This topic has been archived, and won't accept reply postings.
Bought a new computer a few weeks ago and since a few days ago I have been having problems with the internet. I haven't a clue whether it's my computer or whether it's a problem with the connection.
My pc says it's connected to the internet and UKC opens up as my homepage when I open Firefox but only half of the page appears. If I open up UKC on IE then all the page appears.
On Firefox if I then try to open any other website it simply won't load (the wee symbol that spins round and round just keeps going until I get a message saying website couldn't be found) On IE I can open a few websites but not others.
Hubbies pc is working fine and he can access everything and I can access the internet okay, wirelessly via my Android phone, suggesting the problem is with my computer.
We had a problem with our phone line last week (ie it was dead), BT fixed the problem and they have said our internet connection would be slow for 4 days after. Those 4 days have finished today. But I don't think that's the problem anyway as hubbie's pc is completely fine.
We are both connected via a cable and not wirelessly. Used to have a Belkin thing for wireless but it was crap so I went back to using a cable.
Nothing has changed on my pc, my firewall is still the same (at least I think it is! I don't even know what it's set too or how to check)
My new computer has windows 7 if that's an issue.
Any advice? And please in the most simple terms possible as I'm clueless
My pc says it's connected to the internet and UKC opens up as my homepage when I open Firefox but only half of the page appears. If I open up UKC on IE then all the page appears.
On Firefox if I then try to open any other website it simply won't load (the wee symbol that spins round and round just keeps going until I get a message saying website couldn't be found) On IE I can open a few websites but not others.
Hubbies pc is working fine and he can access everything and I can access the internet okay, wirelessly via my Android phone, suggesting the problem is with my computer.
We had a problem with our phone line last week (ie it was dead), BT fixed the problem and they have said our internet connection would be slow for 4 days after. Those 4 days have finished today. But I don't think that's the problem anyway as hubbie's pc is completely fine.
We are both connected via a cable and not wirelessly. Used to have a Belkin thing for wireless but it was crap so I went back to using a cable.
Nothing has changed on my pc, my firewall is still the same (at least I think it is! I don't even know what it's set too or how to check)
My new computer has windows 7 if that's an issue.
Any advice? And please in the most simple terms possible as I'm clueless
In reply to Sonya Mc: open firefox and disable all the pluigins and try again.
http://support.mozilla.org/en-US/kb/disable-or-remove-add-ons
http://support.mozilla.org/en-US/kb/disable-or-remove-add-ons
In reply to Sonya Mc:
Would be useful to know what your husband's PC is, operating system wise etc.
Do you know if there is any firewall / anti-virus software installed on the new PC?
As I don't do Windows anymore, and this sounds like MTU, does anyone know if Windows suffers from MTU issues?
Would be useful to know what your husband's PC is, operating system wise etc.
Do you know if there is any firewall / anti-virus software installed on the new PC?
As I don't do Windows anymore, and this sounds like MTU, does anyone know if Windows suffers from MTU issues?
In reply to gary1: How do I disable plug ins? And what does this do?
In reply to mattrm: Hubbie has Windows XP.
I have Microsoft Security Essentials on my new pc. And the firewall is just the windows firewall.
What is MTU?
I have Microsoft Security Essentials on my new pc. And the firewall is just the windows firewall.
What is MTU?
In reply to gary1: Okay, I've had a quick look at that link. If I disable all my plugins (adobe flash, windows media player etc etc) then I won't be able to do other things. Doesn't sound like a viable option. Or is this just to test to see if that's the problem, then I can turn them back on again?
In reply to gary1: Okay, I figured how to disable all plugins. Didn't make the slightest difference
In reply to Sonya Mc:
Yes, it's just for testing. However if you're having the same problem in both Firefox and IE (can you install and test with Google Chrome) then it's probably not the browser.
MTU = http://en.wikipedia.org/wiki/Maximum_transmission_unit
I've lost count of the number of internet connections (in the past few years) that I've seen which have MTU related problems. They usually show up as 'can get to one or two websites, but not any others'.
If you can get a DOS prompt open - http://www.computerhope.com/issues/chdos.htm#02 , I'd be interested to see the output of the following:
ping google.com
tracert google.com
You can copy and paste from a DOS prompt:
http://www.computerhope.com/issues/ch000805.htm - tells you how
and then copy and paste the full output into here.
Help on running tracert - http://support247webs.com/windows-traceroute.htm
Yes, it's just for testing. However if you're having the same problem in both Firefox and IE (can you install and test with Google Chrome) then it's probably not the browser.
MTU = http://en.wikipedia.org/wiki/Maximum_transmission_unit
I've lost count of the number of internet connections (in the past few years) that I've seen which have MTU related problems. They usually show up as 'can get to one or two websites, but not any others'.
If you can get a DOS prompt open - http://www.computerhope.com/issues/chdos.htm#02 , I'd be interested to see the output of the following:
ping google.com
tracert google.com
You can copy and paste from a DOS prompt:
http://www.computerhope.com/issues/ch000805.htm - tells you how
and then copy and paste the full output into here.
Help on running tracert - http://support247webs.com/windows-traceroute.htm
In reply to mattrm: Crikey! You lost me at the DOS prompt bit. I really can't do all of what you've posted above, I don't understand what is is you're saying
Like I said, I'm utterly clueless with computers. I can send emails, I can type, I can go on the internet. And that's it basically. All the stuff you've posted above is like a foreign language to me.
Like I said, I'm utterly clueless with computers. I can send emails, I can type, I can go on the internet. And that's it basically. All the stuff you've posted above is like a foreign language to me.
In reply to Sonya Mc:
I know it's pretty complex. Sorry. However, once you've got the prompt open (follow the instructions in the links in my post) then it's as simple as typing:
ping google.com (then hit enter, and you need to put spaces in)
and then follow the instructions to copy the output of that command on to here.
I know it's pretty complex. Sorry. However, once you've got the prompt open (follow the instructions in the links in my post) then it's as simple as typing:
ping google.com (then hit enter, and you need to put spaces in)
and then follow the instructions to copy the output of that command on to here.
