For some reason I can only access certain pages in the last few days. For example, www.unison.ie, PPRuNe (Thank goodness!) but can't access www.hotmail.com or www.msn.com or trnd micros housecall, just a small example. Neither will my MSN messenger login in.

I have all the spyware programs, have a Norton anti virus and firewall. I had noticed the computer seeemed to have slowed down a little since I updated XP with this security centre add on. I have tried turning the NAV on and off and played with the settings but nothing seems to work.

Any Ideas?

Hi Turk, try this for your MSN problem....

Exit Messenger, Click Start->Run-> and then type in: regsvr32 softpub.dll Click OK. That's it. Re-open messenger and log-in.

Can't help with your other problem but this helped me when I couldn't log-in to MSN recently.

Thanks BRL but it didn't work.

Hi Turkish,

Please download 'Hijack This!' from here (http://www.thespykiller.co.uk/), unzip, and place it in it’s own folder, (not in the temp folder, or on the desktop) doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply.

This will give us a rundown of what’s going on in your PC. One of us here will be glad to analyse it for you. Don’t fix anything yourself yet, as a lot of the stuff on that list will be harmless or required.

Cheers

Liam

Logfile of HijackThis v1.98.2
Scan saved at 8:17:39 PM, on 11/25/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\EzButton\CPATR10.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\System32\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Fred Smith\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unison.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKey.exe] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {2F97D7B2-551E-4AE1-89AE-FB272655B2A1} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {7A34A608-0D5F-4A6B-862F-D6E155E2219C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {B3785EEC-A3F7-497E-9B93-628733358252} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

Hi Turk,

Well the entries I was looking for aren't there, so that's a good thing.. :) Before I go through this, have you turned off the XP firewall. As far as I remember it switches on by default in SP2. You already have ZA running, and shouldn't have both at the same time. The same also applies to AV software. AVG doesn't need to run at the same time as NAV.(although you only have AVG running at the moment)

Click Start | Settings | Control Panel | Internet Options. Click on Delete files and check the box marked Delete all offline Content. When that's done, click on Clear History.

The next one to clear is the Cookies file. First though, make sure that you have all your passwords written down for forums such as this.. or check to see that you still have the confirmation e-mails for them.

Once you're happy that you won't have to re-register to all these sites, then click on Delete Cookies.

Then delete History.

Anyway, back to the log.

The first thing you need to do, is to place Hijack This in it’s own folder (e.g. C:\HJT\….) so it can generate backup files to the same folder; needed should an entry be accidentally deleted. Then please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close all browser windows and click the Fix checked button…

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Help - {2F97D7B2-551E-4AE1-89AE-FB272655B2A1} - http://www.comcast.net/memberservices/ (file missing) (HKCU)

O9 - Extra button: ComcastHSI - {7A34A608-0D5F-4A6B-862F-D6E155E2219C} - http://www.comcast.net (file missing) (HKCU)

O9 - Extra button: Support - {B3785EEC-A3F7-497E-9B93-628733358252} - http://www.comcastsupport.com (file missing)
(HKCU)

Next, please double click on the My Computer icon on the desktop. Go to Tools | Folder Options, click on the View tab and make sure that Show hidden files and folders is checked. Also uncheck Hide protected operating system files. Now click Apply to all folders, then click Apply then OK.

Then boot into safe mode, (see here (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406) for info if needed) and delete the entire contents of the C:\Windows\Temp folder, but not the folder itself. Next please find and delete the following bolded folder...

C:\WINDOWS\SYSTEM32\P2P NETWORKING

Then please boot back into normal mode and download AdAware SE from here (http://www.lavasoftusa.com/support/download/).

