|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 plz analyze!!!(Click here to view the original thread with full colors/images)Posted by: wonderboy040587 My msn doesn't work , i get an error with the code 0x81000301, also it seems like i can't open secure websites like when i go on hotmail after i type in my passport as soon as i click sign in i get the page cannot be displayed error, i have tried signing in passport.net too but i get the same error, i have used adaware and spybot last nite but nothing happened, here's my log; Logfile of HijackThis v1.99.1 Scan saved at 5:17:56 PM, on 03/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\SymProxySvc.exe C:\Program Files\Norton Internet Security\NISSERV.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hotkeysvc.exe C:\WINDOWS\system32\cthelper.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Ahmet Ekmen\My Documents\hijackthis\hijackthis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://sympatico.msn.ca/?lang=en-ca[/url] N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine:// C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ahmet Ekmen\Application Data\Mozilla\Profiles\default\9ivraba9.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\Run: [CTHelper] cthelper.exe O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\Run: [CTHelper] cthelper.exe O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Prayer Call 3.0.lnk = C:\Program Files\Prayer Times 3.0\adhnqq05.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab[/url] O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - [url]http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab[/url] O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - [url]http://messenger.zone.msn.com/binary/WoF.cab31267.cab[/url] O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: GlobalSCAPE CuteFTP Server Home - GlobalSCAPE Texas, LP - C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe thnx Posted by: rstones12 wonderboy040587, Hello and welcome: We are going to need to remove a few things, but first I would like you do to the following: The reason I am asking for these first initial steps is that it can clear up some items in the first part of the fix if needed. I have outlined some preliminary steps that we need to address. [b]You may want to print out these intructions for reference.[/b] This process will take a few steps so please be patient and follow the provided directions. [b][1.][/b] First Download [url=http://cwshredder.net/bin/CWShredder.exe][color=blue]CWShredder[/color][/url] And save it to your desktop. Close all open browser windows and any other open windows. Install CWShredder, then: Open CWS and click [b]Check for Updates[/b] Then click [b]"FIX"[/b] [b][2.][/b] Please run at least one of these online scans, allow it to delete anything it finds: You may have to select the auto-fix option prior to scanning, it should be a selection box on the screen. If you are a dial-up user just do one, this can take some time. If you are a broadband user, I would suggest at least 2 of the 3. One extra scan is most often times enough. [list][url=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][color=blue]Panda ActiveScan[/color][/url] [url=http://housecall.trendmicro.com/housecall/start_corp.asp][color=blue]TrendMicro HouseCall[/color][/url] [url=http://www3.ca.com/virusinfo/virusscan.aspx][color=blue]eTrust AntiVirus Web Scanner[/color][/url] [/list]Please make a note of anything that wasn't or couldn't be fixed. Reboot your machine when finished. [b][3.][/b] You [b]may have[/b] run these programs already, make sure they are up to date and run per provided instructions. Current Versions are: [b]Spybot S&D Ver: 1.3[/b] [url=http://www.safer-networking.org/en/download/index.html][color=blue]Download Here[/color][/url] [b]Ad-Aware SE Build 1.05[/b] [url=http://www.majorgeeks.com/download506.html][color=blue]Download Here[/color][/url] Download and install both Spybot S&D and Ad-Aware SE. Instructions: [b]Spybot S&D:[/b] Go to your Start Menu >> Programs >> Spybot S&D >> then choose Spybot S&D. [b]*[/b]Close [b]ALL [/b]windows except Spybot S&D [b]*[/b]Click the button to [b]"Search for Updates"[/b] and download and install the Updates. [b]*[/b]Close Spybot then launch it again [b]*[/b]Click the button [b]"Check for Problems" [/b] [b]*[/b]When Spybot is done scanning, it will be showing "RED" (RED) entries, "BLACK" entries and "GREEN" (GREEN) entries in the window [b]*[/b]Put a check mark beside the RED [color=red](RED) entries ONLY.[/color] [b]*[/b]Choose "Fix Selected Problems" and allow Spybot to fix the RED [color=red](RED)[/color] entries. [b]Ad-Aware SE FULL SCAN:[/b] Go to your Start Menu >> Programs >> Lavasoft Ad-Aware SE >> then choose Ad-Aware SE Personal. When the main window opens look in the bottom right corner and click on [b]Check For Updates Now[/b] then click Connect and download the latest reference files. From main window: [b]*[/b]Click Start then under Select a scan Mode check [b]Perform Full System Scan.