In reply to mattrm: Ok, I will try. I managed to open the DOS prompt. Didn't realise I had to type in the ping google thing Sorry, really am thick with computers
In reply to mattrm: Right, think I've done it.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:UsersUser>ping google.com
Pinging google.com [173.194.34.137] with 32 bytes of data:
Reply from 173.194.34.137: bytes=32 time=43ms TTL=52
Reply from 173.194.34.137: bytes=32 time=42ms TTL=52
Reply from 173.194.34.137: bytes=32 time=43ms TTL=52
Reply from 173.194.34.137: bytes=32 time=43ms TTL=52
Ping statistics for 173.194.34.137:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 43ms, Average = 42ms
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:UsersUser> tracert google.com
Tracing route to google.com [173.194.34.131]
over a maximum of 30 hops:
1 37 ms 98 ms 99 ms BThomehub.home [192.168.1.254]
2 29 ms 28 ms 29 ms 217.47.106.186
3 28 ms 27 ms 29 ms 217.47.105.145
4 39 ms 37 ms 36 ms 213.1.69.186
5 37 ms 37 ms 36 ms 31.55.165.63
6 36 ms 36 ms 37 ms 31.55.165.107
7 36 ms 36 ms 36 ms acc1-10GigE-0-2-0.mr.21cn-ipp.bt.net [109.159.25
0.66]
8 45 ms 47 ms 46 ms core1-te0-5-0-1.ealing.ukcore.bt.net [109.159.25
0.20]
9 54 ms 42 ms 43 ms peer1-xe1-0-0.telehouse.ukcore.bt.net [109.159.2
54.98]
10 43 ms 43 ms 44 ms 195.99.126.111
11 42 ms 43 ms 43 ms 209.85.252.188
12 44 ms 43 ms 43 ms 209.85.253.115
13 43 ms 44 ms 43 ms lhr14s21-in-f3.1e100.net [173.194.34.131]
Trace complete.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:UsersUser>ping google.com
Pinging google.com [173.194.34.137] with 32 bytes of data:
Reply from 173.194.34.137: bytes=32 time=43ms TTL=52
Reply from 173.194.34.137: bytes=32 time=42ms TTL=52
Reply from 173.194.34.137: bytes=32 time=43ms TTL=52
Reply from 173.194.34.137: bytes=32 time=43ms TTL=52
Ping statistics for 173.194.34.137:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 43ms, Average = 42ms
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:UsersUser> tracert google.com
Tracing route to google.com [173.194.34.131]
over a maximum of 30 hops:
1 37 ms 98 ms 99 ms BThomehub.home [192.168.1.254]
2 29 ms 28 ms 29 ms 217.47.106.186
3 28 ms 27 ms 29 ms 217.47.105.145
4 39 ms 37 ms 36 ms 213.1.69.186
5 37 ms 37 ms 36 ms 31.55.165.63
6 36 ms 36 ms 37 ms 31.55.165.107
7 36 ms 36 ms 36 ms acc1-10GigE-0-2-0.mr.21cn-ipp.bt.net [109.159.25
0.66]
8 45 ms 47 ms 46 ms core1-te0-5-0-1.ealing.ukcore.bt.net [109.159.25
0.20]
9 54 ms 42 ms 43 ms peer1-xe1-0-0.telehouse.ukcore.bt.net [109.159.2
54.98]
10 43 ms 43 ms 44 ms 195.99.126.111
11 42 ms 43 ms 43 ms 209.85.252.188
12 44 ms 43 ms 43 ms 209.85.253.115
13 43 ms 44 ms 43 ms lhr14s21-in-f3.1e100.net [173.194.34.131]
Trace complete.
Hope that makes some sense to you :oD
In reply to Sonya Mc: is firefox the latest version...go to help>about and check for updates..if so then update and see what happens.Same with IE
In reply to Sonya Mc:
Yep, makes sense to me. Basically says that your network connection and link to the outside world is working ok. The fact that two browsers are having the same problem, indicates that it's probably not a browser issue (no harm in updating them if possible however). Nor is it a wonky cable.
Have you had any luck figuring out what anti-virus softare / firewall software you're running?
This link will tell you how to get to a list of installed programs:
http://windows.microsoft.com/en-US/windows/How-do-I-uninstall-antivirus-or-...
Don't uninstall anything yet, just look and see what you have.
This should tell you how to do stop/start the firewall:
http://windows.microsoft.com/en-us/windows7/Turn-Windows-Firewall-on-or-off
Finally, if you have no security software, all my windows admin mates, say that this is very good:
http://windows.microsoft.com/en-GB/windows/products/security-essentials
Yep, makes sense to me. Basically says that your network connection and link to the outside world is working ok. The fact that two browsers are having the same problem, indicates that it's probably not a browser issue (no harm in updating them if possible however). Nor is it a wonky cable.
Have you had any luck figuring out what anti-virus softare / firewall software you're running?
This link will tell you how to get to a list of installed programs:
http://windows.microsoft.com/en-US/windows/How-do-I-uninstall-antivirus-or-...
Don't uninstall anything yet, just look and see what you have.
This should tell you how to do stop/start the firewall:
http://windows.microsoft.com/en-us/windows7/Turn-Windows-Firewall-on-or-off
Finally, if you have no security software, all my windows admin mates, say that this is very good:
http://windows.microsoft.com/en-GB/windows/products/security-essentials
In reply to Sonya Mc:
And just for testing, when you get to the firewall bit, turn it off, test and then turn it back on. I don't think there will be any difference regardless of whether it's on or off. But test it and see.
And just for testing, when you get to the firewall bit, turn it off, test and then turn it back on. I don't think there will be any difference regardless of whether it's on or off. But test it and see.
In reply to mattrm: I posted my security stuff above. I've got Microsoft Security Essentials and have the windows firewall. Will try disabling it but I don't think that will help.
The computer was working fine when I first got it but it's just the last few days it's been struggling firstly to connect to facebook, and then to every other website bar UKC.
The computer was working fine when I first got it but it's just the last few days it's been struggling firstly to connect to facebook, and then to every other website bar UKC.
In reply to Indy: Haha, wish I had bought a Mac!
In reply to Sonya Mc:
Sorry, missed the security stuff.
When troubleshooting computers, you've got to test every setting possible. Even if you don't think it'll help. So worth turning the firewall off and testing.
Sorry, missed the security stuff.
When troubleshooting computers, you've got to test every setting possible. Even if you don't think it'll help. So worth turning the firewall off and testing.
In reply to mattrm: Interesting, but both IE and Firefox are not on my list of allowable programs to get through the firewall. Why will Firefox open then?
I've tried allowing both but it doesn't make any difference and I've tried disabling the firewall completely but it doesn't make any difference either
Can't understand why the computer was connecting fine to the internet when I first got it but I'm now having problems. Nothing has changed.
I've tried allowing both but it doesn't make any difference and I've tried disabling the firewall completely but it doesn't make any difference either
Can't understand why the computer was connecting fine to the internet when I first got it but I'm now having problems. Nothing has changed.
In reply to Sonya Mc: ..another thing you could do..restore from a known point..like you say..it was working ok so something has changed...
http://pcsupport.about.com/od/fixtheproblem/ht/system-restore-windows-7.htm
http://pcsupport.about.com/od/fixtheproblem/ht/system-restore-windows-7.htm
In reply to gary1: System restore wasn't turned on
Weird, everything is working again!
