Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can only connect IE to internet in Safe Mode


  • This topic is locked This topic is locked
2 replies to this topic

#1 riders343

riders343

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 23 November 2008 - 05:02 PM

Problem:

After troubleshooting random crashes and extremely slow system, I now can only connect to the Internet when booted in Safe Mode - I cannot connect when booted in Normal Mode.

=========================================================================
SYMPTOMS:

Began with random crashes (every couple of weeks) pointing to possibly a "driver" issue plus McAfee continually warning that "Firewall and/or Antivirus" was being "disabled". I removed and installed McAfee about a month ago which appeared to clear up the disabling.

System began getting slower and slower until a couple of weeks ago the crashes became every day (or more often). When booting after a crash, the keyboard was locked during boot-up - even though I have it set to offer the option to choose normal or safe modes, the up/down or return keys did not have any affect. I could not boot in safe mode.

I followed some repair notes (see below) and am now able to boot in safe mode. Unfortunately, I have now reached a point where I can ping to sites but cannot use IE (or firefox) to connect. IE running without add-ons and Firefox(safe mode) do not work either. Although it has sped up, the system remains painfully slow in normal mode but quite responsive in Safe mode.

Other symptoms included filetypes being changed (.txt files opened with IE instead of notepad) and during my troubleshooting, all non-admin accounts (3 of 'em) dissappearing.

Hopefully, I haven't scared everyone off. I know I may have multiple problems (drivers, malware, faulty disk drive, network card)... but after 2 weekends lost, I now look for aid. Hopefully, I haven't mucked things up.

Kim
=====================================================================
SYSTEM CONFIG:

WindowsXP - Media Center Edition
Version 2002
Service Pack 3

Dell Dimension 8400
Pentium® 4 CPU 3.20GHz
3.19 GHz, 3.00 GB of RAM

==============================================================

STEPS TAKEN:
Ran AVG 8.0 scan multiple times - (needed dial-a-fix to repair permissions as AVG said it needed to run under an Admin account - which I was)

Ran CCleaner - ok

Ran Ad_Aware - clean (a few trackers and an MRU)

Ran Spybot - clean and allowed it to "clean up registry"

Ran chkdsk (twice) second time completed successfully

Moved many Gb's of files (family pix) to USB drive; disabled (disconnected) my 2 external drives (don't know what infections might be on them - will look later)

Ran sigverif - Microsoft Signature Verification - moved 5 "unsigned drivers out of Windows startup"

Ran Stinger (although I have McAfee already installed and its full scan ran to completion as well)

Windows defender also ran a complete clean scan - (took over 6 hours)
*both McAfee an windefend scan are run daily/weekly.

Uninstalled Network Card and re-installed at bootup

Updated Broadcam NewXtreme 57xx Gigabit Controller driver

Flashed Bios

Compared ipconfig both in safe and normal mode - same

Have ran with McAfee firewall disabled but no go

WinsockxpFix.exe <== ran this

HiJackThis pointed to lspfix.htm as a fix for a winsock error - ran it but - "No problems found"
- lspfix then listed mswsock.dll/TCPIP winrmr.dll/NTDS, nwprovau.dll/NWLink, rsvpsp.dll but it's warning of "I know what I'm doing (or enjoy re-installing my OS...) scared me to not continue

Dell Crash Analysis - lists 2 sys-files "tfsnifs.sys Sonic Solutions 1.04.08a" and "vsdatant.sys Zone Labs, Inc" but I am unsure as to what should be done with them. Windows update doesn't operate in Safe Mode.

=============================================================

Logs I have available:

everest, hijackthis, ipconfig, chkdsk, ad-aware, kapersky, sigverif, BelarcAdvisor, AVG(avgrep),

=============================================================

CRASHES:

Not all dumps were captured in the event viewer but here is a sample:
Nov 20 5:26 0x0000007e (0xc0000005, 0xb9eb39cc, 0xba56bc4c, 0xba56b948).
5:32:06 PM
Windows Defender Real-Time Protection checkpoint has encountered an error and failed to start.
User: MEDIACENTER\Kim Libby
Checkpoint ID: 1
Error Code: 0x80070005
Error description: Access is denied.

Nov 17 3:36 0x00000077 (0xc0000056, 0xc0000056, 0x00000000, 0x0489b000
3:42:21 PM
Windows Defender Real-Time Protection checkpoint has encountered an error and failed to start.
User: MEDIACENTER\Kim Libby
Checkpoint ID: 1
Error Code: 0x8000ffff
Error description: Catastrophic failure

For more information, see Help and Support Center at
Nov 16 4:16 0x0000007e (0xc0000005, 0xb9e939cc, 0xba56bc4c, 0xba56b948)
4:36:32 PM
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Nov 16 3:57 0x000000d1 (0x00000008, 0x00000002, 0x00000001, 0xb86359f8)

Nov 11 11:06 0x000000d1 (0x00000008, 0x00000002, 0x00000001, 0xb85659f8).
Nov 05 9:35 0x000000d1 (0x00000008, 0x00000002, 0x00000001, 0xb80b99f8).
Oct 30 10:19 0x000000d1 (0x00000008, 0x00000002, 0x00000001, 0xb8aae9f8)

===============================================

MORE DETAILS OF STEP TAKEN RESULTS PLUS HIJACKTHIS LOG BELOW

===============================================

- Ran AVG 8.0 and found a couple of "Adware Rogue Suspects" but also many files were "locked"

HKLM\SYSTEM\ControlSet002\Control\MediumCache\{dcd86e0a-a975-4354-8ce0-88af853d51a4}-8B56D6E0-0\\\\?\PCI#VEN_1033&DEV_013A&SUBSYS_001A1809&REV_0B#4&10416d21&0&00F0#{19689bf6-c384-48fd-ad51-90e58c79f70b}\{84518c0d-bd1b-4299-bc30-6831a228138c} Found Adware.CommonName
HKLM\SYSTEM\CurrentControlSet\Enum\USBSTOR\Disk&Ven_SanDisk&Prod_Cruzer_Micro&Rev_0.1\20044318310CF0F387A3&0\\HardwareID Found Adware.RogueSuspect

- Ran AVG in Safe Mode which cleared the "locked" but was unable to remove the "Rogue Suspects"
AVG stated that I needed to use an ADMIN (which I was) account to "fix"

Ran a diskdefrag - ran extremely slow - so downloaded AusLogics Disk Defrag which ran much faster.

- Chkdsk failed (after running for ages) but a repeated attempt was successful:
Checking file system on C:
The type of the file system is NTFS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 2569 unused index entries from index $SII of file 0x9.
Cleaning up 2569 unused index entries from index $SDH of file 0x9.
Cleaning up 2569 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

239191784 KB total disk space.
68974484 KB in 146231 files.
68464 KB in 16500 indexes.
332 KB in bad sectors.
365640 KB in use by the system.
65536 KB occupied by the log file.
169782864 KB available on disk.

4096 bytes in each allocation unit.
59797946 total allocation units on disk.
42445716 allocation units available on disk.

==================================================

Ran dial-a-fix to repair permissions - appears to finally allowed for repair of "rogues"

=================================================

Ran Kapersky scan:
C:\Documents and Settings\Kim Libby\Local Settings\Application Data\Microsoft\Outlook\archive.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\Kim Libby\My Documents\My Downloads\ISOBootDisk\mt2008.iso Infected: not-a-Virus:PSWTool.Win32.MailPassView.a 1
C:\Documents and Settings\Kim Libby\My Documents\My Downloads\ISOBootDisk\mt2008.iso Infected: not-a-virus:PSWTool.Win32.Messen.103 1
C:\Documents and Settings\Kim Libby\My Documents\My Downloads\ISOBootDisk\mt2008.iso Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 2
C:\Documents and Settings\Kim Libby\My Documents\My Downloads\ISOBootDisk\mt2008.iso Infected: not-a-virus:PSWTool.Win32.NetPass.g 1


=====================================================================
Microsoft Signature Verification - MOVED THESE UNSIGNED DRIVERS OUT OF STARTUP
[c:\windows\system32\spool\drivers\w32x86\3]
acfpdf.txt 2/14/2005 None Not Signed N/A
acpdf250.dll 2/14/2005 0.3.0.2500 Not Signed N/A
acpdfui250.dll 2/14/2005 0.3.0.2500 Not Signed N/A
[c:\windows\system32]
Drmstor.dll 1/28/2005 10.0.0.3802 Not Signed N/A
[c:\windows\system32\drivers]
Component Publisher
omci.sys 11/8/2002 7.0.323.0 Not Signed N/A

========================================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:01 PM, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\PrevxCSI\PrevxCSI.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\PrevxCSI\PrevxCSI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysask.com/portal/site/pc-saskatchewan
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local;<local>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127181157812
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://66.153.90.247/activex/AxisCamControl.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11871 bytes

========================================================================================

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:37 PM

Posted 13 December 2008 - 09:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:37 PM

Posted 20 December 2008 - 12:56 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please Start a new topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users