WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Double-clicking IE6 icon opens IE but doesn't log-

Started by Crimea , Dec 14 2007 04:36 PM

This topic is locked

12 replies to this topic

#1 Crimea

Authentic Member

Authentic Member
71 posts

Posted 14 December 2007 - 04:36 PM

Hi,

I'm relatively new to this.

Windows XP, SP2
IE 6

Problems:
1. I can no longer log-on to the internet, directly, when I open IE 6. Clicking the IE 6 logo or my ISP-branded IE logo opens IE but continually presents me with “Cannot find server/The page cannot be displayed”. I can, though, log-on by selecting the “website” link for any of the programs listed under “All Programs”, which open IE at the software’s sites, from where I can move to the sites I want. If I want to open another IE window, though, I have to find a site with links that open new windows as pop-ups; and

2. Occasionally, when I try to retrieve a file from the Temp Int Folder [Control Panel > Performance... > Free up space on your hard disk > [Temporary Internet Files] View Files], the folders are empty and, yet, in IE [Tools > Internet Options > General > [Temp Int Files] Settings > View Files], many files are listed. Also, when I use CCleaner, to erase the Temp Int Files, the scan for the files reveals many MBs of files, not zero.

I’ve run several of the on-line virus/mal-ware scanners listed at http://wiki.castleco...ntivirus_scans: Panda TotalScan; a-Squared Web Malware Scanner; BitDefender Online Scanner; Ewido; Eset; Freedom Online Virus Check; Trend Micro HouseCall 6.6; and F-secure and removed whatever they’ve found, but the problems persists.
.......................................
On a separate note:
Freedom Online Virus Check continually causes IE to shut-down, triggering the Microsoft ‘Error’ report. I can’t get this scanner to fully scan my hard-drive.

Every online scan I run, now that I have run Panda TotalScan on my PC, triggers my Anti-virus program, Avira AntiVir, to flag-up two of Panda Totalscan’s components as viruses. I always tell Avira AntiVir to ‘ignore’ them but don’t know whether I should. Avira states:
C:\Program Files\Panda Security\...\psnflg.dll is the Trojan Horse TR/Agent.bux.1
And
C:\Program Files\Panda Security\...\pskavs.dll contains detection pattern of the Windows virus W95/Bumblebee.1738
...........................................
I’ve followed your “Before Posting A HijackThis Log “Self-help”” instructions [here]
Here is the AVG Anti-spyware log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 18:55:59 14/12/2007

+ Scan result:

Nothing found.

::Report end
.............................................................................

Here is the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:34:26, on 14/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Invisible Security Full\InvisibleSecurityFull.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
D:\### ANTI-VIRUS, -SPY-WARE ETC\HIJACK THIS 1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - HKCU\..\Run: [Invisible Security] C:\Program Files\Invisible Security Full\InvisibleSecurityFull.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.tr...ivex/hcImpl.cab
O16 - DPF: {2D9F7B63-EC7C-43FF-A41D-6E9EC984A5B9} (GGSecSign Class) - https://myaccount.ga...s/GGSecSign.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponrep...123/csauie1.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan....bs/nanoinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.freedom.n...cabs/cssweb.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

I would greatly appreciate any help anyone could give. I hope there is a fault listed so I don't have to search for an answer somewhere else.

Thanks.

Advertisements

Register to Remove

#2 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 21 December 2007 - 03:23 PM

Hello and Welcome to the forum.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
Please do not re-connect your machine back to the Internet until Combofix has completely finished.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#3 Crimea

Authentic Member

Authentic Member
71 posts

Posted 27 December 2007 - 10:47 AM

Hi LDTate,

Sorry about the delay in replying: Christmas and all that.

Here are my ComboFix and HijackThis logs:

ComboFix:

ComboFix 07-12-21.4 - Arjun 2007-12-27 16:26:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.554 [GMT 0:00]
Running from: C:\Documents and Settings\Arjun\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.

2007-12-24 21:48 . 2007-12-24 21:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-24 21:48 . 2007-12-24 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-23 23:57 . 2007-12-23 23:57 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-12-15 16:58 . 2007-12-15 16:58 <DIR> d-------- C:\Program Files\QuickTime
2007-12-14 16:31 . 2007-12-14 16:31 <DIR> d-------- C:\Documents and Settings\Arjun\Application Data\Grisoft
2007-12-14 16:31 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-12 23:45 . 2007-12-12 23:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-12 23:08 . 2007-12-12 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 15:44 . 2007-12-17 17:28 <DIR> d-------- C:\Documents and Settings\Arjun\Application Data\DivX
2007-12-11 15:41 . 2007-12-11 15:41 <DIR> d-------- C:\Program Files\DivX
2007-12-04 20:36 . 2007-12-04 20:36 <DIR> d-------- C:\Program Files\ZSoft
2007-12-04 18:38 . 2007-12-04 18:38 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-04 18:38 . 2007-12-04 18:38 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-04 18:38 . 2007-12-04 18:38 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-04 18:38 . 2007-12-04 18:38 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-04 18:38 . 2007-12-04 18:38 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-04 18:35 . 2007-12-04 18:35 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-04 18:35 . 2007-12-04 18:35 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-01 18:44 . 2007-12-02 17:25 <DIR> d-------- C:\Program Files\Panda Security
2007-12-01 14:58 . 2007-12-01 17:25 <DIR> d-------- C:\Program Files\MICROSOFT DOWNLOAD CENTRE
2007-12-01 03:55 . 2006-11-28 16:30 94,480 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-01 03:47 . 2007-12-01 03:47 <DIR> d-------- C:\WINDOWS\system32\HouseCall 6.6
2007-12-01 03:47 . 2007-12-18 14:56 <DIR> d-------- C:\Documents and Settings\Arjun\Application Data\HouseCall 6.6
2007-12-01 01:12 . 2007-12-19 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2007-12-01 01:12 . 2007-08-08 20:02 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-12-01 01:12 . 2007-05-08 17:01 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-12-01 01:12 . 2006-02-28 12:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2007-12-01 01:11 . 2007-12-27 15:12 10,079 --a------ C:\WINDOWS\BOC425.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 16:20 --------- d-----w C:\Program Files\Invisible Security Full
2007-12-27 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 15:14 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-27 15:14 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-20 22:37 --------- d-----w C:\Program Files\EsetOnlineScanner
2007-12-04 20:46 --------- d-----w C:\Program Files\CCleaner
2007-12-04 18:38 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-04 18:38 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-04 18:38 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-04 18:38 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-12-04 18:38 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-04 18:38 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-12-04 18:36 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 18:36 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 18:36 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-04 18:36 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 18:36 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-04 18:36 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-04 18:36 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-04 18:36 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-04 18:36 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-04 18:36 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-04 18:36 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-04 18:36 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-01 01:11 --------- d-----w C:\Program Files\Comodo
2007-11-12 16:24 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-12 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-12 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-11-12 16:16 --------- d-----w C:\Program Files\Nero
2007-11-05 22:28 --------- d-----w C:\Documents and Settings\Arjun\Application Data\Nero
2007-10-27 20:23 --------- d-----w C:\Program Files\Avira
2007-10-27 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2007-10-27 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-25 10:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"Eraser"="C:\Program Files\Eraser\Eraser.exe" [2007-07-28 21:05]
"Invisible Security"="C:\Program Files\Invisible Security Full\InvisibleSecurityFull.exe" [2006-06-23 22:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-02-28 12:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 12:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 12:00]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-02-28 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-01 09:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2006-02-28 12:00 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 03:44 C:\WINDOWS\RTHDCPL.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-22 23:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-26 14:47]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-30 17:58]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-08-08 19:49]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-15 16:58]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MRUBlaster"="C:\Program Files\MRU-Blaster\indexcleaner.exe" [2003-01-05 12:20]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 12:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-04-27 14:00 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 03:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 03:39]
R1 LADriver;LADriver;C:\WINDOWS\system32\drivers\LADriver.sys [2005-09-22 03:12]
R1 LDDriver;LDDriver;C:\WINDOWS\system32\drivers\LDDriver.sys [2005-09-22 02:17]
R1 LHDriver;LHDriver;C:\WINDOWS\system32\drivers\LHDriver.sys [2005-09-22 03:21]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-22 05:36]
R3 BOCDRIVE;BOClean Kernel Monitor.;C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [2007-04-17 14:14]
R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 08:14]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\3.tmp []
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys []
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-02-23 17:57:39 C:\WINDOWS\Tasks\McAfee Cleanup.job"
- C:\DOCUME~1\Arjun\LOCALS~1\Temp\MCPR.tmp\mccleanup.exe¯-p vs,mpfpcu,mpfp,mps,shred,mpscu,mskcu,msk,emproxy,mas,fwdriver,hw,mbk,mcproxy,mhn
,mqccu,mqc,shrd,nmc,redir,mna,mwl,msad,msc,mcpr -s -uipipe McAfeeCleanupUIMessagePipe23412
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 16:27:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-27 16:27:33
.
2007-08-15 14:26:16 --- E O F ---
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 16:43:41, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Invisible Security Full\InvisibleSecurityFull.exe
C:\Program Files\internet explorer\iexplore.exe
D:\### ANTI-VIRUS, -SPY-WARE ETC\HIJACK THIS 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Invisible Security] C:\Program Files\Invisible Security Full\InvisibleSecurityFull.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.tr...ivex/hcImpl.cab
O16 - DPF: {2D9F7B63-EC7C-43FF-A41D-6E9EC984A5B9} (GGSecSign Class) - https://myaccount.ga...s/GGSecSign.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponrep...123/csauie1.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197990575718
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan....bs/nanoinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.freedom.n...cabs/cssweb.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Thanks.

