Post by: Pureblood on February 23, 2008, 09:00:50 PM
Logfile of HijackThis v1.99.1
Scan saved at 9:06:53 PM, on 2/23/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Justin 2\Desktop\My Lockbox\flockbox.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\Justin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [flockbox] C:\Users\Justin 2\Desktop\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1005.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1005.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (http://\"http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe\")
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx (http://\"http://upload.mediamax.com/Upload/XUpload.ocx\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - Unknown owner - C:\Program Files\LogMeIn\x86\RaMaint.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\EMBARQ Media Safe\StreamloadService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Post by: guestolo on February 23, 2008, 09:21:38 PM
First uninstall Hijackthis 1.99.1 from add/remove programs
Then from my link in my signature download and install the latest version
Don't run a scan yet
Instead, Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
Post back just the Whole contents of Main.txt
In addition, after that log is posted
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Post by: Pureblood on February 23, 2008, 09:36:37 PM
Post by: guestolo on February 23, 2008, 09:46:43 PM
Actually I want to see a log from the Host files
Can you do this again
Open Hijackthis>>Open MISC TOOLS SECTION>>Open Hosts File MANAGER
Click the Open in Notepad... button
Copy>>paste back here the whole contents of the text file that opens
NOTE:
O23 - Service: ZI - Sysinternals - www.sysinternals.com - C:\Users\JUSTIN~1\AppData\Local\Temp\ZI.exe
May be related to Rootkit Revealer, did you just recently run it?
If so, do you have a log from it you can post?
Post by: Pureblood on February 23, 2008, 09:56:30 PM
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
EDIT: I am currently re-running it and i will show you the file when it is done.
Post by: guestolo on February 23, 2008, 10:01:39 PM
Might of been me
but the log by default saved to the System32 folder
You may want to check there when it's done
Post by: Pureblood on February 23, 2008, 10:08:24 PM
Post by: guestolo on February 23, 2008, 10:18:10 PM
To see if may be interfering, but I can access Cnn.com ok and money.cnn.com
After you post the log from Rootkit Revealer
With your browser windows closed
Can you run CCleaner and clean temp files, cookies, etc..
Then clear DNS cache
Here's a link that explains, I suggest that you do this with browser closed also
http://www.tech-recipes.com/rx/1600/vista_dns_cache_flush (http://\"http://www.tech-recipes.com/rx/1600/vista_dns_cache_flush\")
Let me know if you can access those sites afterwards
Post by: Pureblood on February 23, 2008, 10:29:41 PM
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 2/23/2008 10:07 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler\Heartbeat 2/23/2008 10:07 PM 8 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN 11/2/2006 7:54 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client 11/2/2006 7:54 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener 11/2/2006 7:54 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service 11/2/2006 7:54 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 11/2/2006 5:33 AM 0 bytes Security mismatch.
I cleared the DNS cache and ran ccleaner didn't work.
Post by: guestolo on February 23, 2008, 10:40:17 PM
http://money.cnn.com/?cnn=yes (http://\"http://money.cnn.com/?cnn=yes\")
Post by: Pureblood on February 23, 2008, 10:41:29 PM
Post by: Pureblood on February 23, 2008, 10:44:02 PM
Post by: guestolo on February 23, 2008, 10:47:31 PM
Try this link
http://money.cnn.com (http://\"http://money.cnn.com\")
Here maybe
Post by: guestolo on February 23, 2008, 10:50:09 PM
Quote
It loads fine with a proxy.
