D
dumblonde
Problem : I cannot get into secure web sites..
I have worked with several forum groups and technical
assistances and have tryed several things but after 4 days
I still cannot get into sites where I have to have a
userid and password. I cannot download from
windows live update," it says window update has encounted
an error and cannot display the requested page", nor can
I see my bank statements, or join any newsgroups. If i
have to register with a user name and password then i am
not authorized to use the service. When I try on internet
exployer I get the message "page not found or server not
found" When trying on Netscape 7.1 or MSN I get the
message " the connection was refused when attempting to
contact internet banking (or whatever site i am trying to
get access to)" .
The following are the things I was told to try:
From exployer tools, I delected cookies, temp files and
history files.
From the security tab, I made sure all the trusted sites,
restricted sites etc. where on default level.
From the content tab, I cleared ssl state.
Under personal Information, I clicked auto comcomplete,
and clicked clear forms, history and passwords.
From the advanced tab settings box under security tab, I
made sure the boxes where checked for
ssl2.0, ssl3.0 and tps.
I ran cmd :net start cryptsuc to verify Microsoft
Cryptographic services was started.
I ran cmd: msconfig and unchecked all the startup
problems so nothing would start but windows.
Verified that the cipher strength of internet exployer was
128 bit.
Went into edit registry and pulled up:
Hkey_local_machine|system|currentcontrolset|securityprovide
rs|schannel
I deleted everything that was on the right side of the
screen. (Default value 0) would not delete.
I ran spybot, adaware, spyblaster, file cleanup, window
doctor, nortons utilities.
I tryed to revert back several times up to two weeks ago,
and it tells me revert fails.
I ran hyjackthis and got the following results:
Logfile of HijackThis v1.97.3
Scan saved at 10:24:23 PM, on 11/25/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton
Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\mommy\MYDOCU~1\UTILIT~1\WinPatrol.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\StartupMonitor.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton
CleanSweep\csinsmnt.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Ontrack\PowerDesk\PDExplo.exe
C:\Documents and Settings\Mommy\Local
Settings\Temp\Temporary Directory 21 for
hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.vivisimo.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.vivisimo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.vivisimo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window
Title = MICKEY'S FAVORITE BROWSER
N3 - Netscape 7: user_pref
("browser.startup.homepage", "http://home.netscape.com/");
(C:\Documents and Settings\Mommy\Application
Data\Mozilla\Profiles\default\eeurv03o.slt\prefs.js)
N3 - Netscape 7: user_pref
("browser.search.defaultengine", "engine://C%3A%5CProgram%
20Files%5CNetscape%5CNetscape%206%5Csearchplugins%
5CSBWeb_01.src"); (C:\Documents and
Settings\Mommy\Application
Data\Mozilla\Profiles\default\eeurv03o.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-
174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-
298DDF1699E1} - C:\Program Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton Internet
Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-
A37C9A5676A7} - C:\Program Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton Internet
Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] c:\DOCUME~1\mommy\MYDOCU~1
\UTILIT~1\WinPatrol.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1
\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1
\bin\IncMail.exe /c
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1
\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\Fix-
It\MemCheck.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program
Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKCU\..\Run: [STYLEXP] C:\Program
Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32
\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program
Files\SpywareGuard\sgmain.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet
Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton
CleanSweep\csinsmnt.exe
O4 - Global Startup: GoBack.lnk = C:\Program
Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Look for Spybot-S&&D updates (HKLM)
O9 - Extra 'Tools' menuitem: Look for Spybot-S&&D updates
(HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Help (HKCU)
O9 - Extra button: Support (HKCU)
O9 - Extra button: ComcastHSI (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/
sw.cab
O16 - DPF: {53406295-12AB-4F49-824A-C5EAD19365DE}
(CHSInstaller Class) -
http://www.compaq.com/athome/support/PCHInstallTrust01.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl
..CAB?37626.3784027778
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin
/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq
System Data Class) -
http://www29.compaq.com/falco/SysQuery.cab
I did download the service pack sp1 from exployer 6, but
now I don't have the program paint.
PLEASE PLEASE PLEASE SOMEONE HELP ME. i'M TOLD I WILL
HAVE TO REINSTALL WINDOWS XP.
ANY SUGGESTIONS TO TRY WOULD REALLY MEAN ALOT TO ME. I
AM ABOUT AT THE END OF MY ROOP.
I have worked with several forum groups and technical
assistances and have tryed several things but after 4 days
I still cannot get into sites where I have to have a
userid and password. I cannot download from
windows live update," it says window update has encounted
an error and cannot display the requested page", nor can
I see my bank statements, or join any newsgroups. If i
have to register with a user name and password then i am
not authorized to use the service. When I try on internet
exployer I get the message "page not found or server not
found" When trying on Netscape 7.1 or MSN I get the
message " the connection was refused when attempting to
contact internet banking (or whatever site i am trying to
get access to)" .
The following are the things I was told to try:
From exployer tools, I delected cookies, temp files and
history files.
From the security tab, I made sure all the trusted sites,
restricted sites etc. where on default level.
From the content tab, I cleared ssl state.
Under personal Information, I clicked auto comcomplete,
and clicked clear forms, history and passwords.
From the advanced tab settings box under security tab, I
made sure the boxes where checked for
ssl2.0, ssl3.0 and tps.
I ran cmd :net start cryptsuc to verify Microsoft
Cryptographic services was started.
I ran cmd: msconfig and unchecked all the startup
problems so nothing would start but windows.
Verified that the cipher strength of internet exployer was
128 bit.
Went into edit registry and pulled up:
Hkey_local_machine|system|currentcontrolset|securityprovide
rs|schannel
I deleted everything that was on the right side of the
screen. (Default value 0) would not delete.
I ran spybot, adaware, spyblaster, file cleanup, window
doctor, nortons utilities.
I tryed to revert back several times up to two weeks ago,
and it tells me revert fails.
I ran hyjackthis and got the following results:
Logfile of HijackThis v1.97.3
Scan saved at 10:24:23 PM, on 11/25/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton
Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\mommy\MYDOCU~1\UTILIT~1\WinPatrol.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\StartupMonitor.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton
CleanSweep\csinsmnt.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Ontrack\PowerDesk\PDExplo.exe
C:\Documents and Settings\Mommy\Local
Settings\Temp\Temporary Directory 21 for
hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.vivisimo.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.vivisimo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.vivisimo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window
Title = MICKEY'S FAVORITE BROWSER
N3 - Netscape 7: user_pref
("browser.startup.homepage", "http://home.netscape.com/");
(C:\Documents and Settings\Mommy\Application
Data\Mozilla\Profiles\default\eeurv03o.slt\prefs.js)
N3 - Netscape 7: user_pref
("browser.search.defaultengine", "engine://C%3A%5CProgram%
20Files%5CNetscape%5CNetscape%206%5Csearchplugins%
5CSBWeb_01.src"); (C:\Documents and
Settings\Mommy\Application
Data\Mozilla\Profiles\default\eeurv03o.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-
174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-
298DDF1699E1} - C:\Program Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton Internet
Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-
A37C9A5676A7} - C:\Program Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton Internet
Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] c:\DOCUME~1\mommy\MYDOCU~1
\UTILIT~1\WinPatrol.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1
\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1
\bin\IncMail.exe /c
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1
\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\Fix-
It\MemCheck.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program
Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKCU\..\Run: [STYLEXP] C:\Program
Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32
\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program
Files\SpywareGuard\sgmain.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet
Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton
CleanSweep\csinsmnt.exe
O4 - Global Startup: GoBack.lnk = C:\Program
Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Look for Spybot-S&&D updates (HKLM)
O9 - Extra 'Tools' menuitem: Look for Spybot-S&&D updates
(HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Help (HKCU)
O9 - Extra button: Support (HKCU)
O9 - Extra button: ComcastHSI (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/
sw.cab
O16 - DPF: {53406295-12AB-4F49-824A-C5EAD19365DE}
(CHSInstaller Class) -
http://www.compaq.com/athome/support/PCHInstallTrust01.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl
..CAB?37626.3784027778
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin
/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq
System Data Class) -
http://www29.compaq.com/falco/SysQuery.cab
I did download the service pack sp1 from exployer 6, but
now I don't have the program paint.
PLEASE PLEASE PLEASE SOMEONE HELP ME. i'M TOLD I WILL
HAVE TO REINSTALL WINDOWS XP.
ANY SUGGESTIONS TO TRY WOULD REALLY MEAN ALOT TO ME. I
AM ABOUT AT THE END OF MY ROOP.