#4 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 27 December 2007 - 04:13 PM

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

C:\Program Files\Invisible Security Full\InvisibleSecurityFull.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If Jotti is too busy you can try these.

http://www.kaspersky...anforvirus.html

http://www.virustota.../en/indexf.html

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#5 Crimea

Authentic Member

Authentic Member
71 posts

Posted 28 December 2007 - 12:24 PM

File: InvisibleSecurityFull.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5: a4f2e0df1c995d67cfdda9c139f55674
Packers detected: -
Bit9 reports: File not found
...............................................................................
Scan taken on 28 Dec 2007 17:59:07 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found BACKDOOR.Trojan (probable variant)
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
..............................................................................
Last file scanned at least one scanner reported something about: crack.exe (MD5: 831dfa66a2cc8c2fcd8b80b289a141ca, size: 62013 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web Tool.GameCrack
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X
...............................................................................

Although this is a pretty flaky program, I've used it for about a year: a lot longer than I've had a problem with IE 6.
To be honest, I haven't experienced the 'logging-on' problem for a few days. Perhaps my continued repeated scans with various online scanners and the removal of whatever file they've, occasionally, found, has solved the problem.

#6 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 28 December 2007 - 02:19 PM

OK. Lets leave this open for a couple days and see how it goes :thumbup:

Please do this:

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
If shown the disclaimer, Select "2"

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#7 Crimea

Authentic Member

Authentic Member
71 posts

Posted 01 January 2008 - 06:28 PM

The problem continues to occur.

I’ve tried to isolate what I’m doing when the problem arises but it seems to occur so randomly. I’ve also experienced two other problems which may have the same cause as the main problem:

1. I can no longer connect to Microsoft’s Update sites/servers when I try to use the “Update” service. I get the following error message:
When searching for available updates on the Update site, you receive the 0x8024402C error.
This error usually happens because we are unable to locate the correct proxy to access the internet or there is an invalid character in the proxy override settings.

1. A misconfigured Proxy/Firewall can cause this problem. Double-check the Proxy/Firewall settings. Add the following urls to the exception list within your Firewall/Proxy:
http://*.update.microsoft.com
https://*.update.microsoft.com
http://download.windowsupdate.com
For help configuring Proxy/Firewall refer to documentation or contact the manufacturer.
My firewall is Comodo Personal Firewall Pro 2.4.18.184 and I can’t expressly add urls to any “safe” list. I’ve asked on the Comodo forums how to allow these sites uninterrupted access and am still waiting for a reply, although I’ve had plenty of updates in the past with the same firewall without a problem. This confirmed to me there is definitely a problem somewhere on my P.C.

2. Remove invalid characters from the proxy exception list and then clear the proxy cache.
Open Internet Explorer.
On the Tools, select Internet Options.
Click on the Connections tab.
Click on the LAN Settings.
Click on the Advanced button.
Please delete any entry in the Exceptions section.
Next, clear your proxy cache.
Click on Start, and then click Run.
Type cmd in the Open box to get a DOS prompt.
Type proxycfg -d at the command prompt, and press Enter.
Type net stop wuauserv at the command prompt, and press Enter.
Type net start wuauserv at the command prompt, and press Enter.
Now try the site again.
I’ve checked this and it doesn’t apply.

3. Enable Web Browser automatic configuration within the ISA Firewall Client
Open ISA Firewall Client.
Click on Automatically detect ISA Server.
Click on OK Button.
I don’t know what this is.

4. Enable Automatically detect setting within Internet Explorer.
Open Internet Explorer.
On the Tools, select Internet Options.
Click on the Connections tab.
Click on the LAN Settings.
Click on Automatically detect setting.
Click on OK button.
I don’t want to mess around with my internet settings.

2. I can’t connect to Microsoft’s site/server to fully download the .NET Framework which I was told, during the installation of CDBurnerXP 4.0.022, that I needed, before I could run this particular “burning” program. During repeated installations of the .NET Framework, the prog/framework couldn’t and can’t establish a connection with the server to download the second part of the Framework.
The “setup.exe” “Error Report” window displays the following Error Signature:
EventType: wap10setup P1: 13165 P2: 3.0.04506.30_waprtm_x86_sfx
P3: gen P4: inst P5: f P6: dlmgr_bitserror P7: -2147012889
P8: 0 P9: runtofinish()_failed to retrie P10: -

I wondered whether the problem rests with whatever part of the Registry, System Files, etc. (?) is responsible for establishing a connection with a site/server. There seems to be something common to all three problems.

Sometimes, if I scan my P.C., whether with online scans or with my installed “anti” programs (when in “Safe Mode”), the problem disappears, although the programs don’t find anything. Could the process of scanning and/or putting the P.C. in “Safe Mode” temporarily disable whatever is causing the problem? If so, I don’t know what on Earth re-enables it.

I think the problem once occurred after I used XP’s own CD-burning utility to burn a disk – I was trying to determine whether the problem (another one) I was having burning CDs was with Nero or the writer or both. Perhaps you know better as to whether a part of the operating system used in XP’s burning process is common to that used in logging-on when selecting IE from the desktop, Start menu or “All Programs” menu.

Although for the past 2 days I haven’t had the ‘logging-on’ problem, earlier today, when running the Ewido Anti-spyware scanner, I received the “IE has encountered a problem and needs to close...” message, which closed all of the open windows. The IE Error Signature is as follows:
AppName: iexplore.exe AppVer:6.0.2900.2180 ModName: wininet.dll
ModVer: 6.0.2900.3164 Offset: 0006593f

I’ve downloaded GMER anti-rootkit 1.0.13 and IceStorm 2.2 if you want me to post what they find.

Thanks.

#8 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 02 January 2008 - 06:52 AM

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#9 Crimea

Authentic Member

Authentic Member
71 posts

Posted 03 January 2008 - 06:11 PM

Hi,

The "Express" scan didn't find anything bar the possibility of "InvisibleSecurityFull.exe" being a Trojan.
The "Complete scan" didn't find anything at all.

For good measure I uninstalled Invisible Security 1.2 and re-tried the "Update" service and fully installing .NET Framework but without any change.

What should I try next?

#10 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 03 January 2008 - 08:06 PM

I don't see any spyware/malware or virus'

I'd try uninstalling.
Comodo\Firewall

I really don't know what else to suggest.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#11 Crimea

Authentic Member

Authentic Member
71 posts

Posted 04 January 2008 - 12:33 PM

Sorry, I posted the last message by mistake.

As I went to click "Preview" (I pressed "Post" by mistake), I realised my Firewall could be the cause of all the problems.

I uninstalled Comodo Firewall Pro 2.4.18 and downloaded and installed the latest version (3.0.14) and all of the problems seem to have been solved: I've been able to download the .NET Framework and all of the Updates I want (150 MBs of them!). It seems as if the firewall was even blocking the notification of the availability of updates.

For a few weeks, now, I've been receiving, every few days, Windows XP tray pop-up balloons indicating my firewall was disabled, which I ignored, as the firewall wasn't disabled. To be honest, this may have started at the same time as the problems but I didn't put two and two together.

Why the firewall suddenly started blocking Microsoft progs./sites (but, in all other respects, functioned correctly) and why the uninstallation and installation of the latest version solved the problems is baffling.

Thanks for all your help.

#12 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 04 January 2008 - 03:38 PM

Great job

You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#13 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 04 January 2008 - 03:38 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme