0

If you believe it to be any or all of those mentioned, simply disable them one at a time and try downloading.
Install another browser (FireFox maybe) and see if you have any problem downloading.

How far back can you go with system restore? It may be worth going back to before you had the problem. (Haven't read all this thread so am not sure if this was already mentioned :))

0

I was looking at some of my trend Micro anti virus logs and quite a few drivers looks like have been disable i wonder that if I can post you guys a log of my drivers of anything else that might be helpful, could one of you computer experts be able to spot the reason my machine wont download? . I got a message from a brother named Tom who said his computer was doing the same thing. There has to be something that was disabled or some hidden feature that has been activated that is the problem. I have recently noticed that I have a browser called Traylon Explorer 1.4 that is installed on my machine. It seems to be a 30 day trial version because it has a price associated to it after 30 days. Ive tried to delete it but It isnt shown in the programs add or delete files. I went to c: program files and tried to delete it and it wouldn't let me. It has an icon on my desktop that is really neat because when I pont to it ,it will show me everything I have on my computer and i can open anything from that point without going to several different windows to get where I want to go. But I did not ask for it nor do I know how it got on my machine. I am the only one that uses this computer. I know that this problem is something simple but just a mater of looking in the right place for the problem. Any help will be appreciated. Thanks.

0

Well, first of all, I did a Google search for Traylon Explorer and nothing came up; if this were a legit browser, I would think there would be some info on it (assuming you spelled it correctly :) ). Secondly, since it just 'showed up' on your computer, that would be another hint to me that it doesn't belong.

Try booting into Safe Mode, go to Add/Remove Programs in your Control Panel, and look for Traylon Explorer -- remove it if it is. Then, go to C:\Program Files and look for a folder named Traylon Explorer and remove it if found.

My guess would be that the most likely cause for you being unable to download is a setting in your firewall. Have you tried to disable it then download anything?

Can you post a recent HJT log so we can see if there are any more clues?

Just to clarify, you can access the web, right? It's just the inability to download anything isn't it?

0

Im sorry. The name of the program is "TrayIcon Explorer 1.4" I can access the web but i can't download anything. I tried booting in safe mode and TrayIcon wasn't on the add or remove programs file. I did find it in C:\program files and I tried to delete it from there but it said that I didn't have permission to delete it or it was being used. I just did a new Hjt scan in which will be posted below but i noticed a file that has Internet Explorer disabled or something like that . Take a look at that. Im just so darn illiterate when it comes to these files. i want to try to change things to see if it will help but then it doesnt help and it messes somethsing else up and I forget what I did. So I wil just wait until I hear from you guys. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 7:01:44 PM, on 4/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\TrayIcon Explorer\te.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\system32\pc32.exe bg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Versato] C:\Program Files\MagicKey\MagicKey.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: TrayIcon Explorer.lnk = C:\Program Files\TrayIcon Explorer\te.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

0

I have recently purchased Firefox and Im waiting for delivery. If I install it and use it for a browser do you think that will eliminate this downloading problem? I have read that lots of people have problems with IE. I resinstalled my Treed Micro firewall and anti virus so that cut the microsoft firewall off. I stll dont have a clue even though Ive posted several hjt logs here. This must be a mystery problem for many people. I appreciate all the help I can get. thanks

0

I have recently purchased Firefox and Im waiting for delivery. If I install it and use it for a browser do you think that will eliminate this downloading problem?

That would depend on the reason you can't download; if it's a setting in your firewall, another browser probably won't make any difference.

If it does work, however, that will narrow down the problem to an IE issue.

0

I just received the last reply . I have turned my microsoft firewall completely off. Should I stil have a problem with fire wall settings? I am running Spyblaser, Spybot search and destroy, and PC security . Do you think any of them would have a setting that wouldn't let me download and if so howe can I change it? But the message says that IE can't download the file because IE can't locate the file of the file doesn't exist. Wouldn't that be an IE problem. Man I wish someone knew something about this problem that several different people have.