[/b] [b]*[/b]Next [color=red]deselect [/color]Search for negligible risk entries. [b]*[/b]To scan just click the [b]Next[/b] button. When the scan has finished [b]mark everything for removal [/b]and get rid of it. [i](Right-click the window and choose [b]select all[/b] from the drop down menu and click Next)[/i] The program will ask if you want to fix/delete selected items, choose yes/fix. [b][4.][/b] Enable show hidden files and folders: * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. [b][5.][/b] [b]Update[/b] your current Virus Scan Definitions: [b][6.][/b] Reboot into Safe Mode and [b]Scan[/b] with Spybot S&D and Ad-Aware SE Empty Your Recycle Bin. [b][7.][/b] Reboot normally and post a new HJT log by using [b]Post Reply[/b]: Thanks, rstones12 Posted by: wonderboy040587 done everything that was outlined, msn is still giving the same error, here's the new hijack log; Logfile of HijackThis v1.99.1 Scan saved at 9:26:32 PM, on 03/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\SymProxySvc.exe C:\Program Files\Norton Internet Security\NISSERV.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hotkeysvc.exe C:\WINDOWS\system32\cthelper.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Ahmet Ekmen\My Documents\hijackthis\hijackthis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://sympatico.msn.ca/?lang=en-ca[/url] N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine:// C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ahmet Ekmen\Application Data\Mozilla\Profiles\default\9ivraba9.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\Run: [CTHelper] cthelper.exe O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\Run: [CTHelper] cthelper.exe O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Prayer Call 3.0.lnk = C:\Program Files\Prayer Times 3.0\adhnqq05.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall-beta.trendmicro.com/housecall/xscan60.cab[/url] O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - [url]http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[/url] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab[/url] O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - [url]http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab[/url] O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - [url]http://messenger.zone.msn.com/binary/WoF.cab31267.cab[/url] O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: GlobalSCAPE CuteFTP Server Home - GlobalSCAPE Texas, LP - C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe Posted by: wonderboy040587 also these are the viruses that couldn't be cleaned on TrendMicro HouseCall; Detected File Associated Virus Name Action taken; C:\Documents and Settings\Ahmet Ekmen\My Documents\backups\backup-20050222-221936-877.dll TROJ_DOMCOM.D Uncleanable C:\WINDOWS\system32\LMU.exe BKDR_AGENT.CO Uncleanable Posted by: rstones12 wonderboy040587, Are you running two firewalls? I see Sygate and Norton Internet Security, running two firewalls can cause system issues and unexpected results. This might be the root of your MSN error. Also are you running any P2P applications? Go to your Control Panel then Add-Remove Programs. Remove the following if found: [b]Hyperlinker[/b] Scan with HJT and place a checkmark next to the following items. [b] O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll [/b] Close all browsers and open windows except HJT then click [b]Fix Checked[/b] Enable show hidden files and folders: * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. Reboot into Safe Mode and remove the following folders/files if found: C:\WINDOWS\SYSTEM32\[b]igfxsrvc.dll[/b]<-- This file C:\WINDOWS\system32\[b]LMU.exe[/b]<-- This file Empty your recycle bin. Reboot normally and post back a new HJT log. Let me know if you are still having issues. I would also suggest doing an online trojan scan: [url]http://www.windowsecurity.com/trojanscan/[/url] Here is a free Trojan Removal Product A2 Squared, I use it and like it. [url]http://www.emsisoft.com/en/software/free/[/url] Thanks, rstones12 Posted by: wonderboy040587 hey rstones, have done everything u have outlined, i still can't open msn or hotmail.com and i realized that i'm having trouble with websites that are secure like pokerstars won't work, here's the fresh log Logfile of HijackThis v1.99.1 Scan saved at 3:20:46 PM, on 03/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\SymProxySvc.exe C:\Program Files\Norton Internet Security\NISSERV.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\cthelper.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Ahmet Ekmen\My Documents\hijackthis\hijackthis\HijackThis.exe C:\Documents and Settings\Ahmet Ekmen\My Documents\hijackthis\hijackthis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://sympatico.msn.ca/?lang=en-ca[/url] N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine:// C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ahmet Ekmen\Application Data\Mozilla\Profiles\default\9ivraba9.