lgg733
asked on
Web sites loading incorrectly on all browsers
Working on a strange issue for a client. After an unexpected power outage most webpages will not load correctly in all browsers. I did the obvious stuff like clear temp files, re-install browsers as well as plug-ins like flash and no go. Did a system restore as far back as possible. Disabled all unnecessary services. Checked internet connection which is all right on other computers.
I am at a loss. Basically pages do not fully load and images/video of misplaced. Again this is in all browsers, chrome, firefox, and IE which have all been re-installed. It is a windows 7 machine
Does anyone have any ideas.
I am at a loss. Basically pages do not fully load and images/video of misplaced. Again this is in all browsers, chrome, firefox, and IE which have all been re-installed. It is a windows 7 machine
Does anyone have any ideas.
ASKER
You don't think that disabling the software would be enough, it would need to be uninstalled?
You cannot disable av as it run in the background...what you can try is... boot in safe mode with networking...try browsing websites...if it works then the problem is caused by your security software.
To boot in safe mode with networking by tapping F8 key on boot.
Ded9
To boot in safe mode with networking by tapping F8 key on boot.
Ded9
ASKER
Sorry I didn't mention above but I did this. Issue exists withing safe mode with networking.
Open my computer - right click on  C drive- properties- click on tools tab-click on check now and put a check on automatically fix error...reboot the computer and it will fix errors on boot...
Ded9
Ded9
ASKER
Good call, did not try this yet. Will let you know. Thanks
If still no go, run a malwarebytes scan, could be a trace of malware in there that couldn't get a complete foothold but is causing issues.
www.malwarebytes.org
 quck scan should be sufficient.
If still no go, then run hijack this and post the log here.
www.malwarebytes.org
 quck scan should be sufficient.
If still no go, then run hijack this and post the log here.
ASKER
No the person is not using avira.
If the above does not work then close all apps and then run this fixit
http://support.microsoft.com/mats/ie_performance_and_safety/
Reboot computer and check....can also try new user account...user account might be corrupted.
Ded9
http://support.microsoft.com/mats/ie_performance_and_safety/
Reboot computer and check....can also try new user account...user account might be corrupted.
Ded9
ASKER
I am working with this person remotely so I will have them try suggestions and report back. Thanks for the suggestions
It is very possible that the PC is infected with a virus/malware...run combofix on the PC (admin login required) let us know if combofix detects a rootkit malware.
Whew, caution on that one, combo fix is an awesome program, but having to do it remotely might create issues.... and having a user/client do it, I would caution to follow all directions....
ASKER
Yeah the user is doing everything themselves, I am helping via email, cant do remote access at this time. I am waiting to hear back on the other suggestions before running combo fix.
I hope only the first option was selected and not the second one...second one to check for bad sectors will take more than 5 hours. First option will be completed within 15 or max 30 minutes.
Ded9
Ded9
As long as user reads prompts back to you and you instruct then there should be no issues, I recommend you helping user get u RDP into the box and then you can run combofix.....via email...very difficult to troubleshoot :(
ASKER
I agree if RDP was an option I would have used it straight away. In this situation it is not possible.
Does the user have admin access?
ASKER
Yes user does have admin access
have the user install teamviewer (free) and you can install on ur PC and gain remote access :)
ASKER
Ok I was check disk did not find any issues and neither did malwarebytes. Here is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:08 PM, on 11/4/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\Version6\ TeamViewer .exe
C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4 .exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportConnect.e xe
C:\Users\Derek\AppData\Loc al\Google\ Update\Goo gleUpdate. exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Users\Derek\AppData\Loc al\Google\ Update\1.3 .21.79\Goo gleCrashHa ndler.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VC DDaemon.ex e
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper. exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Derek\AppData\Loc al\Google\ Chrome\App lication\c hrome.exe
C:\Users\Derek\AppData\Loc al\Google\ Chrome\App lication\c hrome.exe
C:\Windows\SysWOW64\rund ll32.exe
C:\Users\Derek\AppData\Loc al\Google\ Chrome\App lication\c hrome.exe
C:\Users\Derek\AppData\Loc al\Google\ Chrome\App lication\c hrome.exe
C:\Users\Derek\AppData\Loc al\Google\ Chrome\App lication\c hrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThi s.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\In ternet Explorer\Toolbar,LinksFold erName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0 BBC1D38A37 E} - C:\PROGRA~2\MICROS~1\Offic e14\GROOVE EX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5 164760863C 6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-4 2B3008E02F F} - C:\PROGRA~2\MICROS~1\Offic e14\URLRED IR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-0 3dc2f38c34 f} - "C:\Program Files (x86)\Microsoft\BingBar\Bi ngExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9 C25C1C588A 9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv .dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8 fa844297b3 f} - "C:\Program Files (x86)\Microsoft\BingBar\Bi ngExt.dll" (file missing)
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VC DDaemon.ex e" /s
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw itchBoard. exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper. exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.ex e" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceMa nager\CS5. 5ServiceMa nager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyN ot.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe " /background
O4 - HKCU\..\Run: [iTeleportConnect] "C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportConnect.e xe" -autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Derek\AppData\Lo cal\Google \Update\Go ogleUpdate .exe" /c
O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadm in.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadm in.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [iTeleportService] "C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.e xe" -autostart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iTeleportService] "C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.e xe" -autostart (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1 \Office14\ EXCEL.EXE/ 3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleTo olbarDynam ic_mui_en_ 7461B1589E 8B4FB7.dll /cmsidewik i.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1 \Office14\ ONBttnIE.d ll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.d ll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.d ll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-E DE0DB0C95C A} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELi nkedNotes. dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-E DE0DB0C95C A} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELi nkedNotes. dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-0 0B0D022E94 5} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.D LL
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService ) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg .exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.ex e (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesr xx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS ervice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde r.exe
O23 - Service: @%SystemRoot%\system32\efs svc.dll,-1 00 (EFS) - Unknown owner - C:\Windows\System32\lsass. exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxs resm.dll,- 118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc .exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\Google Update.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\Google Update.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass. exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc. exe (file missing)
O23 - Service: @%systemroot%\system32\psb ase.dll,-3 00 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass. exe (file missing)
O23 - Service: @%systemroot%\system32\Loc ator.exe,- 2 (RpcLocator) - Unknown owner - C:\Windows\system32\locato r.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sam srv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass. exe (file missing)
O23 - Service: @%systemroot%\system32\spo olsv.exe,- 1 (Spooler) - Unknown owner - C:\Windows\System32\spools v.exe (file missing)
O23 - Service: @%SystemRoot%\system32\spp svc.exe,-1 01 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc .exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~2\ENIGMA~1\SPYHU N~1\SH4SER ~1.EXE
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw itchBoard. exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\ TeamViewer _Service.e xe
O23 - Service: @%SystemRoot%\system32\ui0 detect.exe ,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Det ect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vau ltsvc.dll, -1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass. exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds .exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.ex e (file missing)
O23 - Service: @%systemroot%\system32\vss vc.exe,-10 2 (VSS) - Unknown owner - C:\Windows\system32\vssvc. exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat \WatUX.exe ,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\Wa tAdminSvc. exe (file missing)
O23 - Service: @%systemroot%\system32\wbe ngine.exe, -104 (wbengine) - Unknown owner - C:\Windows\system32\wbengi ne.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbe m\wmiapsrv .exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\W miApSrv.ex e (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10755 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:08 PM, on 11/4/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\Version6\
C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportConnect.e
C:\Users\Derek\AppData\Loc
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Users\Derek\AppData\Loc
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VC
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Derek\AppData\Loc
C:\Users\Derek\AppData\Loc
C:\Windows\SysWOW64\rund ll32.exe
C:\Users\Derek\AppData\Loc
C:\Users\Derek\AppData\Loc
C:\Users\Derek\AppData\Loc
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThi
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R0 - HKCU\Software\Microsoft\In
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-4
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-0
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VC
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.ex
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager]
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyN
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [iTeleportConnect] "C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportConnect.e
O4 - HKCU\..\Run: [Google Update] "C:\Users\Derek\AppData\Lo
O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadm
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadm
O4 - HKUS\S-1-5-18\..\Run: [iTeleportService] "C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.e
O4 - HKUS\.DEFAULT\..\Run: [iTeleportService] "C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.e
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleTo
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-E
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-E
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-0
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService
O23 - Service: @%SystemRoot%\system32\Alg
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesr
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: @%SystemRoot%\system32\efs
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxs
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\Google
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\Google
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.
O23 - Service: @%systemroot%\system32\psb
O23 - Service: @%systemroot%\system32\Loc
O23 - Service: @%SystemRoot%\system32\sam
O23 - Service: @%systemroot%\system32\spo
O23 - Service: @%SystemRoot%\system32\spp
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~2\ENIGMA~1\SPYHU
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\
O23 - Service: @%SystemRoot%\system32\ui0
O23 - Service: @%SystemRoot%\system32\vau
O23 - Service: @%SystemRoot%\system32\vds
O23 - Service: @%systemroot%\system32\vss
O23 - Service: @%SystemRoot%\system32\Wat
O23 - Service: @%systemroot%\system32\wbe
O23 - Service: @%Systemroot%\system32\wbe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10755 bytes
Did u try new user account...user account might be corrupted.
Ded9
Ded9
ASKER
No have not yet will do that next.
ASKER
created new user account. Problem still exists. I am at a loss on this one, any more ideas?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
customer is reluctant to do that. I will suggest again.
Can also try
If the customer has a router..then bypass the router and connect Ethernet cable  straight to the cable modem.
Ded9
If the customer has a router..then bypass the router and connect Ethernet cable  straight to the cable modem.
Ded9
ASKER
Yeah I thought he may be getting some serious packet loss or something but he claims he has other machines that are fine.
Have them remove sypyhunter and IO bit malware fighter. User can always put them back if they think they are helpful afterwards.
Also disable mctadmin.exe from startup.
There are a huge amount of 'missing files' Â I would suggest running sfc/scannow Â
You also show possible winsock corruption. If this were my client, I would want physical access to the system. Remote is a poor substitute in this instance.
You might try the sfc/scannow, after removing the sh and io bit, and disable mctadmin from starting up. Â Then try winsock fix.
The system shows definite need of a good cleanup, if not a total wipe/reload.
Also disable mctadmin.exe from startup.
There are a huge amount of 'missing files' Â I would suggest running sfc/scannow Â
You also show possible winsock corruption. If this were my client, I would want physical access to the system. Remote is a poor substitute in this instance.
You might try the sfc/scannow, after removing the sh and io bit, and disable mctadmin from starting up. Â Then try winsock fix.
The system shows definite need of a good cleanup, if not a total wipe/reload.
Did u try
netsh winsock reset  from command prompt....reboot computer and check.
Ded9
netsh winsock reset  from command prompt....reboot computer and check.
Ded9
Did not see riteheer: comments ignore my post.
Ded9
Ded9
ASKER
@riteheer have done everything you have said other then  disable mctadmin.exe from startup. which I will suggest to the person. I am starting to think the person I am working with may not be doing all that I have suggested and just assuming it wont work. Think I am going to need to stop.
Thanks for the suggestions.
Thanks for the suggestions.
ASKER
The person I was helping gave up but I think you were on the right track to fix. Thanks for the help.
Ded9