Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major Issues Again...


  • Please log in to reply
8 replies to this topic

#1 pandammonia

pandammonia

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 20 January 2008 - 02:39 AM

Well it's all started again... All of a sudden, internet pages wont load properly, portions of pages come up in http, most have to be reloaded several times before they even begin to look like webpages. Firefox started giving me problems about "incorrect message authentication codes" and then "certificates being invalid" then pages being corrupt. When i finally can open a page, it looks nothing like it should, images are a mess - all green and half displayed, half the page comes up in http and the layout is all wrong. My ip assures me there is nothing wrong at their end.
I cannot open anything i download from the net, it tells me it's corrupted. Flash player is also having major issueswhen trying to uninstall/reinstall, there is something wrong with some ocx file or something.
This happened not too long ago, and then it was fine, now it's doing it again. I have checked my event viewer and there are so many errors logged around the time this started about leaked registry keys and all other jargon i dont understand. This one appears quite frequently from around the time it all began... <i>"Faulting application iexplore.exe, version 7.0.6000.16575, time stamp 0x470c3339, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x0006164f, process id 0x1444, application start time 0x01c84c6267c1a3a0."</i>
I have tried to do malware scans with all the scanners recommended but none of the are able to update - they all come back with bad checksums or other various error messages pertaining to the fact that they cannot update successfully.

I have looked everywhere for help with most of this and all the solutions i find do nothing to aide my cause. Any help is greatly appreciated. :huh:

BC AdBot (Login to Remove)

 


#2 xtinctss

xtinctss

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 20 January 2008 - 02:52 AM

CHeck to make sure your clock is correct. Also make sure you sync to net time correctly.

#3 pandammonia

pandammonia
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 20 January 2008 - 03:52 AM

Have done that, it's set to adjust time automatically and it's all good, though didnt help. Still having same issues.

#4 Monty007

Monty007

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:10:41 PM

Posted 20 January 2008 - 04:25 AM

Sometimes it gets to a point when there is really only one logical choice that can be made thats is......................to save all your important files ect. and format the PC. This is not said very often as most problems can be fixed with a little knowledge and research. But sometimes it gets to the point...its time to whipe the slate clean.

But on saying that this may not be an option for you so in event id the errors have an event id and description, can you post them.
Link to your error code http://aumha.org/a/stop.php#0xbe
MCP
MSDST

#5 pandammonia

pandammonia
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 20 January 2008 - 05:30 AM

Hi and thanks!
I would prefer if i didnt have to reformat, as i have about 230GB of stuff and no way to back it up. What error codes would u want to see from event viewer? As i said there are soo many in there, and most of it i dont know what it means.
Here is one i thought a bit suspicious... that occurs frequently.
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL - Evant ID 1530
20 user registry handles leaked from \Registry\User\S-1-5-21-1293610029-562342001-1096334571-1000:
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000
Process 3712 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 3712 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 3712 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Ahead\Nero Home\MediaLibrary
Process 3712 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Ahead\Nero Home\MediaLibrary
Process 3712 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Ahead\Nero Home\MediaLibrary
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Microsoft\SystemCertificates\trust
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Microsoft\SystemCertificates\My
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Microsoft\SystemCertificates\CA
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Microsoft\SystemCertificates\Root
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Policies\Microsoft\SystemCertificates
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Policies\Microsoft\SystemCertificates
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Policies\Microsoft\SystemCertificates
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Policies\Microsoft\SystemCertificates
Process 1628 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1293610029-562342001-1096334571-1000\Software\Microsoft\SystemCertificates\TrustedPeople


I also found another topic posted here that sounds similar...http://www.bleepingcomputer.com/forums/topic122925.html . When i do the ping test thing and type in the number, it takes me to the webpage. When i ping localhost or loopback it says " ::1: " And also in my hostsfile i have an issue... When i type C:\windows\system32\drivers\etc\hosts in the search box several hosts backups come up but i also have 2 hosts files that are identical in size and content as far as i can see. Except under the 127.0.0.1 local host , i also have " ::1 localhost".

I am beginning to think a reformat might just be the easiest solution, only i will have to buy an external hard drive to back up to first, so not the most cost-effective solution for me atm.