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
· Automatically save log-file
· Automatically quarantine objects prior to removal
· Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :
· Scan Within Archives
· Scan Active Processes
· Scan Registry
· Deep Scan Registry
· Scan my IE favorites for banned URL’s
· Scan my Hosts file

· Under Click here to select drives + folders, choose:
· All of your hard drives | Proceed

3. Click on the Advanced button on the left and select:
· Include additional process information
· Include additional file information
· Include environment information

4. Click the Tweak button and select:
· Under the Scanning Engine:
· Unload recognized processes & modules during scan
· Include additional Ad-aware settings in logfile
· Under the Cleaning Engine:
· Let Windows remove files in use at next reboot

5. Click on Proceed to save the settings.

6. Click Start and on the next screen choose:
· Use Custom Scanning Options

7. Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

Next, please reboot again and download Spybot - Search & Destroy 1.3 from here (http://security.kolla.de): if you haven't already got the program.

Click on Updates | Download Updates, and follow the prompts.

Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.

Next reboot and go here (http://housecall.trendmicro.com/housecall/start_corp.asp), and run the online virus scan; choosing the Autoclean option just before clicking the Scan button. Then please post a new log for a final once over.

I know you've tried the above, but see if you get anything out of them after cleaning up.

Cheers

Liam

Cor Blimey, Bleedin' Mary Poppins:ooh:

Thank you for that very lengthy reponse Liam.

I have deleted NAV completely. Didn't like it. Now have AVG and ZA. Windows Firewall turned off.

Already had Ad-Aware set up and configured as per your website. Also have Spybot. Both are updated at each time of use.

The next bit I would ask you to spell out. I don't exactly understand what I am doing woring with HJT. What exactly do i do to put it in its own folder? Can you spell it out, its not you its me!

I cannot get to Trendmicros website. This is another site I cannot connect to. I have done a full scan with Panda and AVG since I got it and they are turning up nothing.

I will run HJT again when you tell me exactly what I need to do. Thanks again for the help.

Hi Turkish,

You need to craete a new folder for HJT. To do this, open Windows Explorer and open the C:\ drive. Right click on an open area of the screen and select New | Folder. Scroll down to the bottom and you will see the new folder. Name it HJT. Then drag and drop HJT from it's location in..

C:\Documents and Settings\Fred Smith\Local Settings\Temp\HijackThis.exe

to the new folder. Then run the program again.

As far as the directions for Adware and Spybot.. I put them in just in case you ahdn't already configured the programs.. no problem.

This is just the exhaustive way of making sure that their isn't any spyware running. The next thing I'd like you to do, once you've cleaned up the few entries is to open HJT again and click on Config | Misc Tools | Open Hosts file Manager and copy the results in a reply.

Cheers

Liam

Liam,

I Fixed the lines in HJT that you told me to. I don't have a My Computer icon on my desktop, I do have one in the Start menu but I can't find the options your pointing me to.

I fear we may have reached the envelope of my computer handling abilities.

Hi,

Sorry, that's just part of my C&P for finding files that are normally hidden. I'd never get anything done if I had to type everything out fresh each time.. :)

In this case all you are looking for is the P2P folder, and that won't/shouldn't be hidden.

No problem with your computing abilities. If you don't understand something I've written, then that's my fault.. :ok:

Cheers

Liam

Ok Found it. Did the bit in safe mode. Deleted the contents of the Temp folder and found the P2P folder.

Now Did the bit from your next post:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Hi,

Just a quick one, as I'm working at the moment, but I'll get back to you in a cuple of hours. Sorry about missing the reply.

Cheers

Liam

Hi,

The hosts file shows nothing untowward either.. how strange. :)

This next procedure involves in part, clearing out your cookies file. Please make a note of any passwords etc, that you keep cookies for.. this forum for instance.

This next procedure will clear out all temp files, cookies, IE History etc. It clears them via DOS, which is far deeper into your machine than just a clearup via Internet Options.

First, go here (http://support.it-mate.co.uk/?mode=Products&act=DL&p=index.datsuite) and download index.dat. Choose the option Full install | idsuite.exe. Install it, keeping the option to put an icon on the desktop.

Once done, open the program, select the C;\ drive, then click on Tools | Settings | Folders, and select all options, then click Find. Once it has run (it only takes a few seconds), click on the second icon on the top row Generate Batch File, then click OK.