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\Run: [CTHelper] cthelper.exe O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\Run: [CTHelper] cthelper.exe O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Prayer Call 3.0.lnk = C:\Program Files\Prayer Times 3.0\adhnqq05.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall-beta.trendmicro.com/housecall/xscan60.cab[/url] O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - [url]http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[/url] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab[/url] O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - [url]http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab[/url] O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - [url]http://messenger.zone.msn.com/binary/WoF.cab31267.cab[/url] O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: GlobalSCAPE CuteFTP Server Home - GlobalSCAPE Texas, LP - C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe thnx for the help Posted by: rstones12 I think that issue has to do with your firewall. Try changing some settings within the firewall to allow those site to have access to the net. Can you post your HOSTS file contents. HOSTS Windows XP C:\WINDOWS\SYSTEM32\DRIVERS\ETC Posted by: wonderboy040587 I don't think it's from the firewall, i don't use the norton internet security anyways, it's turned off and sygate says that msn is allowed, i tried connecting after i turned it off too, just doesn't work also under that file about hosts there are six things; hosts, lmhosts, protocol, hosts.bak, networks, services. plz help me connect to messenger lol, thnx Posted by: rstones12 The file is HOSTS, Open it with notepad and post the contents here. rstones12 Posted by: wonderboy040587 here's the host file # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost Posted by: rstones12 Here are some links I found that might help. You HOSTS file is fine. [url]http://www.msn-problems.com/solve-msn-messenger-problem/sign-in/msn-messenger-sign-in-0x81000301.php[/url] [url]http://ask-leo.com/ msn_instant_messenger_is_unable_to_connect_with_er ror_0x81000301_what_do_i_do.html[/url] [url]http://www.experts-exchange.com/Applications/Q_21200354.html[/url] rstones12 Posted by: wonderboy040587 have tried everything, i was hoping u guys would find something on the log... since yesterday i have probably tried over 15 different solutions for the problem but nothing has helped..... Posted by: southernlady wonderboy040587, download, unzip, and run [URL=http://www.spyware911.net/downloads/startdreck.zip]Startdreck[/URL]. And the paste your results here. Liz Posted by: southernlady Oh, and btw, sometimes MSN and hotmail just DON'T like to play nice. Liz Posted by: wonderboy040587 there is the log southerlady, also u said msn didn't like to play nice sometimes but, this is my laptop with the wireless internet connected to the computer upstairs, and msn works just fine on that computer... StartDreck (build 2.1.7 public stable) - 2005-03-08 @ 17:57:45 (GMT -05:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 2) Internet Explorer: 6.0.2900.2180 Logged in as Ahmet Ekmen at YOUR-F2BCRPRMNP 舞egistry 舞un Keys 翟urrent User 舞un *msnmsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background *ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe *CPQHotkeys=hotkeysvc.exe *CTHelper=cthelper.exe 舞unOnce 聞efault User 舞un 舞unOnce 腿ocal Machine 舞un *MMTray=C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe *SmcService=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui *IgfxTray=C:\WINDOWS\System32\igfxtray.exe *HotKeysCmds=C:\WINDOWS\System32\hkcmd.exe *QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime *CPQHotkeys=hotkeysvc.exe *CTHelper=cthelper.exe +OptionalComponents +MSFS *Installed=1 +MAPI *Installed=1 *NoChange=1 +MAPI *Installed=1 *NoChange=1 舞unOnce 舞unServices *CPQHotkeys=hotkeysvc.exe *CTHelper=cthelper.exe 舞unServicesOnce 舞unOnceEx 舞unServicesOnceEx 肇ile Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\System32\mshta.exe "%1" %* +.htm *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.html *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.js *JSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.jse *JSEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs *VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe *VBEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsh *WSHFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsf *WSFFile=%SystemRoot%\System32\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] 翡rowser Helper Objects (LM) *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx *{53707962-6F74-2D53-2644-206D7942484F} `InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll *Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7} `InprocServer32=c:\program files\google\googletoolbar1.dll *MSNToolBandBHO/{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} `InprocServer32=C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll *Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872} `InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll 肇iles 翠utostart Folders 翟urrent User *C:\Documents and Settings\Ahmet Ekmen\Start Menu\Programs\Startup\desktop.ini 聞efault User *C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini 腿ocal Machine *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Prayer Call 3.0.