That's what I was about to post above
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Can you try something
In Firefox, type in
about:config
in the url location
In the next window look for
network.dns.disableIPv6
If set to False, double click on it to set to TRUE
Restart firefox and see if you have access
Post by: Pureblood on February 23, 2008, 10:53:18 PM
Post by: guestolo on February 23, 2008, 11:14:28 PM
If they are can you try the following
Run Spyware Terminator
Click on INTERNET PROTECTION>>IMMUNIZE
If you have used the Immunize feature>>DEIMMUNIZE
Under Realtime Protections>>Shield Settings
Untick everything and save changes
Do the same in ADVANCED
Exit out of there
NEXT: Open Spybot 1.4
Click on the IMMUNIZE button
Let it finish it's quick scan then click on UNDO if you have used the Immunization feature earlier
Then exit Spybot
Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
In Firefox click on TOOLS>>Clear Private Data, ensure cookies is also selected and then click
Clear Private Data now
Close Firefox
Again, run CCleaner and clear DNS cache
This time reboot the computer
In Firefox
Try this link afterwards, see how it loads
http://money.cnn.com/ (http://\"http://money.cnn.com/\")
Then try this link as see if it loads http://64.236.16.20/money (http://\"http://64.236.16.20/money\")
and here
http://64.236.16.20/ (http://\"http://64.236.16.20/\")
Post by: Pureblood on February 24, 2008, 09:00:02 AM
Post by: guestolo on February 24, 2008, 09:40:34 AM
http://64.236.16.20/ (http://\"http://64.236.16.20/\")
That's strange
Can you check your connections in your browsers
In Firefox, select Tools>>Options>>Advanced>>Network>>Settings
How's it selected?
In IE, select Tools>>Internet options>>Connections>>LAN Settings
It appears that Embarq is your ISP, is that correct?
Can you check your DNS settings
Open Network connections>>Click Start>>In the search field type ncpa.cpl
Right click your connection and select Properties>>
Hightlight Internet Protoco(TCPIP ) and select Properties
Under the General tab what settings do you use for DNS server?
Edit>>Do you have any proxy configurations set?
Post by: Pureblood on February 24, 2008, 01:25:28 PM
http://64.236.16.20/ (http://\"http://64.236.16.20/\")
That's strange[/quote]
No i couldn't get that link to work. Something popped up and said the server is taking to long to respond.
[quote name=\'guestolo\' post=\'422487\' date=\'Feb 24 2008, 09:40 AM\']Can you check your connections in your browsers
In Firefox, select Tools>>Options>>Advanced>>Network>>Settings
How's it selected?
In IE, select Tools>>Internet options>>Connections>>LAN Settings
It appears that Embarq is your ISP, is that correct?[/quote]
Yeah Embarq is my ISP. Everything looks fine it firefox it says direct connection to internet.
[quote name=\'guestolo\' post=\'422487\' date=\'Feb 24 2008, 09:40 AM\']Everything looked fine and yes Embarq is my ISP.
Can you check your DNS settings
Open Network connections>>Click Start>>In the search field type ncpa.cpl
Right click your connection and select Properties>>
Hightlight Internet Protoco(TCPIP ) and select Properties
Under the General tab what settings do you use for DNS server?
Edit>>Do you have any proxy configurations set?[/quote]
On IPv6 and IPv4 it has obtain automatically from ISP.
No i don't have any proxy configurations.
Does look normal to you?
<Removed image containing IP addy, etc>
edit: I just noticed today now that i get an alert that says the server at ads.cnn.com is taking to long to respond.
Post by: guestolo on February 24, 2008, 06:37:41 PM
Quote
edit: I just noticed today now that i get an alert that says the server at ads.cnn.com is taking to long to respond.
Do you have Adblocker installed for firefox?
You could try this filter and see if it's some help
http://ads.cnn.com*
and/or
Can you try adding the following to your hosts file and see what happens
127.0.0.1 ads.cnn.com
Place that right under
::1 localhost
1) Browse to Start -> All Programs -> Accessories
2) Right click "Notepad" and select "Run as administrator"
3) Click "Continue" on the UAC prompt
4) Click File -> Open
5) Browse to "C:\Windows\System32\Drivers\etc"
6) Change the file filter drop down box from "Text Documents (*.txt)" to "All Files (*.*)"
7) Select "hosts" and click "Open"
8) Make the needed changes and close Notepad. Save when prompted.
restart Firefox, see if it's any help
Post by: Pureblood on February 24, 2008, 07:22:24 PM
Post by: guestolo on February 24, 2008, 07:26:30 PM
Afterwards, can you try running firefox in safe mode enviroment
In a Run command window copy>paste the following
firefox -safe-mode
Don't click OK or Go yet
Instead close Firefox and click OK
Try cnn.com, any difference?
Post by: Pureblood on February 24, 2008, 07:28:35 PM
Post by: guestolo on February 24, 2008, 09:20:07 PM
Can you post the MTU settings, may be of some help
I'm not using Vista, but try the following
Run a command prompt window as admin
Type in
netsh interfaces ipv4 show subinterfaces
Post by: Pureblood on February 25, 2008, 03:00:54 PM
Here is what i think you asked for. When i put what you wanted in cmd prompt nothing came up so i took off the s in interfaces.
(http://img232.imageshack.us/img232/6558/screenhunter002hv2.png)
EDIT: A tech specialist just suggested i try it in safe mode. I did and it still doesn't work.
EDIT2: Now i do remember something. I download tweakvista. http://www.tweakvista.com/tweakvistautility/download.aspx (http://\"http://www.tweakvista.com/tweakvistautility/download.aspx\").
Awhile back i downloaded it and used
Internet Optimization - TweakVista can improve your Internet surfing performance by changing the underlying Internet settings on Windows Vista to fit the capabilities of your PC. http://www.stardock.com/products/tweakvista/ (http://\"http://www.stardock.com/products/tweakvista/\")
I can no longer use the free version to attempt to fix what i did. If that is what is causing the problem. I have a feeling it isn't but i know that messed with my internet settings so it could be. It says i already used the free trial. And the only way to fix it is to restore my computer. Well my restore points go back that far.
Do you think something from that might of caused the problem? Oh that is right you don't have vista so you wont be able to download and see what settings that i could have changed.
Post by: guestolo on February 25, 2008, 10:29:48 PM
It get's diffucult
If at all possible, save any files you to disk or USB
Then restore to a point before you had problems, see if it helps
Post by: Pureblood on February 26, 2008, 02:54:55 PM
But anyways i am going to do what i did on this computer on my other vista machine to see if i can recreate the problem.
Post by: Pureblood on February 26, 2008, 03:10:49 PM
Post by: guestolo on February 26, 2008, 03:14:21 PM
Just meant that you may have changed a setting by mistake and a reversal may be needed
Was there an MTU setting in the program?
Just curious
EDIT>>Just seen this
Quote
Good news... I have successfully recreated the problem on my other computer and successfully fixed the problem at the same time. Tweak vista is definitely what i had cause it. I am going to find a way to be able to use the trial again.
Post by: Pureblood on February 26, 2008, 03:31:54 PM
Post by: guestolo on February 26, 2008, 05:08:15 PM
Unless you unselected the option
Here's a screen shot of the Internet options
http://www.tweakvista.com/tweakvistautilit...ta_Internet.png (http://\"http://www.tweakvista.com/tweakvistautility/images/screenshots/TweakVista_Internet.png\")
Take note of the following
Enhanced and Aggressive settings may cause problems with some sites.....
Post by: Pureblood on February 26, 2008, 05:20:27 PM
sadly my restore points only go back to February 14 and i did this way back in like december...
I guess i will just have to live with it until i can find a cracks opps i mean good version of tweak vista since i can't use it anymore because of the trial.
Post by: guestolo on February 26, 2008, 05:26:33 PM
I wonder what would happen if you checked your RWIN and MTU settings at Speedguide
Maybe we can see what is different in both computer comparisons
http://www.speedguide.net/sg_tools.php (http://\"http://www.speedguide.net/sg_tools.php\")
At the link click on SG TCP/IP Analyzer
The results should show after a few seconds
Edit>>The MTU settings you posted earlier >>1496
Which should be correct for dsl
It may be an Rwin setting that TweakVista changed
Post by: Pureblood on February 26, 2008, 05:34:11 PM
K it is installed and running
Do you want me to run that on both computers?
Post by: Pureblood on February 26, 2008, 05:39:12 PM
SpeedGuide.net TCP/IP Analyzer
TCP properties for IP = <Edited guestolo>
Browser/OS = Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Notes: Read the Analyzer FAQ if the above is not your IP address.
TCP options string = 020405b40103030201010402
MTU = 1500
MTU is fully optimized for broadband.
MSS = 1460
Maximum useful data in each packet = 1460, which equals MSS.
Default TCP Receive Window (RWIN) = 17520
RWIN Scaling (RFC1323) = 2 bits (scale factor of 4)
Unscaled TCP Receive Window = 4380
In Windows Vista, unless you have disabled "TCP/IP Auto-Tuning", readings in the Analyzer will only show the Current TCP Window, and the TCP Optimizer will have no effect.
RWIN is a multiple of MSS
Other RWIN values that might work well with your current MTU/MSS:
513920 (MSS x 44 * scale factor of 8)
256960 (MSS x 44 * scale factor of 4)
128480 (MSS x 44 * scale factor of 2)
64240 (MSS x 44)
bandwidth * delay product (Note this is not a speed test):
Your TCP Window limits you to: 701 kbps (88 KBytes/s) @ 200ms
Your TCP Window limits you to: 280 kbps (35 KBytes/s) @ 500ms
Consider increasing your RWIN value to optimize TCP/IP for broadband.
MTU Discovery (RFC1191) = ON
Time to live left = 112 hops
TTL value is ok.
Timestamps (RFC1323) = OFF
Selective Acknowledgements (RFC2018) = ON
IP type of service field (RFC1349) = 00000000 (0)
-----------------------------------------------------------------------------------------------------------------------------
here is where cnn does not load
TCP options string = 020405b001010402
MTU = 1496
MTU is fully optimized for broadband.
MSS = 1456
Maximum useful data in each packet = 1456, which equals MSS.
Default TCP Receive Window (RWIN) = 65520
RWIN Scaling (RFC1323) = 0 bits
Unscaled TCP Receive Window = 65520
In Windows Vista, unless you have disabled "TCP/IP Auto-Tuning", readings in the Analyzer will only show the Current TCP Window, and the TCP Optimizer will have no effect.
RWIN is a multiple of MSS
Other RWIN values that might work well with your current MTU/MSS:
512512 (MSS x 44 * scale factor of 8)
256256 (MSS x 44 * scale factor of 4)
128128 (MSS x 44 * scale factor of 2)
64064 (MSS x 44)
bandwidth * delay product (Note this is not a speed test):
Your TCP Window limits you to: 2621 kbps (328 KBytes/s) @ 200ms
Your TCP Window limits you to: 1048 kbps (131 KBytes/s) @ 500ms
MTU Discovery (RFC1191) = ON
Time to live left = 112 hops
TTL value is ok.
Timestamps (RFC1323) = OFF
Selective Acknowledgements (RFC2018) = ON
IP type of service field (RFC1349) = 00000000 (0)
Post by: guestolo on February 26, 2008, 05:42:37 PM
I suggest that you actually go to that computer and visit Speedguide again and see if you get the same results
Bypassing Logmein
Quote
MTU = 1500
MTU is fully optimized for broadband.
MSS = 1460
Maximum useful data in each packet = 1460, which equals MSS.
Default TCP Receive Window (RWIN) = 17520
RWIN Scaling (RFC1323) = 2 bits (scale factor of 4)
Unscaled TCP Receive Window = 4380
Post by: Pureblood on February 26, 2008, 05:44:30 PM
Post by: Pureblood on February 26, 2008, 05:47:04 PM
TCP options string = 020405b40103030201010402
MTU = 1500
MTU is fully optimized for broadband.
MSS = 1460
Maximum useful data in each packet = 1460, which equals MSS.
Default TCP Receive Window (RWIN) = 17520
RWIN Scaling (RFC1323) = 2 bits (scale factor of 4)
Unscaled TCP Receive Window = 4380
In Windows Vista, unless you have disabled "TCP/IP Auto-Tuning", readings in the Analyzer will only show the Current TCP Window, and the TCP Optimizer will have no effect.
RWIN is a multiple of MSS
Other RWIN values that might work well with your current MTU/MSS:
513920 (MSS x 44 * scale factor of 8)
256960 (MSS x 44 * scale factor of 4)
128480 (MSS x 44 * scale factor of 2)
64240 (MSS x 44)
bandwidth * delay product (Note this is not a speed test):
Your TCP Window limits you to: 701 kbps (88 KBytes/s) @ 200ms
Your TCP Window limits you to: 280 kbps (35 KBytes/s) @ 500ms
Consider increasing your RWIN value to optimize TCP/IP for broadband.
MTU Discovery (RFC1191) = ON
Time to live left = 111 hops
TTL value is ok.
Timestamps (RFC1323) = OFF
Selective Acknowledgements (RFC2018) = ON
IP type of service field (RFC1349) = 00000000 (0)
Post by: guestolo on February 26, 2008, 05:50:45 PM
Let's check and see if autotuning is enabled on both computers
I don't have Vista, so I'll leave the results to you
You can post them, it may be of some help, I'm not sure what Tweakvista changed
Check and see if autotuning is enabled on both
netsh interface tcp show global
As taken from this link
http://www.speedguide.net/faq_in_q.php?cat...=89&qid=247 (http://\"http://www.speedguide.net/faq_in_q.php?category=89&qid=247\")
Post by: Pureblood on February 26, 2008, 05:52:47 PM
Quote
Ok, at least we know the results are the sameWhat do you mean?
they were different. The one computer has and mtu of 1500 and the other 1496.
Post by: Pureblood on February 26, 2008, 05:58:34 PM
(http://i27.tinypic.com/2dbs45x.jpg)
Here is where Cnn does load
(http://i30.tinypic.com/2rrxd2u.jpg)
Post by: guestolo on February 26, 2008, 06:00:22 PM
I do notice the MTU are different, they should be the same
Do you know what the Router is set too?
I would think that a DSL you would want set to 1492, but that's the machine your having troubles with?
How were the autotuning results?
Post by: Pureblood on February 26, 2008, 06:07:33 PM
I do notice the MTU are different, they should be the same
Do you know what the Router is set too?
I would think that a DSL you would want set to 1492, but that's the machine your having troubles with?
How were the autotuning results?[/quote]
I think these are the results.
Here is where Cnn does NOT load
(http://i27.tinypic.com/2dbs45x.jpg)
Here is where Cnn does load
(http://i30.tinypic.com/2rrxd2u.jpg)
Isn't that what you wanted.
No i do not know what the router is set to but i may be able to find out. But don't we know that router isn't the problem since i can access it from the other computer?
As you can see ECN capability is enabled on the computer that doesn't load cnn. Do you know how to turn that off?
Post by: guestolo on February 26, 2008, 06:09:48 PM
If router doesn't support than it could be causing problems
Here's another link
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Notice the following
Quote
By default Vista has ECN disabled
You can try the command to disable ECN in the machine that doesn't reach cnn.com's sub-addresses
From the link
netsh interface tcp set global ecncapability=disabled
I would reboot the computer afterwards to ensure the change is in effect
Check to see if it's set to disabled on reboot
netsh interface tcp show global
See if it's any help
Quote
As you can see ECN capability is enabled on the computer that doesn't load cnn. Do you know how to turn that off?We're posting at the same time
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />Woops, forgot to post the link
http://www.kitz.co.uk/adsl/vistaTCPtweaks.htm (http://\"http://www.kitz.co.uk/adsl/vistaTCPtweaks.htm\")
Post by: Pureblood on February 26, 2008, 06:12:49 PM
Doing this netsh interface tcp set global ecncapability=disabled
Made money.cnn.com load!!!!
Post by: guestolo on February 26, 2008, 06:14:51 PM
Post by: Pureblood on February 26, 2008, 06:15:14 PM
Post by: Pureblood on February 26, 2008, 06:16:56 PM
Yes all the links work
Post by: guestolo on February 26, 2008, 06:17:28 PM
Quote
Made money.cnn.com load!!!!We're doing it again
Leave MTU settings for now, I wonder if TweakVista changed the other computer to 1500??
Although Vista should take care of it auto, I would think 1492 would be default
not sure what router configuration is at however?
If you don't experience problems leave settings alone
Post by: Pureblood on February 26, 2008, 06:20:15 PM
One positive out of it, When people google. Cnn loads slow it will bring them here bringing up TTG's traffic.
Post by: guestolo on February 26, 2008, 06:23:35 PM
At the last link I gave you to ECN
There is a link to change MTU
As mentioned, I would think
cable likes 1500
You could try the change in the other computer, create restore point ahead of time
Also look at Router configuration to see what it's set at
Up to you Pureblood
/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />EDIT>>Forgot to add, I would enable protections for Windows Defender
Not sure if I would also use realtime protections with Spyware Terminator
2 protections doing the same thing
If you keep Spyware Terminator, you can utilize the Immunization feature
Post by: Pureblood on February 26, 2008, 06:29:49 PM