Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

90x60x90 Popup And"page Cannot Be Displayed"


  • Please log in to reply
13 replies to this topic

#1 Throttled

Throttled

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 25 March 2006 - 01:45 PM

My father has constant problems with this problem and if anyone could help it would be much appreciated. Here is his hijackthis log. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 1:40:18 PM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\mcc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\system32\mcc.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {7EB15626-CB8E-4174-8A72-C055B12B4310} (CQD2Loader Object) - http://smartdownloader.com/installer.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe

BC AdBot (Login to Remove)

 


#2 OSC

OSC

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 25 March 2006 - 05:06 PM

Hi Throttled,

Welcome to bleepingcomputer.com!

Your Dad's computer has at least one trojan running, so let's run a free online virus scan to see if we can get rid of it and more imporantly, make sure there's nothing else lurking.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Next, move hijackthis to your desktop or a convenient location (like c:\hjt). Or if you need to download it again, go here

Run hijackthis again and click the None of the above, just start the program. Then click the Scan button. Place checkmarks next to the following entries:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Then click the Fix Checked button. Click Yes or OK to any confirmation messages you may get.

After rebooting your computer, please post a new hijackthis log along with that Panda report. Also, please let me know if there is more than 1 login account on this computer. :thumbsup:

#3 Throttled

Throttled
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 26 March 2006 - 05:20 PM

Here is the new log and panda report. There is only one login for this computer. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 5:17:28 PM, on 3/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\mcc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\system32\mcc.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {7EB15626-CB8E-4174-8A72-C055B12B4310} (CQD2Loader Object) - http://smartdownloader.com/installer.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe






Panda report


Incident Status Location

Virus:Trj/Downloader.PN Not disinfected Operating system
Adware:adware/superspider Not disinfected C:\WINDOWS\SYSTEM32\mcc.exe
Adware:adware/ncase Not disinfected C:\TEMP\salmau.dat
Adware:adware/searchrelevancy Not disinfected C:\PROGRAM FILES\SearchRelevant
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@64.62.232[2].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@abetterinternet[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@adopt.hbmediapro[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@ads.pointroll[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@atwola[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@burstnet[2].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@c.fsx[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@c.goclick[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@ccbill[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@com[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@ct.360i[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@dist.belnk[1].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@gammae[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@gostats[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@go[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@kinghost[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@newnet.qsrch[1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@outster[2].txt
Spyware:Cookie/WegCash Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@programs.wegcash[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@questionmarket[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@rightmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@searchportal.information[2].txt
Spyware:Cookie/Socalcoeds Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@socalcoeds[2].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@spywarestormer[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@stats1.reliablestats[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@target[2].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@teensforcash[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@toplist[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@web.tickle[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@webpower[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@www.myaffiliateprogram[1].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@www.seeq[1].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@www.web-stat[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@xiti[1].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@64.62.232[2].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@abetterinternet[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@adopt.hbmediapro[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@ads.pointroll[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@atwola[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@burstnet[2].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@c.fsx[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@c.goclick[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@ccbill[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@com[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@ct.360i[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@dist.belnk[1].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@gammae[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@gostats[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@go[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@kinghost[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@newnet.qsrch[1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@outster[2].txt
Spyware:Cookie/WegCash Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@programs.wegcash[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@questionmarket[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@rightmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@searchportal.information[2].txt
Spyware:Cookie/Socalcoeds Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@socalcoeds[2].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@spywarestormer[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@stats1.reliablestats[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@target[2].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@teensforcash[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@toplist[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@web.tickle[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@webpower[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@www.myaffiliateprogram[1].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@www.seeq[1].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@www.web-stat[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Robert Hackett\Cookies\robert hackett@xiti[1].txt
Virus:Trj/Downloader.PN Not disinfected C:\win.com.exe
Virus:Trj/Downloader.PN Not disinfected C:\WINDOWS\SYSTEM32\mcc.exe

#4 Throttled

Throttled
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 26 March 2006 - 05:37 PM

This is a log file from the second computer. It is connected to a wireless router from the primary computer however it is experiencing the same problems. Any help would be appreciated. Thanks :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 5:35:07 PM, on 3/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe





Panda report


Incident Status Location

Adware:adware/emediacodec Not disinfected C:\WINDOWS\SYSTEM32\dfrgsrv.exe
Adware:adware/spyfalcon Not disinfected C:\WINDOWS\SYSTEM32\ginuerep.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\smitRem.exe[Process.exe]
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\dfrgsrv.exe
Adware:Adware/SpywareStrike Not disinfected C:\WINDOWS\system32\ginuerep.dll

#5 OSC

OSC

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 26 March 2006 - 07:31 PM

Hi Throttled,

The second computer looks good. No malware present there. :thumbsup:

When you say thie second computer is having the same problem, do you mean it's getting page cannot be displayed? Or is it having other problems?

Back to the original computer. Run hijackthis again and click the None of the above, just start the program. Then click the Scan button. Place checkmarks next to the following entries:

O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\system32\mcc.exe

Then click the Fix Checked button. Click Yes or OK to any confirmation messages you may get.

Configure your computer to show hidden files

Then boot your computer into safe mode.

Delete the following files:
C:\win.com.exe
C:\TEMP\salmau.dat
C:\WINDOWS\SYSTEM32\mcc.exe

And delete the following folders:
C:\PROGRAM FILES\SearchRelevant

Reboot your computer. Download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

As for the page cannot be displayed problem, can you confirm if both computers are having that problem? Also, can you tell me the make and model number of your router?

