gateway are both vaild public IP's according to what you posted. It appears you either have a static IP on the PC, (which I didn't see mentioned) or your router is set up is incorrectly. You are not doing NAT and your PC is sitting on the web. You could have routing issues between the router and the PC. I take it you are not using DHCP?
Open Start, Run and type cmd and hit enter
Can you ping www.google.com?
Can you ping 64.233.161.147?
Can you ping your first DNS address i.e. 68.87.74.162
Type nslookup www.google.com <enter>
The first server is the one your PC is asking for DNS resolves i.e. Name to IP addresses and it's IP. It should match what Comcast tells you to use i.e. 68.87.74.162.
The next step is from the command line to type tracert 64.233.161.147 <enter>
The steps show the route the packets take from your machine to google. According to what you posted you should see your default gateway IP first and then (maybe) your Comcast Internet router. Post back the results from above.
Just because you had spyware does not mean that is the cause of your internet connection woes. Computers are complicated devices but TCP/IP is pretty straightforward - if you understand how it all works that is.
ipconfig /all has a space between ipconfig and the /all.
TED BEDARD
06-03-2006, 05:38 PM
Variable, I had to change directories to get ping to work.
mjc,I don't have another pc to work with. I'll try to gey my friend to load the program on one of my memory sticks.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Ted Bedard>ping www.google.com
'ping' is not recognized as an internal or external command,
operable program or batch file.
C:\Documents and Settings\Ted Bedard>ping
'ping' is not recognized as an internal or external command,
operable program or batch file.
C:\Documents and Settings\Ted Bedard>cd\
C:\>ping
'ping' is not recognized as an internal or external command,
operable program or batch file.
C:\>cd\windows\system32
C:\WINDOWS\SYSTEM32>ping
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] target_name
Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.
C:\WINDOWS\SYSTEM32>ping www.google.com
Pinging www.l.google.com [64.233.187.104] with 32 bytes of data:
Reply from 64.233.187.104: bytes=32 time=42ms TTL=236
Reply from 64.233.187.104: bytes=32 time=43ms TTL=236
Reply from 64.233.187.104: bytes=32 time=42ms TTL=236
Reply from 64.233.187.104: bytes=32 time=42ms TTL=236
Ping statistics for 64.233.187.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 43ms, Average = 42ms
C:\WINDOWS\SYSTEM32>ping 64.233.161.147
Pinging 64.233.161.147 with 32 bytes of data:
Reply from 64.233.161.147: bytes=32 time=51ms TTL=232
Reply from 64.233.161.147: bytes=32 time=63ms TTL=233
Reply from 64.233.161.147: bytes=32 time=51ms TTL=233
Reply from 64.233.161.147: bytes=32 time=51ms TTL=232
Ping statistics for 64.233.161.147:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 63ms, Average = 54ms
C:\WINDOWS\SYSTEM32>ping 68.87.74.162
Pinging 68.87.74.162 with 32 bytes of data:
Reply from 68.87.74.162: bytes=32 time=8ms TTL=56
Reply from 68.87.74.162: bytes=32 time=9ms TTL=56
Reply from 68.87.74.162: bytes=32 time=8ms TTL=56
Reply from 68.87.74.162: bytes=32 time=8ms TTL=56
Ping statistics for 68.87.74.162:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 9ms, Average = 8ms
C:\WINDOWS\SYSTEM32>nslookup www.google.com
Server: cns.bonitasprngs.fl.naples.comcast.net
Address: 68.87.74.162
Non-authoritative answer:
Name: www.l.google.com
Addresses: 64.233.187.99, 64.233.187.104
Aliases: www.google.com
C:\WINDOWS\SYSTEM32>nslookup www.dogpile.com
Server: cns.bonitasprngs.fl.naples.comcast.net
Address: 68.87.74.162
Non-authoritative answer:
Name: searchxml.infospace.com
Address: 204.9.89.1
Aliases: www.dogpile.com
C:\WINDOWS\SYSTEM32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : computer
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.
Ethernet adapter Local Area Connection 4:
Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethe
rnet NIC
Physical Address. . . . . . . . . : 00-50-BA-C0-67-9C
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 69.139.43.207
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . : 69.139.43.129
DHCP Server . . . . . . . . . . . : 68.87.74.10
DNS Servers . . . . . . . . . . . : 68.87.74.162
68.87.68.162
Lease Obtained. . . . . . . . . . : Saturday, June 03, 2006 2:36:11 PM
Lease Expires . . . . . . . . . . : Wednesday, June 07, 2006 2:36:11 PM
C:\WINDOWS\SYSTEM32>tracert 64.233.161.147
Tracing route to 64.233.161.147 over a maximum of 30 hops
1 17 ms 6 ms 6 ms 73.18.112.1
2 5 ms 6 ms 6 ms ge-2-37-ur01.beaudr.fl.naples.comcast.net [68.87
.237.45]
3 7 ms 7 ms 8 ms te-8-2-ur01.lehigh.fl.naples.comcast.net [68.87.
