Solve : Several problems? – InterviewSolution

InterviewSolution

1.	Solve : Several problems?
Answer» I wasn't sure where to post this as I have more than one issue. I use XP Home and IE6, 1024MB Ram, 70GB HD. Of the 1024MB only 500 is available, don't know where the rest has gone. Internal links won't open, only show blank pages. I try to play online games and it says I don't have enough memory and has blank pages. I will be on the internet and get a "Internet Explorer has encountered an problem and needs to shut down". (SEVERAL times in a row) I have all updates, scanned for viruses, used stinger and removed spyware. Any help would be appreciated. guiness....Ok ...let go thru this again You have Win XP ....do you have Sp 1 and SP2 as well as all the updates ? you are able to access the internet ok ......Are you using dialup or Hi speed ..... Has your browser ever been hijacked ? Have you checked your system for trojans .... Which anti virus program do you use regularly ........Which spyware app do you regularly run ....... I know a lot of questions , but there is something going on that you NEED to correct ....... A format would correct , but it may not be necessary . Let us know dl65 Thanks for the quick response. Yes I have both SP1 and SP2 and all updates. I was running Nortons Antivirus, now I have EZAntiVirus and I use it everyday. No viruses were detected. I ran Stinger also, just in case. I also use Spybot. I have DSL. I can access the internet, no problem. Now IE has just started closing while I'm using it with no warning or error. Yes, my browser was hijacked but I changed it back and it is protected by WinPatrol. Any suggestions would be greatly appreciated.Have you tried running a Windows Update by going to HTTP://www.microsoft.com ? [glb]Flame[/glb]guiness.......How about D/L ....hijackthis .......from http://www.majorgeeks.com/download3155.html ....... After you have run the scan ( save it as a log file to your desktop ) and post it here for us to check ...... dl65 I have to give you the logfile in 2 posts. It is too long for one. And I have all the current Windows updates. Thanks for the help. Logfile of HijackThis v1.99.1 Scan saved at 6:38:22 PM, on 3/3/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\ALCXMNTR.EXEHere is some more of it. C:\Program Files\QuickTime\qttask.exe C:\Program Files\AIM\aim.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgrhttp://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r1.attbi.com:8000 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - Default URLSearchHook is missing O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O3 - TOOLBAR: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\letsroll.exe O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O15 - Trusted Zone: .hotmail.com O15 - Trusted Zone: .msn.com O15 - Trusted Zone: .passport.net O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094660909415 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://ipgweb.cce.hp.com/bus-nacons/caller/SysQuery.cab O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswarm.com/agent/1.3.0.1/DMInstall.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe wheres the rest of it ........There must be more than Im seeing dl65 ok ....now its all there ......let me have a look dl65 guiness......Is your home page ...... http://www.msn.com ? let us know dl65 Yes, my homepage is msn.comThank you dl65 guiness......Ok ......here's what to do...... open hijackthis..... next click Do system scan and save log file ...................Next .....click config. ........Next .... on the configuration page ..........leave the first box unticked and then tick the other 5 boxes ........next.....in the 4 URL boxes ....enter http://msn.com in each one .... Next ......click back...... Now mark for removal , the following : All R0 and R1 entries O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\letsroll.exe O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O15 - Trusted Zone: .hotmail.com O15 - Trusted Zone: .msn.com O15 - Trusted Zone: .passport.net Ok ....now click on fix checked........ Now reboot and see how things are ....... I would also suggest you D/L and run Antispyware ( Beta ) get it at ..... http://www.microsoft.com/athome/security/spyware/software/default.mspx Let us know how the pc is working now ....... dl65 Hi. I did everything you advised and I still can't access internal http links, only get a blank page. Same with the online games. Still says I don't have enough memory, along with a blank page. I have'nt had IE shut down though. That's a plus. I D/L and ran the Antispyware. There is a place there where it shows Windows Host Files. Most of it appears to be spyware and adware (doubleclick.com, valueclick.com) and others I'm not sure what they are. Is it safe to permanently ERASE these? Thanks for all your help. I know it is time consuming. If you have any other suggestions, I'm willing to try.

Discussion

No Comment Found

Related InterviewSolutions