Ouch3806 Posted December 24, 2011 ID:508975 Share Posted December 24, 2011 The MalwareBytes scan found 2 infections in Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disaled.SecurityCenter) -> Bad: (1) Good (0) -> Quarantined and deleted successfully HKEY_LOCAL_MACHINE\SOFWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disaled.SecurityCenter) -> Bad: (1) Good (0) -> Quarantined and deleted successfully but this error returns each time I reboot. Link to post Share on other sites More sharing options...
Ouch3806 Posted December 24, 2011 Author ID:508982 Share Posted December 24, 2011 attached is the DDS.scr log file Link to post Share on other sites More sharing options...
LDTate Posted December 25, 2011 ID:509205 Share Posted December 25, 2011 The MalwareBytes scan found 2 infections in Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disaled.SecurityCenter) -> Bad: (1) Good (0) -> Quarantined and deleted successfully HKEY_LOCAL_MACHINE\SOFWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disaled.SecurityCenter) -> Bad: (1) Good (0) -> Quarantined and deleted successfully but this error returns each time I reboot.potentially unwanted malwareYou don't need to worry about either of those.Is your Anti-Virus and a Firewall working? Link to post Share on other sites More sharing options...
Ouch3806 Posted December 26, 2011 Author ID:509579 Share Posted December 26, 2011 potentially unwanted malwareYou don't need to worry about either of those.Is your Anti-Virus and a Firewall working?It appears that none of my applications are running. No internet connection. The icons appear on my desktop but nothing seems to launch... like it is hidden from execution. I rebooted in 'safe mode' and only the desk top comes up, but internet, email, MS Office no longer work. Link to post Share on other sites More sharing options...
LDTate Posted December 27, 2011 ID:509597 Share Posted December 27, 2011 Those issues aren't caused by those two.Sounds like you have a nasty infection.Lets see if we can fix the hidden / missing icons etc, first.Download unhide.exe & save it to your windows folder: Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7) RebootThis will unhide folders/files that were set to be hidden by the infection you had.After running the unhide tool you may still be missing most of your start menu shortcuts… They can be found in a folder named smtmp inside:(XP)- C:\Documents and Settings\Username\Local Settings\Temp(W7)- C:\Users\Username\AppData\Local\TempC:\Windows\TempExample:%Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" %Temp%\smtmp\4 "%AllUsersProfile%\DesktopThese will be there unless you have removed temp files / foldersThere might be three numbered folders inside C:\Documents and Settings\Your User Name\Local Settings\Temp\smtmp folder. The folders will be numbered 1, 2 and 4. Inside the 1 folder is a folder named “Programs.” This folder should be copied / pasted to (using XP) to C:\Documents and Settings\All Users\Start Menu, which will already have a folder named Programs but it is safe to overwrite it since Windows will replace the subfolders without creating duplicates. Inside the 2 folder are the quick launch items specific for the user. Select ALL of these shortcuts and copy / paste to (using XP) C:\Documents and Settings\Your User Name\Application Data\Microsoft\Internet Explorer\Quick Launch. Inside the 4 folder are the desktop items that should be copied to C:\Documents and Settings\All Users\Desktop. Let me know if everything was there and how it's running now. Link to post Share on other sites More sharing options...
Ouch3806 Posted December 27, 2011 Author ID:509639 Share Posted December 27, 2011 I downloaded and ran the Unhide.exe file.After running the unhide tool I am still missing most of your start menu shortcuts… I could not fing them in a folder named smtmp inside:(XP)- C:\Documents and Settings\Username\Local Settings\TempAll that was in the Temp folder were:_Avast_en-ushsperfdata_DarleneNDP1.1sp1-KB2416447-X86+ OneNotRuntime Cache Link to post Share on other sites More sharing options...
Ouch3806 Posted December 27, 2011 Author ID:509640 Share Posted December 27, 2011 Seems that I can see more of my document folders now (that I couldn't see before).But I still can't get to the internet and cannot launch any shortcuts.Still can't launch MS Exel/MS Word or other progams. Link to post Share on other sites More sharing options...
