Problems? - Page 2

# Thread: Problems?

1. quote:
If there is a conflict between McAfee and Spy Sweeper, would that cause my internet connection to shut down repeatedly?

yes it can. among other things. There also seems to be a whole lot of stuff going on with mcafee. and a ton of other running processes. this in it self could kill a net connection.
So, would you shut down all of McAfee, or just the antispyware (and keep the virus scan). Or would you get rid of SpySweeper?

I've just been able to log on to the internet again after several hours of re-booting. I can almost bet that if I end the connection, I won't be able to get it back, without more of the same! Are you sure the rest of the HJT file looks OK?

2. If it were me id get rid of all that aol crap you have running, id also get rid of those tool bars and any excess processes. maybe you have a need for all that stuff, but I dont so id get rid of it. Id get rid of spysweeper and then becareful where I surfed. and run a scan adaware once in a while just to be sure. Id get rid of that mcafee sweet becasue it seems ot be a whole lot more than necessary, and get something smaller if anything. I like mcafee enterprise edition, but not their home editions. but thats just me, others opinions will differ im sure.

No, I am not absolutley sure that the rest of the log file is fine. I am 100 percent sure about very few things. But without actually using the computer I can only take guesses based on the information provided. You failed to provide any system info, it may be a problem elseware, maybe a hardware conflict, maybe a bad modem, maybe AOL just doesnt like you.

3. Get WinPatrol here:

http://www.winpatrol.com/

Use it to turn off/suspend anything you don'tABSOLUTELY Totally NEED, ALL THE TIME

Get EWIDO and A-Squared, update them and run them in safe mode.

What exactly did you do BEFORE this problem started?

4. Originally posted here by nihil
Get WinPatrol here:

http://www.winpatrol.com/

What exactly did you do BEFORE this problem started?

I downloaded winpatrol...have not run it yet.

Actually, my problems always seem to happen when my son is here (now that he is back permanently -- at least for a while -- I'm dreading the things that could happen). Last year, about this time, he was here and we were infected with CWS -- and it was this forum that helped me get rid of it. He's back (I insisted he have his own computer), but he's been having problems with it, and I think he's been on mine while I'm at work.

I have been having a lot of trouble accessing the internet. I'm running an HP with a 2.2 Ghz AMD Athlon processor and 2GB RAM, with XP Professional. I use AOL -- which a lot of folks don't like, but I have no problem with them -- and I seldom have difficulty.

However, for some reason I cannot always log on to the internet (not even directly through IE)...the computer (I have a DSL line) cannot seem to find the internet. I reboot, often several times, and can finally get on. But if I log out of AOL it is the same routine to get back in. I have a fairly new (less than 4 months) SpeedStream modem. Frequently the last few days (although it has been about an hour and a half now) the internet connection is lost.

You've probably seen the HJT logs in this thread. Here is the one I just ran:

-------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:22:23 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Owner\Desktop\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mamiya35collectors.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinPatrol] "c:\DOCUME~1\owner\desktop\security\WinPatrol.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://socrates.gateway.gm.com/http...com/iNotes.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1092976554296
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/sh...,2/mcmysec.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C52292E3-231C-42E0-B7F8-89FEBF6A09B9}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Owner\Desktop\Security\CWShredder 2.13.exe (file missing)
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

------------------------------------------------
I have no clue what to look for. Thank goodness someone directed me to this forum last year!

5. O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll - toolbar, waste of resources.

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE - realteks legal spyware, waste of resources

O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe - could be conflicting if mcafee has spam protection?

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe - still could be conflicting.

I still think you have too much stuff running, but thats your choice.

6. Originally posted here by herron
OK...I updated HJT and the log file now looks like this (and I still don't know what I should be looking for, so please help)
http://www.bleepingcomputer.com/foru...42.html#O1Diag

This is just one of the many HJT tutorials available. For your future reference, it may give you some idea of what you should be looking for

7. However, for some reason I cannot always log on to the internet (not even directly through IE)...the computer (I have a DSL line) cannot seem to find the internet. I reboot, often several times, and can finally get on. But if I log out of AOL it is the same routine to get back in. I have a fairly new (less than 4 months) SpeedStream modem. Frequently the last few days (although it has been about an hour and a half now) the internet connection is lost.
This sounds as if your problem may have nothing to do with malware.

Use WinPatrol to suspend the installation/running of any applications not absolutely needed. Be sure to kill Adobe Acrobat

Also, kill any scheduled jobs, automatic updates and crap like that. They are notorious for provoking these sorts of problems.

Boot into setup and kill all power saving options..............you want the machine on all the time (I know that is not the issue, but the software is constantly checking, which constitutes a background process) Turn off any screensaver.

Look at all your applications and turn "automatic update" to "manual" if you can.

Please run EWIDO and A-Squared in safe mode as already suggested.

If you have an old 56.6 modem, or can borrow another DSL, you might try that.

You might also get your telco to check your line, at the very least, try using a different phone socket if you can. Also check YOUR CABLE INTEGRITY I remember one a few years back where the cable went under a door to the phone socket in the hall. Opening and closing the door gradually wore away the cable and produced the symptoms you describe

As for the son..............try getting a removable hard drive chassis (they cost about 25 bucks over here) if there is no hard drive.....................

Good luck

8. As for the son..............try getting a removable hard drive chassis (they cost about 25 bucks over here) if there is no hard drive.....................
or set a strong password, and if the kid gets around it, then he cant say "I dint know I wasnt supposed to go on" then do what my friends dad did to him and shove a screwdriver through his keyboard, lol. (my friends dad did this to him when he would cut school, he also opened he case and dropped it on the leg f an over turned chair while it was one and told my friend he would buy him a new rig when he passed the semester)

9. Son is hardly a kid anymore...he's 27. LONG story about why he's back home with us...involves a very bad auto accident 3 years ago, when we almost lost him...and a lot of "surgery-and-recovery-and-trying-to-make-it-on-his-own-again-and-failing" stuff going on, that you don't want to hear, and I want even less to talk about.

He only uses my computer occasionally now (I insisted he get one of his own, since he was constantly changing things on mine when he's here). His burned up recently (literally) and he was back on mine until he could assemble all the components and make himself a new one.

My computer problems always seem to coincide with his use of the computer (and the connection isn't lost on me).

I'm going to take a look at the tutorial jm459 suggested, and I ran WinPatrol last night, and made some adjustments. Also, readjusted Spy Sweeper to run only when accessed, not on startup, to hopefully end any possible conflict with McAfee.

Question: why should I kill Adobe Acrobat? I actually use that to send and receive large documents to-and-from work, and don't understand why I should get rid of it?

10. Besides the links mentioned previously and the help you've received here, these sites may also be of use in the future:

http://www.hijackthis.de/

http://hjt.iamnotageek.com/

The first site above showed a few intersting items for your log:

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll - Nasty

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE - Nasty

O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Owner\Desktop\Security\CWShredder 2.13.exe (file missing) - Unnecessarily
Since each site at times give different advice on the same item, I use these sites as guides and see what areas I need to dig into further.

Since you mentioned it's only when your son is on-line ... is he playing any on-line games or downloading music? My nephews were notorious for playing the on-line games/music and somehow ended up getting viruses on their dad's computer.

Page 2 of 3 First 123 Last

#### Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•