But this is what has been happening. For the past few days, I'll try to open facebook but it will not open, then maybe it will open after 10-20 mins. Starting happening just with facebook. But today I couldn't open anything. Now able to open everything, for the moment anyway.
But this is what has been happening. For the past few days, I'll try to open facebook but it will not open, then maybe it will open after 10-20 mins. Starting happening just with facebook. But today I couldn't open anything. Now able to open everything, for the moment anyway.
Cancel that, stopped working again FFS!
What's the point in spending hundreds of pounds on something that won't fecking work properly!
Getting really pissed off
What's the point in spending hundreds of pounds on something that won't fecking work properly!
Getting really pissed off
In reply to Sonya Mc:
Try flushing the DNS,
Press the windows key on your keyboard (it has that windows flag thing on it, between CTRL + ALT) and R together which will bring up a box titled run. Type CMD and then press enter. A Dos box will appear, type "ipconfig /flushdns" without quotes and press enter. See if that helps, I don't think it will, but its always good if just to eliminate DNS cache as causing problems.
Good Luck.
Try flushing the DNS,
Press the windows key on your keyboard (it has that windows flag thing on it, between CTRL + ALT) and R together which will bring up a box titled run. Type CMD and then press enter. A Dos box will appear, type "ipconfig /flushdns" without quotes and press enter. See if that helps, I don't think it will, but its always good if just to eliminate DNS cache as causing problems.
Good Luck.
In reply to freeclimbfreemind: Well, I managed to open facebook after trying that but I think it's coincidence to be honest. I've just opened another tab with UKC on it so I can keep fb open atleast until I can try to solve the problem.
In reply to Sonya Mc:
Wow. For someone who keeps saying "I doesn't not knows nouffin 'bout computers guvna" you are doing very well. You're original post is clear and the reasoning is sound with regard to establishing whether it is your internet connection or your PC, so bloomin’ well done mate. I hear the I can’t do it line a lot and many of them never get to the point that you are at with regard to the DOS prompt etc etc. Honestly, have a big fat pat on the back
What you have done with regard to describing access on one PC but not another is known as swap testing. You are swapping out one component in the chain in order to disprove the problem being with that component. It is a common method of diagnosis in computers, so it seems that you have a PC head already after all
1) If you’re husband’s PC and your phone connect to the web fine then certainly the problem is either your PC or your cable and because part pages load and you can get UKC that rules out your cable. So you are correct the problem is your PC.
2) If you can open some web sites even if not others in IE then the problem is not plugins in Firefox. Actually, as another swap test, it implies that the problem isn’t Firefox at all. If only one browser had the issue then it would suggest that the browser was at fault.
3) Mattrm has done some sterling work for you getting you into the DOS prompt (a scary place for sure to a novice) and the results that you have posted from there suggest that:
a) Ping: This is a bit like sonar. You send out a ping and expect a pong in return which tells you about the world around you. You received replies for all ping requests which demonstrates that you are able to see the server (google in this case – that is the most common ping request because Google’s server is almost always on and working). It also demonstrates that you can send it data requests and that it can return the data to you.
b) Tracert: This is an instruction that reports back to you all of the IP addresses for every server that your data request passes through. You don’t actually have a direct ‘line of sight’ single hop connection between you and Google’s server. You PC connects to your ISP’s server that connects to a server on the ‘backbone’ of the web that connects to the knee bone that connects to the ankle bone that connects to Google’s server. Each ‘hop’ is reported and from this, if you were able to ping Google but not receive any other sort of data, then you would be able to see at what point in the links between you and Google that the data was being prevented from passing through. That the trace reports complete tells you that there is no hold up of data between you and Google.
All of the above (1, 2, 3a and 3b) together tells us that the problem is not with your internet connection at all, both in the house (your router) and outside the house (your ISP {Internet service provider} and beyond, between you and Google or any other common server)
So the problem is your PC.
4) MTU: This is the maximum transfer unit of data that can be sent at a time. It is a little like a small person being asked to carry a large suitcase (packet of data). They would struggle and drop it (which is what happens if the packet of data is larger than the device it is passing through is capable of handling). So what you would do is ensure that all suitcases were small enough for that person to carry.
I personally would rule out the Maximum Transfer Unit (MTU) as you had no problems with your connection initially. There is an MTU on every device that uses Internet Protocol (IP), so your PC and your router, but it certainly isn’t your router’s MTU as your husbands PC and your phone both do fine through it. And I have never heard of anybody accidentally changing their MTU or using software of any sort that would do so without their understanding that that was what the software was doing.
4) Firewall and antivirus: If you can load any site on your PC then the firewall is certainly not stopping http traffic. Http is hypertext transfer protocol. It is the language that most web sites are written in and it is always transferred on a particular port. It is akin to saying that your chap with the metaphorical suitcase may only come through the side door when carrying a pink suitcase. The door is called Port 80 and only if the firewall has locked that door would the firewall be the problem. (There are other scenarios that may lead to the firewall being the problem but for multiple sites to be affected that would suggest that it was something that you had done intentionally, and so you would already be aware that the fire wall was in the mix). You asked why Firefox would open even though it is not on your list of trusted programs in the firewall. That is because the firewall won’t stop you from putting gloves on to accept the suitcase off that chap, but it will lock the door so that he can’t get in to give it to you.
The antivirus would block whole pages or protocols and would inform you that it was doing so. It is not your antivirus.
5) Haha. Your PC is ok. Macs are for people who don’t want to know what computers are *starts running the other way!*
OK, so my next suggestion may sound worrying to a novice, which is why I have gone through my reasoning to get here first. It sounds as though your PC has an infection of some sort. There are a number of common infections that are commonly missed by antivirus software because of the way that they are propagated and the way that they infect the PC. If you are interested then I can explain, with hopefully simple to understand analogies, as above, what and why but that is uncommon information that you won’t need to know after the fix anyway. If you are interested then shout up.
Wow. For someone who keeps saying "I doesn't not knows nouffin 'bout computers guvna" you are doing very well. You're original post is clear and the reasoning is sound with regard to establishing whether it is your internet connection or your PC, so bloomin’ well done mate. I hear the I can’t do it line a lot and many of them never get to the point that you are at with regard to the DOS prompt etc etc. Honestly, have a big fat pat on the back
What you have done with regard to describing access on one PC but not another is known as swap testing. You are swapping out one component in the chain in order to disprove the problem being with that component. It is a common method of diagnosis in computers, so it seems that you have a PC head already after all
1) If you’re husband’s PC and your phone connect to the web fine then certainly the problem is either your PC or your cable and because part pages load and you can get UKC that rules out your cable. So you are correct the problem is your PC.