Then restart the computer. On restarting the desktop, a DOS screen will open and you will see a small part(one of the vaguaries of DOS) of the list of files deleted.

Once that has finished deleting, it will tell you in the Title Bar of the Dos Screen that the program has finished running. Close the screen, and let the computer finish booting.

See how you go with that. It's not any malicious code that I can see doing this now.. just a bugger to fix. :) Aren't computers wonderful.

If that still doesn't do it, we can repair IE. Not as painful as it sounds. Click on Start | Settings | Control Panel | Add/Remove Programs, then scroll down the list and highlight Microsoft Internet Explorer 6.0 and Internet Tools by clicking once. A button will illuminate under the list saying Add/Remove program. Click on that once and then click on the option to Repair, and click OK. If IE isn't listed under Add/Remove programs the the alternative is to go to Start | Programs | Accessories | System Tools | System Information | Tools (On menu bar) | Internet Explorer Repair Tool and do it from there.

See how you get on with that lot. It's all just good housekeeping, nothing to worry about. :ok:

Cheers

Liam

The Thick Plottens:}

Called Broadband Service provider, who insisted nothing was wrong. Did all the above. Nothing. Tried new Web Browser, FireFox, much faster but still wouldn't connevt to half the web. Got another Computer hooked it up to the connection and it wouldn't work either. Had a fit. Arranged for a computer shop to have a look. Put jacket on to go to shop, went to pick pooter up to bring it with me and the Flamin thing was connected to Messenger and everything worked!:confused: :confused: :confused: :confused: :confused: :confused:

It must have been the service provider. Its been working for a few days now. I just get annoyed because i can't find out what was wrong in the first place.

Computers frighten me:(

Hi Turkish,

So it all came good in the end.. :ok: :)

Look on the bright side, you now probably have one of the cleanest computers in the Emerald Isle.. :D

At least it's all running now, that's the main thing. :ok:

EDIT: And I've also now got a text template to explain how to download and run the index.dat program. Something I've been meaning to get around to.. :)

Cheers

Liam

Liam, the deep clean appeals to my housewifery instincts. :rolleyes: So went to the site and tried to download. When clicking ont he button, I just get the same screen repeated and no download. I have turned off StopZilla, might it have to do with SP2? I do not know how to switch off their blasted security center, and it has plagued me on other sites as well.
I can do it when it gives that small banner at the top saying that it is blocking something, but it doesn't alwasy show that, I get the feeling. :confused:
Any advice at all? I do like the idea of that deep clean.

Hi FlapsForty,

Try the second option:

idsuite_cab.zip

Your security settings may not like downloading raw *.exe files. This one is a zip file, so may pass that barrier. I always, where possible suggest the straight *.exe file, basically 'cos I can't be bothered extracting zips all the time. :)

Cheers

Liam

Liam, the problem starts before I get as far as the choice of what to download.
I don't get further than the page you link to in your post above to Turkish I'm afraid. :(

Hi FlapsForty,

Here's a couple of mirror sites.. try them instead

http://www.snapfiles.com/download/dlindexdatsuite.html

http://www.majorgeeks.com/download4280.html

http://www.sofotex.com/Index.dat-Suite-download_L14234.html

(I used the search string "Index.dat Suite" download so if you don't have any joy from the above, just google for some others)

If that doesn't do it, I'll see if e-mailing it will work, but at over 2mB, it might take a while.

Cheers

Liam

Liam, looks like it's not meant to be. :9
Downloaded it from the first mirror site after putting that site in the safe zone (learnt something new & useful there). Unpacked it, but when I want to start it I get a warning that says:

Component 'COMDLG32.OCX' or one of its dependencies is not correctly registered: a file is missing or invalid

Got the icon on the desk top but can't use the prog.
Can't find it in the install/uninstall window either so something .....errrm... wrong. :confused:

I should have done Xmas cleaning of the house instead, like normal women do. ;)