LDTate Posted December 27, 2011 ID:509724 Share Posted December 27, 2011 If need be, Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer. Download Combofix from any of the links below but rename it to iexplore.exe before saving it to your desktop. If need be, Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer. Note:If combofix (iexplore.exe) won't run from the desktop, try running it from the USB device.Link 1Link 2 If using this link, Right Click and select Save As.* IMPORTANT !!! Save iexplore.exe to your DesktopDouble click on the iexplore.exe ComboFix.exe & follow the prompts. Be sure to download any updates.When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective ProgramsDouble click on ComboFix.exe & follow the prompts.Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7. Note: If you have SP3, use the SP2 package.If Vista or Windows 7, skip the Recovery Console partAs part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.Notes:1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.Give it atleast 20-30 minutes to finish if needed.Please do not attach the scan results from Combofx. Use copy/paste.Also please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
Ouch3806 Posted December 27, 2011 Author ID:509818 Share Posted December 27, 2011 Here is the ComboFix (iexecue) log:ComboFix 11-12-27.01 - HP_Administrator 12/27/2011 12:54:54.1.2 - x86 NETWORKMicrosoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.196 [GMT -5:00]Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exeAV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Administrator\WINDOWSc:\documents and settings\Darlene\WINDOWSc:\documents and settings\Default User\WINDOWSc:\documents and settings\HP_Administrator\WINDOWSc:\windows\EventSystem.logc:\windows\system32\config\systemprofile\WINDOWSc:\windows\system32\ps2.batD:\Autorun.infK:\Autorun.infK:\Setup.exe..((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))..2011-12-27 03:49 . 2011-12-27 03:48 684297 ----a-w- c:\windows\unhide.exe2011-12-27 01:12 . 2011-12-27 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND2011-12-27 01:12 . 2011-12-27 01:12 -------- d-----w- c:\program files\ErrorEND2011-12-26 23:29 . 2011-12-26 23:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com2011-12-26 23:27 . 2011-12-26 23:29 -------- d-----w- c:\program files\SUPERAntiSpyware2011-12-26 23:27 . 2011-12-26 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-12-27 03:43 . 2011-12-27 03:45 684297 ----a-w- c:\windows\cursors\unhide.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-11 59392]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-28 58488]"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2004-08-31 33936]"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 339968]"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-01-03 180269]"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608].c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Seagate 2GE2GGHN Product Registration.lnk - [N/A].c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe [2003-1-3 73728]Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2003-1-3 45056].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"Taskman"="".[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"=.R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 3:31 PM 161064]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/21/2011 8:29 PM 366152]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/21/2011 8:29 PM 22216]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?].Contents of the 'Scheduled Tasks' folder.2011-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34].2011-12-23 c:\windows\Tasks\Easy Internet Sign-up.job- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-04 02:04].2011-12-27 c:\windows\Tasks\ErrorEND.job- c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23].2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-27 23:01].2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-27 23:01].2003-01-03 c:\windows\Tasks\Symantec NetDetect.job- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-01-03 08:26]..------- Supplementary Scan -------.uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktopuDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktopmStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktopmSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktopuInternet Settings,ProxyServer = POP3:110uSearchURL,(Default) = hxxp://www.google.com/keyword/%sIE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.htmlIE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.htmlIE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.htmlIE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.htmlTCP: DhcpNameServer = 192.168.0.1.- - - - ORPHANS REMOVED - - - -.ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-12-27 13:03Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-444926962-3628611184-933506815-1008\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)@SACL=.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(528)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\Ati2evxx.dll.- - - - - - - > 'explorer.exe'(3460)c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dllc:\windows\system32\msi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\windows\system32\Ati2evxx.exec:\windows\eHome\ehRecvr.exec:\windows\eHome\ehSched.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\windows\system32\dllhost.exec:\windows\eHome\ehmsas.exec:\windows\system32\rundll32.exec:\program files\InterMute\SpySubtract\SpySub.exec:\windows\AGRSMMSG.exec:\windows\system\hpsysdrv.exec:\windows\system32\hphmon06.exec:\program files\Java\jre1.5.0\bin\jusched.exec:\program files\iTunes\iTunesHelper.exec:\program files\iPod\bin\iPodService.exe.**************************************************************************.Completion time: 2011-12-27 13:09:35 - machine was rebootedComboFix-quarantined-files.txt 2011-12-27 18:09.Pre-Run: 215,897,190,400 bytes freePost-Run: 215,809,511,424 bytes free.- - End Of File - - B1D563A48A2A93163DC61ACE04FB6C10 Link to post Share on other sites More sharing options...
Ouch3806 Posted December 27, 2011 Author ID:509820 Share Posted December 27, 2011 I get my desktop icons and normal screen saver.I still cannot access the internet. (The page cannot be displayed" error on the window "Cannot find server - Microsoft Internet Explorer"Cannot open MS Office Excel/Word/Powerpoint ... get a window "Microsoft Office 2003 Setup" asking for User name / Initials/ Organization and Product Key.None of the desktop icon appear to launch any software. Get "Could not boot the application" error. Link to post Share on other sites More sharing options...