0

I just received the last reply . I have turned my microsoft firewall completely off. Should I stil have a problem with fire wall settings? I am running Spyblaser, Spybot search and destroy, and PC security . Do you think any of them would have a setting that wouldn't let me download and if so howe can I change it? But the message says that IE can't download the file because IE can't locate the file of the file doesn't exist. Wouldn't that be an IE problem. Man I wish someone knew something about this problem that several different people have.

Did you also turn off the TrendMicro firewall you said you installed? You should only have one software firewall installed on your system, by the way.

SpywareBlaster and Spybot shouldn't cause this problem; PC Security may -- I'm not familiar with the program though.

IEFix, that I suggested in post #45, may fix the problem. I'll try to email it to you later when I get home.

0

I turned the Trend Micro Firewall down to the lowest setting and turned everything else off and still cant download. I get the same pop up message. It has to be some hidden setting that is causing the problem. Outlook blocked the IEFix you mailed me. It said it is a harmful file. How can this be when the Microsoft firewall is turned off? Man please firgure this crap out. Mabe firefox will do the trick. I should have it soon.

0

The firewalls aren't related to Outlook blocking attachments; try this:

Open Outlook Express, click on Tools, and then Options; in the Options section, click on Security, uncheck the option that says 'Do not allow attachments that could be dangerous' (you may want to reenable this after you get the file).

0

I downloaded the IEfix and tried to run it but it asked me for windows XP proffessional cd in which I dont have. Man I just can't win for losing with this computer. I have my office Xp Proffessional cd but The windows was loaded by someone else and No cd. Ill try again.

0

Mr dlh, I ran the IEfix and after that I couldn't even open a daniweb linc. It told me that the linc had been restricted. I then tried to download a software and I got the same messasge. I ran the IEfix saveral times and each time I had to doystems restore to get my machine to work properly again. So is it the IE or just a setting that is wrong. It sux not being able to download updates or anything. I looked over the IEfix dialog and it didnt say anything about IE not being able to download as one of the problems. Got any more suggestions? I think if I keep trying different things we will eventually get the solution. Please let me Know your thoughts. Thanks

0

Someone else may have some more ideas, but at this point I think you should just wait for Firefox to arrive and see that works -- whether it does or not will help with what direction to go in.

Other then that, I'd say to reinstall the OS, either the Win2000 you have, or purchase WinXP.

By the way, were you able to get IEFix because you changed that setting in Outlook or because it was zipped?

0

Hey I opened the mail you sent and clicked on the attachment and it gave me a window to either open it or save it. I did both. Today I ran a hjt and I studied it and I went through it and deleted everything that looked suspicious. I saw a file that had Internet Explorer and something about restrictions on it. I deletedit. a few minutes ago I went to the microsoft updates and I clicked on the recomended updates and it downloaded and installed them. I might have found the right button because I haven't been able to download zilch. I'm still going to use Firefox because everyone seems to like it better than IE. Hopefully I have foud the doswnloading solution. Let me try a few more tries downloading and I will let you know the results. Mabe I can start enjoying some other sites in Daniweb. I appreciate all the help.

0

Let me try a few more tries downloading and I will let you know the results.

Yes, do that please. This has been a pretty long battle; it would be good to know if you finally got it fixed.

0

When I went to Microsoft updates I was able to download the latest updates and install them. Then I went to Crunchies post and trfied to download the Opra browser and I got the same message and was unable to download. I tried a few other of the things listed and was unable. I don't understand it. So I can download Microsoft stuff but nothing else? Go figure. Got me stumped.

