Denial of MSN service, virus? ,I DON'T KNOW...

Now I've downloaded your product, and it too will not update...
Here is what I have written and was responded to in the pcpitstop forum... It's driving
me nutz, I've been working on fixing this for the last 28 hours... I have gone to
the registry and can't find these things anymore but I still can't update NORTON,
the firewall can't be turned on (it's all been turned off), I have to turn on auto
protect manually... The reboot time is almost 4 minutes... And my MSN won't work
because when I try to log on I get the error message that I am not connected to the
internet... HELP!!! Iron

**************************************************************
I have run every scan in the book... I tried to update the AVG I just downloaded and it says I'm not connected to the internet... MSN does the same thing... My norton has been turned off... Can't figure out what the problem is... I've been working on this since this morning... I just have no clue... I turned off system restore, so I can't get back my MSN. I know this sounds pathetic, but I need help...
SpyBotSearchandDestroy found this in my start-up and i have no clue how to get rid of it:
Current value: MSConfig
Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

Database status: Typically not required
Value: MSConfig
Filename: MSCONFIG32.EXE

Description
Unidentified adware, spyware or virus. Not to be confused with the valid entry above which has the command \"msconfig.exe\"

Source: Paul Collins Startup list

AND YES, there's an AND, something is blocking me from Window's update...
I always keep that updated...

Iron

This post has been edited by IronCurtain on Jan 23 2004, 08:47 PM

stormy13 Posted: Jan 23 2004, 08:58 PM Report a rules violation « Quote »



Still Learning



Group: Anti-Spyware Brigade
Posts: 1129
Member No.: 3229
Location: Toronto, Ontario



You have a virus/worm that is causing your problems. See here,

http://www.trendmicro.com/vinfo/virusencyc...e=WORM_SPYBOT.B

for info on how to remove it.

--------------------
Adaware Spybot S & D

How to post a test.

IronCurtain Posted: Jan 23 2004, 10:47 PM Report a rules violation « DELETE » « Edit » « Quote »



Member



Group: Members
Posts: 19
Member No.: 13256
Location:



I have run the Trend Micro Sysclean application... On 26 files, there was an error and access was denied... It found no other viruses... Argh... Iron

This post has been edited by IronCurtain on Jan 23 2004, 10:48 PM

ggarj Posted: Jan 23 2004, 10:57 PM Report a rules violation « Quote »



Advanced Member



Group: Anti-Spyware Brigade
Posts: 622
Member No.: 7042
Location: East Coast, USA



IronCurtain .. try running a virus scan here

http://housecall.antivirus.com/housecall/s.../start_corp.asp

IronCurtain Posted: Jan 23 2004, 11:00 PM Report a rules violation « DELETE » « Edit » « Quote »



Member



Group: Members
Posts: 19
Member No.: 13256
Location:



I'll try running it without updating, it won't let me update... Says I have no connection to the internet...lol... Iron...

IronCurtain Posted: Jan 24 2004, 08:42 AM Report a rules violation « DELETE » « Edit » « Quote »



Member



Group: Members
Posts: 19
Member No.: 13256
Location:



None of these things seemed to have helped... Any other suggestions Iron

This post has been edited by IronCurtain on Jan 24 2004, 08:42 AM

stormy13 Posted: Jan 24 2004, 08:47 AM Report a rules violation « Quote »



Still Learning



Group: Anti-Spyware Brigade
Posts: 1129
Member No.: 3229
Location: Toronto, Ontario



Did you try following the instructions in the link I provided,

http://www.trendmicro.com/vinfo/virusencyc...e=WORM_SPYBOT.B

It has instructions on how to manually remove the trojan.

--------------------
Adaware Spybot S & D

How to post a test.

dickster Posted: Jan 24 2004, 08:48 AM Report a rules violation « Quote »



Just A Member



Group: Anti-Spyware Brigade
Posts: 2933
Member No.: 50
Location: Texas



Lot of things you can try mentioned in this thread.

http://www.computing.net/security/wwwboard...forum/5857.html

--------------------
2.0 P4, 512 DDR 2100, 100+40gb 7200 hdd, W2K


How To Post PC Pitstop Test Results

IronCurtain Posted: Jan 24 2004, 09:25 AM Report a rules violation « DELETE » « Edit » « Quote »



Member



Group: Members
Posts: 19
Member No.: 13256
Location:



Thank you Stormy, I did that last night... I went into the registry but don't see where it has been changed...

Thank you Dickster... I found an entry about: http://www.dougknox.com
Do you know where or what to do from that site

Iron

dickster Posted: Jan 24 2004, 09:36 AM Report a rules violation « Quote »



Just A Member



Group: Anti-Spyware Brigade
Posts: 2933
Member No.: 50
Location: Texas



Here's what is says about that site.

 

Hi IronCurtain

Welcome to Wilders.

Since u have already run Spybt S&D go to step 2 of the instructions at this link,

http://www.wilderssecurity.com/showthread.php?t=15913

then post a hijackThis log.





snowbound

 

Here's the log, thanxz for the help!!!
*******************************************
Logfile of HijackThis v1.97.7
Scan saved at 2:01:03 PM, on 1/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Crystal Johnson\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.16.201/sb/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.backroads.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.40.16.201/sb/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (disabled by BHODemon)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (disabled by BHODemon)
O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (disabled by BHODemon)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://mail.igl.net:8000/java/cr.cab
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/vet_install_popup.pl?1&04.00.05.04&http://www.lookingyourbest.com/inamodel/index.html
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/SW.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://www.pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37890.7589236111
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) -

http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

 

Hi IronCurtain,

Before you start please unzip hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. In a Temp folder they easily disappear.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.16.201/sb/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.40.16.201/sb/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

R3 - Default URLSearchHook is missing

Then download and run CWShredder

Then reboot, try again and let us know.

Oh, and you can release the BHO's that are disabled by BHODemon. They are all of the friendly kind.

Regards,

Pieter

 

Didn't work...

Here are two examples of what the problems are:

1)MSN:
We were unable to sign you into NET. Messenger Service, possibly because of a problem with your internet connection. Please try again later. 0x81000370

2)WINDOWS UPDATE:
Windows Update has encountered an error and cannot display the requested page.

Select from any of the following pages for information about Windows Update services, or send us your feedback.

Windows Update Home Page
About Windows Update
Support Information



You can also get online support if you are having problems with Windows Update.


Send error number to Microsoft (0x800C0005)
************************************************************


Also, is there some way to re-establish the internet connection to these products

Thanxz Iron

 

If i can interrupt here

I found this link,

http://www.askmarvin.ca/forums/index.php?showtopic=664

that could be useful for your MSN problem.




snowbound

 

No, that's not it, but thanxz... Iron...