236.74]
4 7 ms 7 ms 8 ms te-9-1-ur01.fortmyers.fl.naples.comcast.net [68.
87.236.65]
5 8 ms 7 ms 8 ms te-8-2-ur02.leecocourt.fl.naples.comcast.net [68
.87.236.61]
6 10 ms 8 ms 7 ms te-8-1-ur01.alicocentrrd.fl.naples.comcast.net [
68.87.236.58]
7 8 ms 7 ms 8 ms te-8-3-ar02.bonitasprngs.fl.naples.comcast.net [
68.87.236.37]
8 15 ms 13 ms 28 ms 12.124.91.21
9 25 ms 26 ms 25 ms 12.123.33.14
10 24 ms 25 ms 28 ms tbr1-cl1474.attga.ip.att.net [12.122.12.121]
11 25 ms 25 ms 24 ms 12.123.20.201
12 24 ms 23 ms 24 ms 192.205.33.38
13 39 ms 38 ms 40 ms 64.124.229.173.google.com [64.124.229.173]
14 52 ms 51 ms 47 ms 72.14.236.27
15 50 ms 53 ms 51 ms 72.14.236.200
16 55 ms 58 ms 62 ms 66.249.94.232
17 62 ms 50 ms 64 ms 64.233.161.147
Trace complete.
C:\WINDOWS\SYSTEM32>
TED BEDARD
06-03-2006, 06:12 PM
I install Firefox and it is working great. I was able to open all the web pages I couldn't
with IE. You guy's did so much work trying to get my PC running right I don't know to thank you.
TED BEDARD
06-03-2006, 06:48 PM
So if I still want to use IE for my browser, I'll have to unstall it and then reinstall it again?
Maybe I'll try Firefox for awhile to see how it works.
Well, since FF works, then we are back to IE is either infected or broke...
ClamWin run from the memory stick should help. Especially if you can set the stick in a read only mode, after it has been updated with the latest virus definitions.
Variable
06-03-2006, 08:16 PM
Updating it may work.
You should be able to run ping without changing directories. I think there is a permissions issue going on.
Is it normal for cable modem users to have public IP's on their internal PC?
TED BEDARD
06-03-2006, 09:11 PM
mjc, do I need ClamWin to check for viruses? I already have AVG Virus running on my computer. Not sure exactly what your asking.
Variable, if you look at post #57 you can see where I typed "ping" and nothing happened until I changed directories. Don't know anything about public IP. Is it something that should be removed?
Yes, ClamWin would be a good check for viruses/malware...it is low resource, scans on demand (no resident scan) and isn't popular enough yet to be targetted by the AV-killers. (Besides, it would be much harder to kill that way, because it is open source and can get 'fixes' very quickly...among other reasons.) It has a very powerful engine and huge database (Clam is originally a Linux AV made to run on email servers to scan mail through the server...it can find all sorts of viruses that can hide from other apps). ClamWin is a Windows port of Clam.
The 'portable' version, especially if you can write protect your media, is a great way to conduct a secondary scan. Norton, McAfee, AVG and all the rest (maybe not quite all, but definitely most) have at one time or another been targets of AV killers...and many of the AV killers are/were malware that did things like redirect you certain pornographic sites, install true 'spyware' (keyloggers and such), nasty trojans that turned your machine into a warez file server, etc...
One of the ways they did this was by rewriting the settings of the AV program in the registry...portable ClamWin keeps its settings elsewhere. They would also tamper with the definitions, just plain delete the main exe and many other things...most if not all of that is prevented just by ClamWin being a 'portable' app...and write protecting the media, after it is updated....nearly impossible to tamper with.
So, yes...please use it...because like I said before, either IE is broken (I don't think that it quite did it on its own) or has been hijacked and possibly by something that is hiding from or defeting the usual tools used to detect such things...
classicsoftware
06-03-2006, 11:01 PM
Is it normal for cable modem users to have public IP's on their internal PC?
NO. It is not. It means he is either not using a router, the router is broken or it is setup incorrectly.
What version if IE are you running...
TED BEDARD
06-03-2006, 11:18 PM
I'm not using a router. Just a cable modem. IE ver is 6.0.2800.1106
vBulletin v3.6.1, Copyright ©2000-2009, Jelsoft Enterprises Ltd.