Edited by pandammonia, 20 January 2008 - 05:35 AM.


#6 Monty007

Monty007

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:10:41 PM

Posted 20 January 2008 - 06:07 AM

Ok first I also have the same error event, not much to worry about according to this link http://www.eventid.net/display.asp?eventid...ice&phase=1

But your network is a different matter, at a command prompt type ping 127.0.0.1 the local host ping will look like this
reply from ::1: time<1ms
If the web site is slow loading or stops try pinging it through a command prompt by name and IP also ping the web site with the -t so
e.g. ping -t google.com
When you have trouble opening a web page try IE and see if it continues to be a problem so you can compare it wth FireFox.

Edited by Monty007, 20 January 2008 - 06:08 AM.

MCP
MSDST

#7 pandammonia

pandammonia
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 20 January 2008 - 06:16 AM

OK, at cmd i type ping 127.0.0.1 and it says reply from 127.0.0.1 time<1ms TTL=128. When i type ping localhost it comes back with reply from ::1: time<1ms.
The pages that wont load in firefox are no better in IE, if anything IE is worse, it has errors on every page as well. Right now, most pages are coming through fine, though i still cant download anything without it being corrupt or having a bad checksum.
(As i posted that, the page refreshed all messed up again.)

Edited by pandammonia, 20 January 2008 - 06:17 AM.


#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:09:11 AM

Posted 20 January 2008 - 07:48 AM

From the errors that you've posted it appears that this file: ccSvcHst.exe is running amok in your registry. This is a part of your Symantec products.

It can either be malware doing this (which I think is most likely) or it could be due to a corruption in the Symantec programs.
I'd suggest physically disconnecting from the internet and uninstalling your Symantec products completely (use the Norton Removal tool to ensure that it's completely removed: http://service1.symantec.com/SUPPORT/tsgen...005033108162039 )

Then reboot and test to see if things are better - and if they are better you can reinstall your Symantec products to see if it remains fixed. If you connect to the internet, be aware that you're not protected (so don't spend a bunch of time there, nor click on anything that may be dangerous). Also, if there is malware on your system, be aware it may be phoning home should you reconnect.

The goal is to be able to conduct malware scans to determine if you're infected - and to remove the infection. Here's some free, online scans that you can try (if you can get to them):
http://onecare.live.com/site/en-us/sandbox...s%2Fdefault.htm (requires IE)
http://housecall.trendmicro.com

I recommend the online scans because they're independent of your system. The protection on your system may have been compromised by a virus, so the results that it reports may not be correct.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 pandammonia

pandammonia
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 20 January 2008 - 08:12 AM

usasma - well hello again ol' friend! Things don't look so grim when you come to the rescue. lol Not that im unappreciative for everybodys help.

I have actually suspected Norton being the culprit in all of this... (Ive never liked it) And now i think of it, i think all this may have actually started when Norton did a program update of itself quite a while ago. That would have been roughly around the time all this started. I know this has to be malware related in some way. I have found strange traces in defender - looked at history one day to discover all these weird looking progs were permitted - even though i was never asked to permit them. 2 in particular were AYLQNJCSOZXXS and WPEPVXS . Both located in C:\Users\WINDOW~1\AppData\Local\Temp\ , but when i search for them i cant find them. They are still in my services list (task manager - services tab - services button at bottom), but i hve disabled them. Norton has also quarantined a file called [System Process]... again which i was never made aware of until i checked history.

edit - Looking back through my reliability monitor - i see that right around the time all this started "Symantec real time protection component" was installed/updated. This gives even more evidence to your suspicions.

I have tried downloading the Norton Removal tool from this pc, but the download is always corrupt or it cant open it or some lame excuse lol, so will try from a friends tomorrow. I want it gone and Avast back anyway.
As for the online scans - i can get to the one care site (still with errors on page) but it won't let me click the button to scan. This is similar to some sites - some buttons will work, others wont. Even on this site, the reply button works but fast reply doesnt do anything. And housecall isnt working either.

Edited by pandammonia, 20 January 2008 - 08:33 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users