2) If you can open some web sites even if not others in IE then the problem is not plugins in Firefox. Actually, as another swap test, it implies that the problem isn’t Firefox at all. If only one browser had the issue then it would suggest that the browser was at fault.
3) Mattrm has done some sterling work for you getting you into the DOS prompt (a scary place for sure to a novice) and the results that you have posted from there suggest that:
a) Ping: This is a bit like sonar. You send out a ping and expect a pong in return which tells you about the world around you. You received replies for all ping requests which demonstrates that you are able to see the server (google in this case – that is the most common ping request because Google’s server is almost always on and working). It also demonstrates that you can send it data requests and that it can return the data to you.
b) Tracert: This is an instruction that reports back to you all of the IP addresses for every server that your data request passes through. You don’t actually have a direct ‘line of sight’ single hop connection between you and Google’s server. You PC connects to your ISP’s server that connects to a server on the ‘backbone’ of the web that connects to the knee bone that connects to the ankle bone that connects to Google’s server. Each ‘hop’ is reported and from this, if you were able to ping Google but not receive any other sort of data, then you would be able to see at what point in the links between you and Google that the data was being prevented from passing through. That the trace reports complete tells you that there is no hold up of data between you and Google.
All of the above (1, 2, 3a and 3b) together tells us that the problem is not with your internet connection at all, both in the house (your router) and outside the house (your ISP {Internet service provider} and beyond, between you and Google or any other common server)
So the problem is your PC.
4) MTU: This is the maximum transfer unit of data that can be sent at a time. It is a little like a small person being asked to carry a large suitcase (packet of data). They would struggle and drop it (which is what happens if the packet of data is larger than the device it is passing through is capable of handling). So what you would do is ensure that all suitcases were small enough for that person to carry.
I personally would rule out the Maximum Transfer Unit (MTU) as you had no problems with your connection initially. There is an MTU on every device that uses Internet Protocol (IP), so your PC and your router, but it certainly isn’t your router’s MTU as your husbands PC and your phone both do fine through it. And I have never heard of anybody accidentally changing their MTU or using software of any sort that would do so without their understanding that that was what the software was doing.
4) Firewall and antivirus: If you can load any site on your PC then the firewall is certainly not stopping http traffic. Http is hypertext transfer protocol. It is the language that most web sites are written in and it is always transferred on a particular port. It is akin to saying that your chap with the metaphorical suitcase may only come through the side door when carrying a pink suitcase. The door is called Port 80 and only if the firewall has locked that door would the firewall be the problem. (There are other scenarios that may lead to the firewall being the problem but for multiple sites to be affected that would suggest that it was something that you had done intentionally, and so you would already be aware that the fire wall was in the mix). You asked why Firefox would open even though it is not on your list of trusted programs in the firewall. That is because the firewall won’t stop you from putting gloves on to accept the suitcase off that chap, but it will lock the door so that he can’t get in to give it to you.
The antivirus would block whole pages or protocols and would inform you that it was doing so. It is not your antivirus.
5) Haha. Your PC is ok. Macs are for people who don’t want to know what computers are *starts running the other way!*
OK, so my next suggestion may sound worrying to a novice, which is why I have gone through my reasoning to get here first. It sounds as though your PC has an infection of some sort. There are a number of common infections that are commonly missed by antivirus software because of the way that they are propagated and the way that they infect the PC. If you are interested then I can explain, with hopefully simple to understand analogies, as above, what and why but that is uncommon information that you won’t need to know after the fix anyway. If you are interested then shout up.
What I am going to advise you to do is to run a program called Combofix. It looks for DNS hijacks and Rootkits and other spyware/malware that is often missed by your antivirus. In order to run it you need to disable (temporarily) your antivirus software as the antivirus software will actually report Combofix as malware itself and will stop it from operating properly. I will link you to a tutorial/explanation of why this is necessary so that you don’t need to worry about it, but you could just take me at my word. It just means more reading if it does worry you.
You can get Combofix and read the details about it here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Firstly you need to download it, This link is from a little way down the page: http://www.bleepingcomputer.com/download/combofix/
Only ever acquire Combofix from Bleepingcomputer.
Once you have saved it to your PC (remember where you saved it to – ideally it’s easiest to save it to the desktop), you will need to disable your antvirus. Most antivirus have an icon in the Systray (where the clock is at the bottom right) that if you right click on it you will see an option to disable/turn of the protection. Most antivirus programs will automatically come back on when the PC is restarted, but if it doesn’t then just right click the antivirus systray icon again when you’re done and re-enable it.
So with Combofix downloaded and your antivirus off, you can now right click on Combofix and select “Run as administrator”. This gives combofix all of the rights that it needs to do it’s job. It is a little like giving it the keys to your house so that it can get into every room and look for boobytraps (malware).
Whilst Combofix runs it will ask you a couple of questions. It may ask about your antivirus even though you have disabled it. If you have disabled it then just ignore the warning and click OK, then click OK again when it asks are you sure you turned the antivirus off.
Also it may ask if you want to install the “Recovery Console” and will state that you need an internet connection to do this. Just click no. The recovery console is a Microsoft package that is a diagnosis extension to Windows. You will probably never use it and you certainly don’t need it for this job.
Combofix will then tell you it is trying to set a restore point and will then tell you that it is scanning and that it will take about 10 minutes but that scan times on heavily infected machines may easily double. Then sit back and relax whilst it does it’s work. Do not open any programs whilst it is running. It may need exclusive access to a program process and you opening that or another program could inhibit this. Basically just watch it and be bemused for 10 mins.
At the end of the process (during which there may be a reboot) Combofix will plaster your screen with a text file that details what it has done. Don’t do anything until this has appears, even if it has rebooted. This text file will show up at the end of the process regardless. At the top of the file it will have a heading called “Other deletions”. If there is anything under this heading then there was indeed an infection and you will probably find that your whole problem is now solved.
Read this post, then re-read it and either go for it, or if you are still unsure and would like some 3rd line technical support then send me a PM on here and I’ll email you my phone number and talk you through it whilst you do the job. I am on a mobile only but have oooooodles of minutes for calling landline and mobiles so if that call were to cost you I can always call you.
Get in touch if you need and if you don’t then good luck and post on here to let us know how you went on.
Regards
EZ
You can get Combofix and read the details about it here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Firstly you need to download it, This link is from a little way down the page: http://www.bleepingcomputer.com/download/combofix/
Only ever acquire Combofix from Bleepingcomputer.