LDTate Posted December 27, 2011 ID:509827 Share Posted December 27, 2011 My guess is you were infected if a RootKit like Zero Access.Trying to remove it can cause the issues you're havingYou can try creating a new user to see if that helps.Only other suggestion I have is to do a repair install.http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/ Link to post Share on other sites More sharing options...
Ouch3806 Posted December 27, 2011 Author ID:509932 Share Posted December 27, 2011 Any idea on why the PC isn't accessing the internet via my router?Seems like it should be able to find the router and internet and my comcast.net email. Link to post Share on other sites More sharing options...
LDTate Posted December 27, 2011 ID:509938 Share Posted December 27, 2011 The ZA infection corrupts or removes network servicesPlease download, open, and run the QueryServices.bat inside the attached zip file and post back the NetworkDetails.txt file (as an attachment) that it will create in the root of the system drive.GetNetworkInfo2.zip Link to post Share on other sites More sharing options...
Ouch3806 Posted December 27, 2011 Author ID:509952 Share Posted December 27, 2011 log from the GetNetworkInfo2:Query Services version 2 ... [sC] GetServiceConfig SUCCESSSERVICE_NAME: dhcp TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DHCP Client DEPENDENCIES : Tcpip : Afd : NetBT SERVICE_START_NAME : LocalSystem SERVICE_NAME: dhcp TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 768 FLAGS : [sC] GetServiceConfig SUCCESSSERVICE_NAME: TCPIP TYPE : 1 KERNEL_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\DRIVERS\tcpip.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 3 DISPLAY_NAME : TCP/IP Protocol Driver DEPENDENCIES : IPSec SERVICE_START_NAME : SERVICE_NAME: TCPIP TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] GetServiceConfig SUCCESSSERVICE_NAME: Afd TYPE : 1 KERNEL_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : \SystemRoot\System32\drivers\afd.sys LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : AFD DEPENDENCIES : SERVICE_START_NAME : SERVICE_NAME: Afd TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] GetServiceConfig SUCCESSSERVICE_NAME: NetBT TYPE : 1 KERNEL_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\DRIVERS\netbt.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 5 DISPLAY_NAME : NetBios over Tcpip DEPENDENCIES : Tcpip SERVICE_START_NAME : SERVICE_NAME: NetBT TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] GetServiceConfig SUCCESSSERVICE_NAME: NetBIOS TYPE : 2 FILE_SYSTEM_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\DRIVERS\netbios.sys LOAD_ORDER_GROUP : NetBIOSGroup TAG : 1 DISPLAY_NAME : NetBIOS Interface DEPENDENCIES : SERVICE_START_NAME : SERVICE_NAME: NetBIOS TYPE : 2 FILE_SYSTEM_DRIVER STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] GetServiceConfig SUCCESSSERVICE_NAME: Lmhosts TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : TCP/IP NetBIOS Helper DEPENDENCIES : NetBT : Afd SERVICE_START_NAME : NT AUTHORITY\LocalService SERVICE_NAME: Lmhosts TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 864 FLAGS : [sC] GetServiceConfig SUCCESSSERVICE_NAME: Dnscache TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DNS Client DEPENDENCIES : Tcpip SERVICE_START_NAME : NT AUTHORITY\NetworkService SERVICE_NAME: Dnscache TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 784 FLAGS : [sC] GetServiceConfig SUCCESSSERVICE_NAME: PolicyAgent TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : IPSEC Services DEPENDENCIES : RPCSS : Tcpip : IPSec SERVICE_START_NAME : LocalSystem SERVICE_NAME: PolicyAgent TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1084 (0x43c) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] GetServiceConfig SUCCESSSERVICE_NAME: Nla TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Network Location Awareness (NLA) DEPENDENCIES : Tcpip : Afd SERVICE_START_NAME : LocalSystem SERVICE_NAME: Nla TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1084 (0x43c) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] GetServiceConfig SUCCESSSERVICE_NAME: lanmanserver TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Server DEPENDENCIES : SERVICE_START_NAME : LocalSystem SERVICE_NAME: lanmanserver TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 768 FLAGS : [sC] GetServiceConfig SUCCESSSERVICE_NAME: IPSEC TYPE : 1 KERNEL_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\DRIVERS\ipsec.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 4 DISPLAY_NAME : IPSEC driver DEPENDENCIES : SERVICE_START_NAME : SERVICE_NAME: IPSEC TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [sC] GetServiceConfig SUCCESSSERVICE_NAME: RPCSS TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss LOAD_ORDER_GROUP : COM Infrastructure TAG : 0 DISPLAY_NAME : Remote Procedure Call (RPC) DEPENDENCIES : SERVICE_START_NAME : NT AUTHORITY\NetworkService SERVICE_NAME: RPCSS TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 688 FLAGS : Link to post Share on other sites More sharing options...
LDTate Posted December 28, 2011 ID:509958 Share Posted December 28, 2011 Try this:Click Start > Run and Copy/Paste these commands hitting enter after each one:net stop policyagentnet start policyagent Link to post Share on other sites More sharing options...
Ouch3806 Posted December 28, 2011 Author ID:509975 Share Posted December 28, 2011 did enter both of these run commands in sequence.Then tried to access the internet. Still get The page cannot be displayed error. Link to post Share on other sites More sharing options...
LDTate Posted December 28, 2011 ID:509976 Share Posted December 28, 2011 I'm looking at another topic that is the same as yours, if you care to read it.Seeing if they were able to fix it.http://www.bleepingcomputer.com/forums/topic429111.html/page__st__90 Link to post Share on other sites More sharing options...
LDTate Posted December 28, 2011 ID:509980 Share Posted December 28, 2011 Try this:Please copy the entire contents of the codebox below into Notepad:Open NotepadCopy the contents of the codebox below using CTRL CWindows Registry Editor Version 5.00[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]Now return to Notepad and use CTRL V to paste the scriptVerify that you have pasted the complete scriptSave the Notepad file to your Desktop as FixReg.reg using Save as Type: All filesLocate FixReg.reg on your desktopDouble click to run, and when prompted Allow the file to merge with your registryOK your way out.After that, Reboot your computer.After the reboot, we will reinstall TCP/IPGo to Start the Settings and choose Network ConnectionsRight click on your normal connection icon, and choose PropertiesClick the Install buttonChoose Protocol then click AddClick Have diskIn the drop down box, type in: C:\WINDOWS\INF and click OKIn the next dialog, click Internet Protocol (TCP/IP) then click OKClick Close to leave the properties boxAfter that, Reboot your computer and see if you have regained your connection. Link to post Share on other sites More sharing options...
Ouch3806 Posted December 28, 2011 Author ID:510011 Share Posted December 28, 2011 I am not sure of the sequence of commands you have provided:Go to Start the Settings and choose Network ConnectionsRight click on your normal connection icon, and choose PropertiesClick the Install buttonChoose Protocol then click AddClick Have diskIn the drop down box, type in: C:\WINDOWS\INF and click OKIn the next dialog, click Internet Protocol (TCP/IP) then click OKClick Close to leave the properties box- - - - Am I going from Start to the Control Panel to Network Connections?Then I am not sure how to see properties? Link to post Share on other sites More sharing options...
LDTate Posted December 28, 2011 ID:510014 Share Posted December 28, 2011 Am I going from Start to the Control Panel to Network Connections?Then I am not sure how to see properties? Double Click Network Connections to Open > Right Click on local area connect > select Properties Link to post Share on other sites More sharing options...
Ouch3806 Posted December 28, 2011 Author ID:510068 Share Posted December 28, 2011 followed the steps to update the Network Connections and rebooted.Still get the Cannot find server MS Internet Explorer window and The page cannot be displayed.Don't we need to do something with the IP provider or IP address? Maybe in the LAN Settings - advanced screen. Where POP3 used to be?I don't see Comcast.Net as my IP provider. Only MSN.com or Radio Station Guide in the favorites listing. Link to post Share on other sites More sharing options...
Ouch3806 Posted December 28, 2011 Author ID:510073 Share Posted December 28, 2011 It still appears that all my applications are showing as 'not installed', like Skype, MS Word, MS Excel, Kodak Easy Share, etc.Could all these applications still be hidden and not able to launch? Link to post Share on other sites More sharing options...
LDTate Posted December 28, 2011 ID:510203 Share Posted December 28, 2011 Did you create a new user and try that user login?Try Safe Mode, login as Administrator and see what happens.There's not much I can do about the missing software.You'll need to reinstall them.Did you re-install Comcast software / drivers?Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:IPCONFIG /release IPCONFIG /flushdns IPCONFIG /renew IPCONFIG /registerdns netsh winsock reset netsh int ip reset regsvr32 netshell.dllregsvr32 netcfgx.dllregsvr32 netman.dllExit Link to post Share on other sites More sharing options...
LDTate Posted January 3, 2012 ID:513006 Share Posted January 3, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts