Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Files Scanned =0, & Downloads Show Bad Certificates


  • Please log in to reply
4 replies to this topic

#1 28amber

28amber

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 24 August 2007 - 03:21 AM

Hi,

My McAfee antivirus and all other scans (such as the rootkit scanner) show 0 files scanned. Microsoft updates are sketchy and I only know enough to be dangerous. Small "about blank" pop=up screens showed up when I tried to download lavasoft & spybot so I'm sorry but I thought I'd better give you the Hijack this log before I made it worse (Even got other moving pop-ups on lavasoft when trying to download).

Here's the Hijack this log - Thanks for any help you can give!

Logfile of HijackThis v1.99.1
Scan saved at 12:28:33 AM, on 8/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\CMPnC.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Amber\My Documents\Hijackthis2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187923774164
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187923755958
O17 - HKLM\System\CCS\Services\Tcpip\..\{94D049C6-DBE4-4A88-9833-90E6AF55ECCD}: NameServer = 68.28.58.11 68.28.50.11
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe



Take Care ~ Amber

PS- I can't change My home page on IE.

Edited by 28amber, 24 August 2007 - 05:03 AM.


BC AdBot (Login to Remove)

 


#2 28amber

28amber
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 25 August 2007 - 02:10 AM

FYI - I tried House Call but supposedly my Java isn't working and the link on their web site to fix or add it won't work for me because the active x won't download (I've tried eveything to allow it but the yellow warning bar won't even pop-up). I also tried the link to Bit Defender (I think) but it shows as an invalid web address. Anything I can get to download (lavasoft, etc)shows an invalid certificate and notes that my revocation checker supposedly is unable to check the cert.

Please help!!! Maybe I'm just missing some files (I'm keeping my fingers crossed) but I'm just not knowledgeable enough to know.

PS - The version of Macafee I'm running is Enterprise 8.5.0i and I tried the virtual advisor but the cert was bad & it didn't work right anyway.


Thanks for any advise you can give!

#3 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:07:31 AM

Posted 06 September 2007 - 09:36 PM

Hi 28Amber,

Sorry for the delay, this forum is really busy right now.

Good news -- there's no sign of malware in your log.

Bad news -- I'm not sure what's causing all your problems, though I have a suspect for some of them.

Try this:

Download LSPFix and save to your desktop.
alternate download site
alternate download site
  • Disconnect from the Internet, go to the LSPfix file and extract (unzip) LSP-Fix into its own folder such as C:\lspfix. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.
  • Open the lspfix folder and double-click on LSPFix.exe to start the program.
  • Check the "I know what I am doing" checkbox.
  • Select (highlight) all instances of bmnet.dll in the left column under "Keep".
  • Click the arrow >> so it goes over to the right column under "Remove".
  • Click "Finish" and LSPfix will remove references to the file and restore the chain numbers.
  • Restart your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
  • Look for the following file.

    • C:\Windows\system32\bmnet.dll
  • If you find it rename it to bmnet.dll.old.
  • Restart your computer normally and post a new HJT log.
For instructions with screen shots, see the "Using LSP-Fix Tutorial".

Let me know if this helps with your downloading problems.

Dave

#4 28amber

28amber
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 09 September 2007 - 02:17 AM

OK.
I did what you said but got the following error : Failed to create key
Sysytem\Current Control Set\ Services \ Winsock2 \ Parameter \ Protocol_Catalog9 \ Catalog_Entries \ 000000000001.

Now everything won't work on that laptop. Most services error if I try to start them, and as far as I can tell "bmnet.dll" is a file so my Sprint card will work. Now I can't access the internet on that laptop & don't know how to fix it so I don't think I can post a new HJT log. If I can copy it to a disk & send it from a different laptop, I will, if it won't infect the other laptop. I've almosty decided it's easier to get a new laptop every 6 months in order to avoid this - sick, I know, but they all seem to start this baloney in less than a year. Cost of time vs cost of replaclacment - extortion as far as I'm concerned. Sorry if this offended anyone, but that's just been my experience (I'm not going to say how many laptops I have in the last few years that started this "baloney", but I can't trust calling into my work computer unless there's no chance of a problem. I actually care about our clients' privacy.

Please help!

Edited by 28amber, 09 September 2007 - 02:36 AM.


#5 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:07:31 AM

Posted 09 September 2007 - 08:27 AM

Hi again,

Sorry that didn't work.

as I can tell "bmnet.dll" is a file so my Sprint card will work



Actually bmnet.dll is part of Bytemobile software, it is installed along with your Sprint software in order to "speed up" your connection by compressing and decompressing data. I was hoping Sprint would function without it, because the compression/decompression will cause the kinds of errors you were seeing. It is a notorious troublemaker.

I've almosty decided it's easier to get a new laptop every 6 months in order to avoid this


No need to replace the laptop, this is not a hardware problem. Worst case would be to back up all your data and then reformat the hard drive and do a clean install of Windows from your Windows install disk or your manufacturer's recovery disk(s). However, we haven't got to that point yet.

First let's see if we can put things back to where they were.

Navigate to the C:\Windows\system32\bmnet.dll.old file. Rename it to bmnet.dll. Then Run LSPfix again and check the "I know what I'm doing" box. See if bmnet.dll is in the right hand column. If so, move it back to the left hand column. If it is in the left hand column leave it alone and just close the program. If it is not in either column close the program.

Let me know what you find.

Dave

Edited by DaveM59, 09 September 2007 - 08:51 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users