Once you have saved it to your PC (remember where you saved it to – ideally it’s easiest to save it to the desktop), you will need to disable your antvirus. Most antivirus have an icon in the Systray (where the clock is at the bottom right) that if you right click on it you will see an option to disable/turn of the protection. Most antivirus programs will automatically come back on when the PC is restarted, but if it doesn’t then just right click the antivirus systray icon again when you’re done and re-enable it.
So with Combofix downloaded and your antivirus off, you can now right click on Combofix and select “Run as administrator”. This gives combofix all of the rights that it needs to do it’s job. It is a little like giving it the keys to your house so that it can get into every room and look for boobytraps (malware).
Whilst Combofix runs it will ask you a couple of questions. It may ask about your antivirus even though you have disabled it. If you have disabled it then just ignore the warning and click OK, then click OK again when it asks are you sure you turned the antivirus off.
Also it may ask if you want to install the “Recovery Console” and will state that you need an internet connection to do this. Just click no. The recovery console is a Microsoft package that is a diagnosis extension to Windows. You will probably never use it and you certainly don’t need it for this job.
Combofix will then tell you it is trying to set a restore point and will then tell you that it is scanning and that it will take about 10 minutes but that scan times on heavily infected machines may easily double. Then sit back and relax whilst it does it’s work. Do not open any programs whilst it is running. It may need exclusive access to a program process and you opening that or another program could inhibit this. Basically just watch it and be bemused for 10 mins.
At the end of the process (during which there may be a reboot) Combofix will plaster your screen with a text file that details what it has done. Don’t do anything until this has appears, even if it has rebooted. This text file will show up at the end of the process regardless. At the top of the file it will have a heading called “Other deletions”. If there is anything under this heading then there was indeed an infection and you will probably find that your whole problem is now solved.
Read this post, then re-read it and either go for it, or if you are still unsure and would like some 3rd line technical support then send me a PM on here and I’ll email you my phone number and talk you through it whilst you do the job. I am on a mobile only but have oooooodles of minutes for calling landline and mobiles so if that call were to cost you I can always call you.
Get in touch if you need and if you don’t then good luck and post on here to let us know how you went on.
Regards
EZ
In reply to Sonya Mc:
Definitely worth flushing the dns. Try that first.
Is is possible to take your PC to another place with an internet connection and see if it works ok there? A local cafe with free wifi? Or a mate's house?
Definitely worth flushing the dns. Try that first.
Is is possible to take your PC to another place with an internet connection and see if it works ok there? A local cafe with free wifi? Or a mate's house?
In reply to EZ: Aww thanks All that stuff in your first post makes sense.
If I download that thing you suggested and it finds something dodgy, what will I do with it? You mention that if there is anything under the heading "other deletions" then there was an infection but it will now be solved. Does this mean that Combofix finds stuff *and* fixes it (or gets rid of it) and that's why the fix is in the title?
Also, I can't actually disable Microsoft Security Essentials. I'd have to prevent it starting when the pc is turned on. But that sounds complicated (and although you think I'm probably capable, believe me my head is scrambled just now with computer guff
However, I can turn off real time protection, will this be enough to be able to run Combofix? And is Combofix easy enough to uninstall after I have used it.
If I download that thing you suggested and it finds something dodgy, what will I do with it? You mention that if there is anything under the heading "other deletions" then there was an infection but it will now be solved. Does this mean that Combofix finds stuff *and* fixes it (or gets rid of it) and that's why the fix is in the title?
Also, I can't actually disable Microsoft Security Essentials. I'd have to prevent it starting when the pc is turned on. But that sounds complicated (and although you think I'm probably capable, believe me my head is scrambled just now with computer guff
However, I can turn off real time protection, will this be enough to be able to run Combofix? And is Combofix easy enough to uninstall after I have used it.
In reply to mattrm: I tried the flush but it hasn't worked. I was able to open facebook momentarily after doing it but I think that was coincidence.
As a matter of interest, it seems that all websites are opening fine now (albeit slowly) apart from facebook which only opens when it feels like it, ie it's only opened once today. No point keeping the tab open as when you go to refresh it, it won't refresh.
As a matter of interest, it seems that all websites are opening fine now (albeit slowly) apart from facebook which only opens when it feels like it, ie it's only opened once today. No point keeping the tab open as when you go to refresh it, it won't refresh.
In reply to Sonya Mc:
Combofix produces a folder called "Qoobox" on the root of your C: drive (C:/Qoobox) and places all infected files in there. It is a quarantine and is used in case a malware removal causes problems (I have NEVER known that to be the case) and you need access to the files removed. So yes, it does fix as well as scan.
Combofix doesn't install. It 'just runs'.
The Bleepingcomputer download link times out after ten minutes because they move it round on their servers to prevent anybody from hijacking the original files. This is a security protocol on their part to ensure the integrity of the file because people who use it will have [temporarily] turned off some of their own security. (I know that you didn't ask this, but I thought it pertinent to add)
Turning off Microsoft Security Essentials Realtime Protection is exactly the same as temporarily disabling antivirus software. After the job is completed, just check that it has turned itself back on.
One more thing that I've just thought of. Combofix will close all of your open programs when it starts scanning, so make sure that you have any part finished work saved before you run it.
Lastly, two things, (unless you have more questions, which are welcomed if you do) I have a Qoobox folder on my PC (I run Combofix periodically). Once the job is done, just ignore this folder and delete the Combofix file. The second thing is that there is no point in keeping the version of Combofix that you have downloaded because after a few days, if you were to run it, it would claim that it is out of date and require you to download a new copy. This is because malware is constantly evolving and the authors of Combofix are constantly updating the tool in order to account for new malware that is developed.
And one last side bar: If you are ever infected by scareware that looks like an antivirus program and tells you that you have dozens of infections and then directs you to a site where you can buy their fix for all of the problems that it is reporting, go straight to bleepingcomputer, do not pass go, do not spend £39.95 on their fix that removes the problem that they caused, download Combofix and do this again. That type of infection is called a rootkit and is the most common 'gets in under your antivirus' infection. Commonly these infections tout themselves as "Antivirus 2012" or "PC Protection Plus" type names.
Combofix produces a folder called "Qoobox" on the root of your C: drive (C:/Qoobox) and places all infected files in there. It is a quarantine and is used in case a malware removal causes problems (I have NEVER known that to be the case) and you need access to the files removed. So yes, it does fix as well as scan.
Combofix doesn't install. It 'just runs'.
The Bleepingcomputer download link times out after ten minutes because they move it round on their servers to prevent anybody from hijacking the original files. This is a security protocol on their part to ensure the integrity of the file because people who use it will have [temporarily] turned off some of their own security. (I know that you didn't ask this, but I thought it pertinent to add)
Turning off Microsoft Security Essentials Realtime Protection is exactly the same as temporarily disabling antivirus software. After the job is completed, just check that it has turned itself back on.
One more thing that I've just thought of. Combofix will close all of your open programs when it starts scanning, so make sure that you have any part finished work saved before you run it.
Lastly, two things, (unless you have more questions, which are welcomed if you do) I have a Qoobox folder on my PC (I run Combofix periodically). Once the job is done, just ignore this folder and delete the Combofix file. The second thing is that there is no point in keeping the version of Combofix that you have downloaded because after a few days, if you were to run it, it would claim that it is out of date and require you to download a new copy. This is because malware is constantly evolving and the authors of Combofix are constantly updating the tool in order to account for new malware that is developed.
And one last side bar: If you are ever infected by scareware that looks like an antivirus program and tells you that you have dozens of infections and then directs you to a site where you can buy their fix for all of the problems that it is reporting, go straight to bleepingcomputer, do not pass go, do not spend £39.95 on their fix that removes the problem that they caused, download Combofix and do this again. That type of infection is called a rootkit and is the most common 'gets in under your antivirus' infection. Commonly these infections tout themselves as "Antivirus 2012" or "PC Protection Plus" type names.
In reply to EZ: Just read the stuff about Combofix. It mentions that if you don't install the recovery console then the program won't attempt to fix some serious infections.
It also says that it might not be able to fix everything.
It also says that it might not be able to fix everything.
In reply to Sonya Mc:
I was actually unaware of that! Thanks. I have never needed to install the RC to solve infections that I have been using combofix to resolve. So in my experience I wouldn't do it but if you are concerned by what Bleepingcomputer says then follow their instructions. They are the experts.
I was actually unaware of that! Thanks. I have never needed to install the RC to solve infections that I have been using combofix to resolve. So in my experience I wouldn't do it but if you are concerned by what Bleepingcomputer says then follow their instructions. They are the experts.
In reply to EZ: So I just downloaded combofix. It didn't even stop to ask if I wanted the recovery thing installed, it just went ahead and did everything it wanted to without asking me!
It said it deleted temporary internet files, then gave a whole list of files that were created between May and now. Then there was a load of stuff under the title Find 3M Report, then Reg Loading Points, then Other services/drivers in memory, then x64 entries, then supplementary scan, then Orphans removed (adobe shockwave uninstaller,run adobe bridge), then locked registry keys, then finally Other running processes.
I assume any infections would have been under the deleted files section? In which case nothing was found and only the temporary internet files were deleted.
Anyway, it hasn't made any difference to being able to load facebook. Everything else seems to be loading okay now though.
Perhaps there is a problem between Windows & and Facebook? (although that wouldn't explain why I couldn't load anything bar UKC this morning)
It said it deleted temporary internet files, then gave a whole list of files that were created between May and now. Then there was a load of stuff under the title Find 3M Report, then Reg Loading Points, then Other services/drivers in memory, then x64 entries, then supplementary scan, then Orphans removed (adobe shockwave uninstaller,run adobe bridge), then locked registry keys, then finally Other running processes.
I assume any infections would have been under the deleted files section? In which case nothing was found and only the temporary internet files were deleted.
Anyway, it hasn't made any difference to being able to load facebook. Everything else seems to be loading okay now though.
Perhaps there is a problem between Windows & and Facebook? (although that wouldn't explain why I couldn't load anything bar UKC this morning)
In reply to Sonya Mc:
OK. It is possible that a 'hijack' was pointing you too a temporary internet file as the payload of an infection. Unusual but not outside the realms and would be an answer as to why the problems are 'essentially' dealt with.
If you are feeling a little more confident around the machine now, I have one more suggestion for you. A program called Hijack This and some more advice from me about what it reports. It is a very powerful program that needs care so second guess all of your mouse clicks, meaning make sure you are clicking what you think you are clicking.
You can get it from here: http://sourceforge.net/projects/hjt/
Download it, right click on it and run it as administrator then in the "Main Menu" click "Do a system scan and save a log file."
The log file will open in notepad or wordpad or another text editor. Copy the contents and either email them to me or post here and I'll have a look. There is NO risk to doing a scan. At this stage it is entirely informative and not actually making any changes to your machine.
Kudos to you so far.
OK. It is possible that a 'hijack' was pointing you too a temporary internet file as the payload of an infection. Unusual but not outside the realms and would be an answer as to why the problems are 'essentially' dealt with.
If you are feeling a little more confident around the machine now, I have one more suggestion for you. A program called Hijack This and some more advice from me about what it reports. It is a very powerful program that needs care so second guess all of your mouse clicks, meaning make sure you are clicking what you think you are clicking.
You can get it from here: http://sourceforge.net/projects/hjt/
Download it, right click on it and run it as administrator then in the "Main Menu" click "Do a system scan and save a log file."
The log file will open in notepad or wordpad or another text editor. Copy the contents and either email them to me or post here and I'll have a look. There is NO risk to doing a scan. At this stage it is entirely informative and not actually making any changes to your machine.
Kudos to you so far.
Oh and there is certainly no mismatch between Windows and Facebook. This problem is still local on your machine.
In reply to EZ: Ok, have done that. Will email you the report as it's pretty big!
In reply to Sonya Mc:
OK great. I'm off out now but I'll have my phone with me so when I get to work I'll have a look and get back to you probably by about 18:00. Hope that timing is OK.
OK great. I'm off out now but I'll have my phone with me so when I get to work I'll have a look and get back to you probably by about 18:00. Hope that timing is OK.
In reply to EZ: Can't do it as a PM as it's too big, too big to even post on here as one post! Will have to do it in 2 halfs. First half below.
Scan saved at 14:01:27, on 29/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:Program Files (x86)SkypePhoneSkype.exe
C:Program Files (x86)iTunesiTunesHelper.exe
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:Program Files (x86)Mozilla Firefoxfirefox.exe
C:Program Files (x86)Mozilla Firefoxplugin-container.exe
C:UsersUserDownloadsHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://bt.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~2MICROS~3Office14GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MICROS~3Office14URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll
O4 - HKLM..Run: [HDAudDeck] C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
O4 - HKLM..Run: [StartCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [BCSSync] "C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe" /DelayServices
O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"
O4 - HKLM..Run: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"
O4 - HKLM..Run: [SwitchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
O4 - HKLM..Run: [AdobeCS6ServiceManager] "C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe" -launchedbylogin
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
O4 - HKCU..Run: [Skype] "C:Program Files (x86)SkypePhoneSkype.exe" /minimized /regrun
Scan saved at 14:01:27, on 29/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:Program Files (x86)SkypePhoneSkype.exe
C:Program Files (x86)iTunesiTunesHelper.exe
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:Program Files (x86)Mozilla Firefoxfirefox.exe
C:Program Files (x86)Mozilla Firefoxplugin-container.exe
C:UsersUserDownloadsHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://bt.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~2MICROS~3Office14GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MICROS~3Office14URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll
O4 - HKLM..Run: [HDAudDeck] C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
O4 - HKLM..Run: [StartCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [BCSSync] "C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe" /DelayServices
O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"
O4 - HKLM..Run: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"
O4 - HKLM..Run: [SwitchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
O4 - HKLM..Run: [AdobeCS6ServiceManager] "C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe" -launchedbylogin
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
O4 - HKCU..Run: [Skype] "C:Program Files (x86)SkypePhoneSkype.exe" /minimized /regrun
And second half here,
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~3Office14EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:PROGRA~2MICROS~3Office14ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:ProgramDataEPSONEPW!3 SSRPE_S30RP1.EXE
O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:Windowssystem32viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)
--
End of file - 8378 bytes
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~3Office14EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:PROGRA~2MICROS~3Office14ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:ProgramDataEPSONEPW!3 SSRPE_S30RP1.EXE
O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:Windowssystem32viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)
--
End of file - 8378 bytes
In reply to Sonya Mc:
Nice one. I'll do some reading and aim for the same timetable as noted above.
And well done you! Honestly. From your first post and in just one day you have done amazingly.
Nice one. I'll do some reading and aim for the same timetable as noted above.
And well done you! Honestly. From your first post and in just one day you have done amazingly.
In reply to EZ: Thankyou so much You're a gem
ps - I have also kept the hijack thing open, you can fix things, scan things, analyse things etc. I've had a nosey at things by highlighting certain items and asking for more info but it's all gobbldigook.
ps - I have also kept the hijack thing open, you can fix things, scan things, analyse things etc. I've had a nosey at things by highlighting certain items and asking for more info but it's all gobbldigook.
In reply to Sonya Mc:
I kid you not, that is how I learned everything I know about computers. Trial and error and reading. I even got a job with Fujitsu on the back of being self taught but decided that corporate support and repair was boring. Independent end users such as yourself are much more of a pleasure to work with, tend to have more interesting problems and are 100% more grateful.
I kid you not, that is how I learned everything I know about computers. Trial and error and reading. I even got a job with Fujitsu on the back of being self taught but decided that corporate support and repair was boring. Independent end users such as yourself are much more of a pleasure to work with, tend to have more interesting problems and are 100% more grateful.
In reply to EZ: Well if corporate support and repair involved sifting through this computer guff all day, boring, yes! I'd end up with a constant headache. Not sure my problem is 'interesting' though, being unable to access facebook doesn't really seem high on interesting stakes :oD
In reply to Sonya Mc:
What EZ says, you learn stuff with PCs by endless fiddling and googling. It's fairly hard to break things most of the time. Unless you really do go deleting and removing files willy-nilly.
Had a look through that and while it's been a couple of years since I've had to look at a windows system in anger, I can't see anything out of the ordinary there personally.
Personally, I still think it might be a MTU issue. As you've only had the PC for a short period of time and you've been using MSE and the Windows Firewall.
If you do fancy testing an MTU change out, here's a good how to:
http://www.richard-slater.co.uk/archives/2009/10/23/change-your-mtu-under-v...
I'd try 1492 as a starter setting. You can change it back, just make a note of the inital setting. Yes, it's a complex thing to do, but you've done ok so far. But only if you want to. Or wait for EZ and try it with him on the phone.
What EZ says, you learn stuff with PCs by endless fiddling and googling. It's fairly hard to break things most of the time. Unless you really do go deleting and removing files willy-nilly.
Had a look through that and while it's been a couple of years since I've had to look at a windows system in anger, I can't see anything out of the ordinary there personally.
Personally, I still think it might be a MTU issue. As you've only had the PC for a short period of time and you've been using MSE and the Windows Firewall.
If you do fancy testing an MTU change out, here's a good how to:
http://www.richard-slater.co.uk/archives/2009/10/23/change-your-mtu-under-v...
I'd try 1492 as a starter setting. You can change it back, just make a note of the inital setting. Yes, it's a complex thing to do, but you've done ok so far. But only if you want to. Or wait for EZ and try it with him on the phone.
In reply to mattrm: Thanks, I tried the change but it didn't work. I followed the first step and the size of my packet is 1504.
But the second step didn't do the same thing that the link suggested it should. I typed into CMD the following,
ping www.cantreachthis.com-f-11492 and the following occured;
request timed out (this came up 4x)
ping statistics sent =4, received = 0, lost =4 (100% loss)
The way the link has step 2, it should be typed ping www.cantreachthis.com -f -1 1492 but if you type it with spaces it just says it's a bad request.
I tried several times with different numbers between 1492 and 1504 but the same message appeared every time.
I'm kind of gathering that this may mean there is no problem with the MTU?
But the second step didn't do the same thing that the link suggested it should. I typed into CMD the following,
ping www.cantreachthis.com-f-11492 and the following occured;
request timed out (this came up 4x)
ping statistics sent =4, received = 0, lost =4 (100% loss)
The way the link has step 2, it should be typed ping www.cantreachthis.com -f -1 1492 but if you type it with spaces it just says it's a bad request.
I tried several times with different numbers between 1492 and 1504 but the same message appeared every time.
I'm kind of gathering that this may mean there is no problem with the MTU?
Anyway, for the past hour, the internet seems to be functioning as normal, with just facebook being a bit slower to load up than normal, but it is opening now. Just keeping an eye on it to see if it slows down again.
In reply to Sonya Mc:
If it's working ok, then I'd leave it.
However, the example in that www.cantreachthis.com, is never going to work, you need to put a proper URL in there. i.e. if Facebook is going slow, use:
ping www.facebook.com -f -l 1492
Also you've put a number, -1 (one) in and it's supposed to be the letter 'L' in lowercase. If you copy what I've put in there above you should get something more sensible. You were trying to do something totally different with the command you used, as you'd run it all together it was interpreting the whole thing as a hostname, which is why it didn't work. Just to explain what's going on there. Hope that makes sense.
What this bit:
"ping statistics sent =4, received = 0, lost =4 (100% loss)"
Tells you is that 4 ping's were sent, but none came back, so the site couldn't be reached at all.
If it's working ok, then I'd leave it.
However, the example in that www.cantreachthis.com, is never going to work, you need to put a proper URL in there. i.e. if Facebook is going slow, use:
ping www.facebook.com -f -l 1492
Also you've put a number, -1 (one) in and it's supposed to be the letter 'L' in lowercase. If you copy what I've put in there above you should get something more sensible. You were trying to do something totally different with the command you used, as you'd run it all together it was interpreting the whole thing as a hostname, which is why it didn't work. Just to explain what's going on there. Hope that makes sense.
What this bit:
"ping statistics sent =4, received = 0, lost =4 (100% loss)"
Tells you is that 4 ping's were sent, but none came back, so the site couldn't be reached at all.
In reply to mattrm: Ah, haha, ooops! See, I am computer thick :oD
In reply to mattrm: So step 2 kinda worked this time. Pings were sent and came back with 1472 packets but were needing fragmented at 1477 packets. Between 1472 and 1477 packets the request timed out. So I'm thinking that I should change to 1500 packets as that is 1472 add 28.
I went to change it but it said I needed to use an elevated CMD as an administrator. Not sure how to do that?
I went to change it but it said I needed to use an elevated CMD as an administrator. Not sure how to do that?
In reply to mattrm: Actually, it's okay, I've figured out how to do that
In reply to mattrm and EZ: Well, it seems to be working a bit faster since changing the MTU. But we'll see whether that's coincidence or not (being cynical I know :oD
Can you explain exactly what is it that I have changed (in layman's terms?)
Can you explain exactly what is it that I have changed (in layman's terms?)
Oooh just read through your posts again EZ. So if I have made the MTU smaller, then basically my wee manny carrying is carrying a smaller suitcase
Interestingly (or not :oD ) the wiki link for MTUs suggests that packets of 1500 are the maximum size? Yet mine was set to 1504.
Interestingly (or not :oD ) the wiki link for MTUs suggests that packets of 1500 are the maximum size? Yet mine was set to 1504.
Anyhoo, away out with my doggy. Hopeful things will still be working well when I get back
In reply to Sonya Mc:
Agg
My computer is having a spaz attack.
I tried running Combofix on my Windows 7 64Bit computer to see if it would find anything.
I shut down my firewall and MSE anti-virus. The app ran as expected, the computer re-booted and when I logged back into my own account all hell broke lose and is still running riot.
Every milli-second or so a window pops up and shuts down just as fast. Its like watching some sort of melt down and I can't feking turn my computer off or stop the app running.
What can I do to regain control of my PC?
Agggggggg
Agg
My computer is having a spaz attack.
I tried running Combofix on my Windows 7 64Bit computer to see if it would find anything.
I shut down my firewall and MSE anti-virus. The app ran as expected, the computer re-booted and when I logged back into my own account all hell broke lose and is still running riot.
Every milli-second or so a window pops up and shuts down just as fast. Its like watching some sort of melt down and I can't feking turn my computer off or stop the app running.
What can I do to regain control of my PC?
Agggggggg
In reply to Sonya Mc:
Yes, basically, the larger the number the more data sent in a packet. The old maximum MTU was 1500, however, there are these things call 'Jumbo Frames' which allow for up to 9000. Which is why you might have seen it at 1504, which is why some sites can't deal with the request, they don't understand the 1504, but others, which are basically setup properly, can.
As I mentioned, I'd try 1492, but 1500 is worth a shot, if you've tried that and it's all ok, then that's good really.
Yes, basically, the larger the number the more data sent in a packet. The old maximum MTU was 1500, however, there are these things call 'Jumbo Frames' which allow for up to 9000. Which is why you might have seen it at 1504, which is why some sites can't deal with the request, they don't understand the 1504, but others, which are basically setup properly, can.
As I mentioned, I'd try 1492, but 1500 is worth a shot, if you've tried that and it's all ok, then that's good really.
In reply to The Lemming:
I'm so glad that I followed Dominion's advice months ago and created two accounts, one admin and one pleb.
If I could not open the admin account then I'd have been screwed. Not playing with that app again.
I'm so glad that I followed Dominion's advice months ago and created two accounts, one admin and one pleb.
If I could not open the admin account then I'd have been screwed. Not playing with that app again.
In reply to Sonya Mc:
Been reading the thread and just wanted to say kudos to EZ & mattrm for the time & effort in helping Sonya! Great effort guys! I've learnt a LOT today!
@Sonya - I notice I can't access FB today either so there might be a problem with FB?
Been reading the thread and just wanted to say kudos to EZ & mattrm for the time & effort in helping Sonya! Great effort guys! I've learnt a LOT today!
@Sonya - I notice I can't access FB today either so there might be a problem with FB?
In reply to Sonya Mc:
There is nothing in your log file that's related to your problem. So that's nice.
If Facebook continues to load badly then send me a PM and I'll have a bit more of a think about it but with regards to actual errors I don't think there are any glaringly obvious ones from what you've described and what you HJT log shows.
There is nothing in your log file that's related to your problem. So that's nice.
If Facebook continues to load badly then send me a PM and I'll have a bit more of a think about it but with regards to actual errors I don't think there are any glaringly obvious ones from what you've described and what you HJT log shows.
In reply to EZ:
Any idea what went tits up, as I followed the guide?
My puter has two accounts, an admin and a regular account, is this where the problem started?
> (In reply to The Lemming)
>
> Glad you've got out of it. NB repair tools are not toys.
>
> Glad you've got out of it. NB repair tools are not toys.
Any idea what went tits up, as I followed the guide?
My puter has two accounts, an admin and a regular account, is this where the problem started?
In reply to mattrm: 1492 didn't work, the lowest that worked was 1472, so I added 28 to that and changed it.
In reply to Padraig: Yeah, it was just weird that I could access facebook on Streap's pc and on my phone, but not on my pc. But sure Sutty said he was having problems with fb too. Also wouldn't explain why I was having trouble loading other sites this morning too.
All is still well at the moment, so what ever the issue was, hopefully it has resolved.
All is still well at the moment, so what ever the issue was, hopefully it has resolved.
In reply to EZ: Oh goody Thanks ever so much again for your help. If you're ever up our way, we'll buy you a pint
In reply to Sonya Mc:
If I'm ever up your way I'll drink it. And please feel free to give me a kick if your stuck in future.
If I'm ever up your way I'll drink it. And please feel free to give me a kick if your stuck in future.
In reply to mattrm:
All the suggestions of 1492 above seem rubbish. 1472 would be a better bet.
> (In reply to Sonya Mc)
>
> As I mentioned, I'd try 1492, but 1500 is worth a shot, if you've tried that and it's all ok, then that's good really.
>
> As I mentioned, I'd try 1492, but 1500 is worth a shot, if you've tried that and it's all ok, then that's good really.
All the suggestions of 1492 above seem rubbish. 1472 would be a better bet.
This topic has been archived, and won't accept reply postings.
Elsewhere on the site
Loading Notifications...