0

This is the log before I deleted the things that prevented me from downloading updates.
Logfile of HijackThis v1.99.1
Scan saved at 10:46:43 PM, on 4/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\TrayIcon Explorer\te.exe
C:\Program Files\inKline Global\Security Booster\SecurityBooster.exe
C:\highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEWatcher Class - {8E9A7A9D-0674-4639-98E6-7B37BF6E37DB} - C:\Program Files\inKline Global\Security Booster\SecurityBoosterBho.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\system32\pc32.exe bg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Versato] C:\Program Files\MagicKey\MagicKey.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2005423191951_mcinfo.exe /insfin
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: TrayIcon Explorer.lnk = C:\Program Files\TrayIcon Explorer\te.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

This is after I deleted the items and then I was able to download Microsoft updates

Logfile of HijackThis v1.99.1
Scan saved at 7:56:55 PM, on 4/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\Internet Security 2005\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\Internet Security 2005\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\Internet Security 2005\tmproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\Internet Security 2005\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: IEWatcher Class - {8E9A7A9D-0674-4639-98E6-7B37BF6E37DB} - C:\Program Files\inKline Global\Security Booster\SecurityBoosterBho.dll
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\system32\pc32.exe bg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Versato] C:\Program Files\MagicKey\MagicKey.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2005423191951_mcinfo.exe /insfin
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\Internet Security 2005\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\Internet Security 2005\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\Internet Security 2005\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\Internet Security 2005\tmproxy.exe

If Anybody can see anything else that I might delete to help Just printit really big so I can zap it out of my system,Thanks

0

There are still at least two malicious elements in your last log as far as I can see.

1. Have HJT fix:

O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\system32\pc32.exe bg
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2005423191951_mcinfo.exe /insfin


2. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the following file:
C:\WINDOWS\system32\pc32.exe bg

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):

Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Delete the entire content of your C:\Windows\Temp folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.

- Reboot normally.


2. Run HJT again and post a new log.

0

I think I got everything but please check it out. Now I cant get the thing to save my mail to the inbox. After I read my mail its gone to who knows where. any suggestions? Here is the HJt log after my last tampering.
Logfile of HijackThis v1.99.1
Scan saved at 9:15:59 AM, on 4/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\Internet Security 2005\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\Internet Security 2005\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\Internet Security 2005\tmproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\Internet Security 2005\TmPfw.exe
C:\PROGRA~1\TRENDM~1\Internet Security 2005\PccGuide.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: IEWatcher Class - {8E9A7A9D-0674-4639-98E6-7B37BF6E37DB} - C:\Program Files\inKline Global\Security Booster\SecurityBoosterBho.dll
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Versato] C:\Program Files\MagicKey\MagicKey.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\Internet Security 2005\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\Internet Security 2005\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\Internet Security 2005\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\Internet Security 2005\tmproxy.exe

0

I still can't download anything from places like geeks.com or whatever it is. All I have been able to download is Microsoft updates. I just don't know what to do.

0

1. Just a couple of loose ends left in that log; otherwise it looks clean.
Have HJT fix:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)


2. In terms of the download problem: I can't think of anything else to suggest except to see what happens when you get a chance to install Firefox.


3. "Disappearing" mail: If you're using Outlook or Outlook Express, your read messages haven't gone anywhere, they're just hidden from you because either your "View" setting is set to "Unread Messages" instead of just "Messages", or you have a rule/filter in place which is hiding read messages.

0

I just wanted to ask a few more questions about things I dont understand. I got my mail to working properly again and thanks. I use to have a "run" and " search" selection on my start menu. For quite some time now I haven't had either on the start menu or anywhere elese. I went to a certain place in my administrative tools and found a box to check to put them on the start menu but that didn't work. I was on the phone with Trend Micro about registering my new software. I had put the old registration code in and that was preventing me from registering the new. Anyway we needed to go to the run in order to get in the register{I think thats whydaa} but the "run" dude wasn't there. Whadaya think? Is it just hiding from me. Did ole piece of trash," Mr Virus" hide it from me or did just dunb ole me delete it for some ignorant reason? Iwould appreciate some insight on this. I need to call mozilla about my Firefox cause its been ten days since I put the order in. thanks.

0

The setting to display the Run option is in your Start menu preferences. Right-click on your Taskbar, click Properties, click the Start Menu tab, and then click the Customize button.

- If you're using the standard XP Start Menu style: click on the Advanced tab in the Customize window, scroll down to the "Run command" option, and click on its check-mark box.

- If you're using the "classic" Windows Start Menu style: put a check in the "Display Run" box in the Customize window.

0

man today i broke down and called Microsoft. I got this tech on the phone in India. It was the same guy that I had last year that kept me on the phone for 5 hours trying to help me with a problem that never got resolved. I stayed on the phone for 4.5 hours trying everything to get IE to download. No friggin resolution. I finally told the guy that I had other things to do and had to go. When I got in this evening I received an e-mail ffrom him saying that we had reached a resolution on the problem. Iwrote him back and let him know that I am contacting microsoft and telling them that we stayed on the phone 4.5 hours and nothing we tried worked. I was alright with trying different things but for him to write a report that we found a resolution. I still can't download a damn thing.

0

I have recently recieve a message from My rend Micro firewall that says another computer is logged on to my network. It gives the Ip address aand mac address and I want to know if there is any way to get rid of this person. I wonder if its possible for someone to look at the Hjt Log and figure a way to hack into my system? I still haven't recieved the firefox browser because they said they were waiting for some to come in. I still can't download anything and no one can figure it out. I 'm worried about this computer on my network.

0

In terms of the reported intrusion- can you describe you overall network setup in more detail please?

- What type of Internet connection do you have (Cable, DSL, etc.)?

- If you have broadband, do you have a Cable/DSL firewall router installed?

- Is there wireless in use on the network?

- Is this an office network or just a home network? How many machines are on it, what functions do they perform (workstation, file server, mail server, etc.), and how are they interconnected?


One of the keys to figuring out the intent and possible danger of a reported connection from the outside world is to figure which ports are being used in the connection. By default, many ports known to vulnerable to exploit are left open. The thing to do is to eliminate access to those ports by shutting down the services that use them and configuring your firewall to block connections on those ports.

You can get some interesting and illuminating detail in that regard by opening a DOS window and typing the following command at the prompt:

netstat -ano

0

DMR --
In the beginning of this thread he said he didn't have access to any other computers, so I'm pretty sure he has only this one computer and no network.

Southernneonservice --
You should still answer all of DMR's questions to help determine a possible explanation/solution.

I recall asking you in a prior post how well you knew the person that installed XP on your computer; I don't recall the exact entries now, but something led me to suspect this person may attempt to do something like this because of certain programs on your computer that you didn't even know existed.

I still recommend a fresh installation of Windows2000 (or purchase XP), and install it yourself!

0

Im not aware of having any type of network. I think I may have dowloaded the tend Micro wireless program a dfew months ago when trying to recover my trend Micro registration code that was lost. I have a dsl with a Westell Modem. All I have is this one machine here at home and the only thing connected to it is a Toshiba Pocket Pc. The guy that installed the XP on my machine is very reputable. He is a great guy that is very professional. He is a student that works on the conputers at the doctors office my wife works for. I found out through my security booster that I have lots of ports that are vunerable but I dont know how to shut them down. I keep getting a message from Trend Micro that unknown computer is connected to my network. Then it gives me a WIFI Dection. Status unknown, IP address 192.168.1.254, Computer Na, Mac address 00:of:db:00:c:gd. I never thought about it hard enough think, man I don't even have a network so why should I be concerened? I have gone to Microsoft and downloaded lots of things in the past and I think the updates and service packs mess up lots of things, Im getting a security message that has several warnings , Ms04 027, ms05 004 are a couple of them and I think they came from downloading the net update. Mabe you guys can give me a little insight on these things. Thanks

0

I really am illiterate when it comes to these machines. I can about figure anything out with common sense but these computers require an intellegent knowledge and if you start trying to use common sense you ruin your whole system :evil: . I think the IP address that is connecting to my net work is my own. I dont know why my firewall doesn't recognize it. I have another round with Microsoft Sat and we are going to get my downloading problem straightened out. Ill post the outcome. I appreciate all of you guys help ;) . Tim

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.