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk 膏NI-Files 蓄IN.INI\[windows] *LOAD= *RUN= 艋YSTEM.INI\[boot] *SHELL=Explorer.exe 蓉ext Files *C:\boot.ini *C:\msdos.sys *C:\config.sys *C:\WINDOWS\system32\config.nt *C:\WINDOWS\wininit.ini *C:\WINDOWS\system32\drivers\etc\hosts 艋ystem/Drivers 舞unning Processes +0=<idle> +4=<system> +412=\SystemRoot\System32\smss.exe +460=\??\C:\WINDOWS\system32\csrss.exe +484=\??\C:\WINDOWS\system32\winlogon.exe +528=C:\WINDOWS\system32\services.exe +540=C:\WINDOWS\system32\lsass.exe +684=C:\WINDOWS\system32\svchost.exe +744=C:\WINDOWS\system32\svchost.exe +780=C:\WINDOWS\System32\svchost.exe +1016=C:\WINDOWS\System32\svchost.exe +1116=C:\WINDOWS\System32\svchost.exe +1132=C:\WINDOWS\Explorer.EXE +1284=C:\WINDOWS\system32\LEXBCES.EXE +1320=C:\WINDOWS\system32\LEXPPS.EXE +1328=C:\WINDOWS\system32\spoolsv.exe +1476=C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe +1504=C:\WINDOWS\System32\DVDRAMSV.exe +1532=C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe +1568=C:\Program Files\Norton AntiVirus\navapsvc.exe +1604=C:\Program Files\Norton Internet Security\NISUM.EXE +1792=C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe +1852=C:\WINDOWS\System32\svchost.exe +1912=C:\Program Files\Norton Internet Security\SymProxySvc.exe +2012=C:\WINDOWS\system32\wdfmgr.exe +160=C:\Program Files\Norton Internet Security\NISSERV.EXE +1144=C:\WINDOWS\System32\wbem\wmiprvse.exe +1220=C:\WINDOWS\System32\alg.exe +2056=C:\Program Files\QuickTime\qttask.exe +2088=C:\WINDOWS\system32\cthelper.exe +2104=C:\Program Files\MSN Messenger\MsnMsgr.Exe +2132=C:\WINDOWS\system32\ctfmon.exe +2168=C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe +2252=C:\WINDOWS\System32\svchost.exe +2320=C:\WINDOWS\system32\RAMASST.exe +2340=C:\Program Files\WinZip\WZQKPICK.EXE +3644=C:\Program Files\Sygate\SPF\smc.exe +3028=C:\Program Files\Internet Explorer\iexplore.exe +2780=C:\Documents and Settings\Ahmet Ekmen\Desktop\stardreck\StartDreck.exe 臧T Services *Alerter Alerter - disabled *Application Layer Gateway Service ALG running on demand *Application Management AppMgmt - on demand *ASP.NET State Service aspnet_state - on demand *Windows Audio AudioSrv running auto *Background Intelligent Transfer Service BITS running auto *Computer Browser Browser running auto *ConfigFree Service CFSvcs running auto *Indexing Service CiSvc - on demand *ClipBook ClipSrv - disabled *COM+ System Application COMSysApp - on demand *Cryptographic Services CryptSvc running auto *DCOM Server Process Launcher DcomLaunch running auto *DHCP Client Dhcp running auto *Logical Disk Manager Administrative Service dmadmin - on demand *Logical Disk Manager dmserver - on demand *DNS Client Dnscache running auto *DVD-RAM_Service DVD-RAM_Service running auto *Error Reporting Service ERSvc running auto *Event Log Eventlog running auto *COM+ Event System EventSystem running on demand *Fast User Switching Compatibility FastUserSwitchingCom running on demand *GlobalSCAPE CuteFTP Server Home GlobalSCAPE CuteFTP running auto *Help and Support helpsvc running auto *Human Interface Device Access HidServ - disabled *HTTP SSL HTTPFilter running on demand *IMAPI CD-Burning COM Service ImapiService - on demand *Server lanmanserver running auto *Workstation lanmanworkstation running auto *LexBce Server LexBceS running auto *TCP/IP NetBIOS Helper LmHosts running auto *Messenger Messenger - on demand *NetMeeting Remote Desktop Sharing mnmsrvc - on demand *Distributed Transaction Coordinator MSDTC - on demand *Windows Installer MSIServer - on demand *Norton AntiVirus Auto Protect Service navapsvc running auto *Network DDE NetDDE - disabled *Network DDE DSDM NetDDEdsdm - disabled *Net Logon Netlogon - on demand *Network Connections Netman running on demand *Norton Internet Security Service NISSERV running auto *Norton Internet Security Accounts Manager NISUM running on demand *Network Location Awareness (NLA) Nla running on demand *NT LM Security Support Provider NtLmSsp - on demand *Removable Storage NtmsSvc - on demand *Office Source Engine ose - on demand *Plug and Play PlugPlay running auto *IPSEC Services PolicyAgent running auto *Protected Storage ProtectedStorage running auto *Remote Access Auto Connection Manager RasAuto - on demand *Remote Access Connection Manager RasMan - on demand *Remote Desktop Help