#6 Throttled

Throttled
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 26 March 2006 - 09:45 PM

I know this sounds stupid but when I'm in safe mode what or where do I go to delete these files. Never did it before. I also saw an Administrator login above his personal login if this helps.

The second computer does have problems with Page Cannot be Displayed also. This problem happened last week and it was doing the same thing and then cleared itself out on the primary computer and the secondary computer was fine as well. Now it's back bigger than ever.


The router is a D-Link Wireless and Model # is DI-524.


Thanks.

#7 OSC

OSC

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 27 March 2006 - 10:05 AM

Hi Throttled,

I know this sounds stupid but when I'm in safe mode what or where do I go to delete these files. Never did it before. I also saw an Administrator login above his personal login if this helps.

That's not stupid!! When in safe mode, if you double click the My Computer icon, then double click the C: icon, it will display the files present on the c: drive. You need to see if win.com.exe is listed there. If it is, right click it and choose delete, then choose yes to the confirmation message.

Within that same list, find the folder TEMP and double click it to open it. Once open, find salmau.dat , right click it and choose delete, and then Yes to the confirmation message.

Next, click Back (located on your toolbar on the top portion of your screen). This will bring you back to the C: drive. Find Windows and double click it, then find System32 and double click it to open it. Then find mcc.exe . Right click it, choose delete and then Yes to the confirmation message.

Do the same for the C:\PROGRAM FILES\SearchRelevant folder.

Close all windows and reboot.

If both computers are experiencing that page cannot be displayed problem, I suspect it's your cable/dsl modem or the router causing the problem. And since you said it cleared itself up, I'm willing to bet it's your modem. If routers are starting to go bad, they rarely "clear themselves up" and begin working again. They usually require a kick in the butt by powering it down. :thumbsup:

Speaking of which, have you unplugged the power from both your modem and router for 10 seconds or so to reset them? If not, do that. Plug the modem back in first, wait 30 seconds, then plug the router in. Run both computers as you normally would and if the problem happens again, try flashing the firmware in that router. See this page for further instructions on how to do this:
http://www.dlink.com/products/support.asp?...&sec=0#firmware

After updating the firmware, run both computers as you normally would and if the problem happens again, then you'll need to hook the cable modem directly into the computer. The cable or dsl company will likely want you to do this anyway, so you might as well beat them to the punch. Once hooked up directly to the modem, run the main computer as you normally would and see if the problem comes back. If it does, then the problem is that modem. Call your dsl or cable company and explain to them all the testing you've done. If the problem does not come back, your router is the problem and you need to go buy another one. :flowers:

Hope that helps and let me know how you make out.

Edited by OSC, 27 March 2006 - 10:56 AM.


#8 Throttled

Throttled
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 27 March 2006 - 12:11 PM

OSC,

Appreciate your help on this. I deleted all of the files except for c:\win.com.exe, it does not allow it.

I ran through the steps on the router/modem and when connecting directly to the modem it seemed to access a little better but still had a few "page cannot be displayed" jabs. I have noticed the second computer seems to have less problems with page cannot be displayed than the primary. It's much quicker and occasionally has a few red x's where pictures, etc... normally are. I think I'll swap out the modem with a new one.

I ran through the update for my D-Link firmware and it says you are attempting to open a bin file. I didn't download through my router as it explained and it says windows cannot open this file. Anyway, this probably is a problem I should take up with D-Link. Thanks for the link.

I have noticed the 90x60x90 popups are gone and I'm much pleased, great to have people like you out there. :thumbsup:

Thanks again,
-Throttled

#9 OSC

OSC

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 27 March 2006 - 12:23 PM

Hi Throttled,

I deleted all of the files except for c:\win.com.exe, it does not allow it.

Even in safe mode you couldn't delete it?

I missed these files on my last post. :thumbsup: :flowers: Please delete them while in safe mode again.

C:\WINDOWS\SYSTEM32\dfrgsrv.exe
C:\WINDOWS\SYSTEM32\ginuerep.dll
And don't forget this one while in safe mode:
c:\win.com.exe

Please let me know if you have any problems deleting these files, because if they won't delete, we may have some more work to do. :huh:

#10 Throttled

Throttled
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 27 March 2006 - 01:26 PM

OSC,

I ran safe mode again and this time it did let me delete the win.com.exe. Not sure why it didn't last time.

I also looked for those two files below:

C:\WINDOWS\SYSTEM32\dfrgsrv.exe
C:\WINDOWS\SYSTEM32\ginuerep.dll

I think those two files are on the second computer. I didn't delete them just in case there are other steps before it.

:thumbsup:

#11 OSC

OSC

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 27 March 2006 - 01:34 PM

Hi Throttled,

C:\WINDOWS\SYSTEM32\dfrgsrv.exe
C:\WINDOWS\SYSTEM32\ginuerep.dll

I think those two files are on the second computer. I didn't delete them just in case there are other steps before it.

Ummm, yes they are on the 2nd computer. Sorry for not saying that and nice catch! Go ahead and delete them. If it won't let you, boot into safe mode and delete them.

#12 Throttled

Throttled
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 27 March 2006 - 01:38 PM

OK,

Those files are deleted.

#13 OSC

OSC

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 27 March 2006 - 01:41 PM

Ok, great. Let me know how you make out with that internet connectivity problem. :thumbsup:

#14 Throttled

Throttled
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 27 March 2006 - 01:42 PM

Will do,

Thanks for everything! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users