Session Manager RDSessMgr - on demand *Routing and Remote Access RemoteAccess - disabled *Remote Procedure Call (RPC) Locator RpcLocator - on demand *Remote Procedure Call (RPC) RpcSs running auto *QoS RSVP RSVP - on demand *Security Accounts Manager SamSs running auto *ScriptBlocking Service SBService - auto *Smart Card SCardSvr - on demand *Task Scheduler Schedule running auto *Secondary Logon seclogon running auto *System Event Notification SENS running auto *Windows Firewall/Internet Connection Sharing (I SharedAccess running auto `CS) *Shell Hardware Detection ShellHWDetection running auto *Sygate Personal Firewall SmcService running auto *Symantec Network Drivers Service SNDSrvc - on demand *SoundMAX Agent Service SoundMAX Agent Servi running auto *Print Spooler Spooler running auto *System Restore Service srservice - auto *SSDP Discovery Service SSDPSRV running on demand *Windows Image Acquisition (WIA) stisvc running auto *MS Software Shadow Copy Provider SwPrv - on demand *Norton Internet Security Proxy Service SymProxySvc running auto *Performance Logs and Alerts SysmonLog - on demand *Telephony TapiSrv - on demand *Terminal Services TermService running on demand *Themes Themes running auto *Distributed Link Tracking Client TrkWks running auto *Windows User Mode Driver Framework UMWdf running auto *Universal Plug and Play Device Host upnphost - on demand *Uninterruptible Power Supply UPS - on demand *Volume Shadow Copy VSS - on demand *Windows Time W32Time running auto *WebClient WebClient running auto *Windows Management Instrumentation winmgmt running auto *Portable Media Serial Number Service WmdmPmSN - on demand *WMI Performance Adapter WmiApSrv - on demand *Security Center wscsvc running auto *Automatic Updates wuauserv running auto *Wireless Zero Configuration WZCSVC running auto *Network Provisioning Service xmlprov - on demand 翠pplication specific Posted by: Lobos Hi wonderboy Try this Run the following commands from start/run: Regsvr32 softpub.dll Regsvr32 wintrust.dll Regsvr32 initpki.dll Regsvr32 dssenh.dll Regsvr32 rsaenh.dll Regsvr32 gpkcsp.dll Regsvr32 sccbase.dll Regsvr32 slbcsp.dll Regsvr32 mssip32.dll Regsvr32 cryptdlg.dll Lobos Posted by: wonderboy040587 Lobos, i have already done that last nite, i found on a website that was for fixing that 81000301 coded error... Posted by: Lobos It also looks like you have thee firewalls running windows firewall ,norton and sygate from your log It doesn' look like they are starting up from the start up log but you still have the services running so do this start/run: services.msc click ok click name so they are in alphabetical order find each one and double click on it the properties menu will open up for each one set the startup type to disabled and click stop on the servis status click apply - OK *Norton Internet Security Service NISSERV running auto *Norton Internet Security Accounts Manager NISUM running on demand *Symantec Network Drivers Service SNDSrvc - on demand *Norton Internet Security Proxy Service SymProxySvc running auto if your not using Norton AntiVirus disable and stop this service *Norton AntiVirus Auto Protect Service navapsvc running auto then restart system Lobos Posted by: southernlady Why didn't you finish your previous thread, back on 02-23-2005 at 11:36 AM when mobo gave you a fix and asked you to post a new log. I didn't close that thread until 03-04-2005 at 06:12 PM, which was over a week later and you did not PM me to let me know you needed it reopened and why? We don't mind helping but please finish with us, ok? Liz Posted by: wonderboy040587 Yeah southerlady, i was busy for a couple days and then the thread was closed by the time i looked back into it and my problems had already been solved, sorry about not getting back on that issue.. lobos i have tried what you have told, but i still get the same error message... Posted by: southernlady The only thing I see in your StartDrek log is Backweb. [quote]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk[/quote] You are going to have to log into [URL=http://www.spyware911.net/safemode.htm]Safe Mode[/URL] to the admin function and uninstall this program. If you can't find it, you may have to do it the hard way so have these instructions already printed out cause in safe mode, you can't access the internet: [URL=http://www.iamnotageek.com/a/359-p1.php]Backweb Removal guide[/URL] Liz Posted by: wonderboy040587 cleaned it, but the problem is still there, any other suggestions on msn, i would hate to format my comp but if it's the only way im gonna have to do it Posted by: wonderboy040587 ok guys thnx for the help, i think i'll format the computer Posted by: wonderboy040587 Formatted the computer, the problem is gone but now i have to download all the softwares... phew... thanks alot for the efforts Posted by: southernlady Sorry we didn't help fix it, Closing thread. Liz vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |