# Solved: Please Help! No networking, Will not run Norton, Virus?



## Jme0724 (Jul 6, 2005)

I have a gateway desktop running Win XP Pro. I was gone over the weekend and shut down my system. When I booted back up I received a message saying something about symantec email checker cannot run because your internet is not configured. I tried running Norton and it would only give me a the status screen saying it was refreshing. Nothing else would work. The internet will not open, it gives me a Cannot find server screen. In the task manager box it has not network adapter found. However, in networking icon it says it is connected. When I tried to repair network connection it gives me the error: failed to query TCP/IP. I've tried all hardware related stuff and assume it must be some type of virus. Everythign else works ok,no other error messages but I cannot connect to internet, norton will not execute and when I go to system restore under control panel it only brings up a blank window. In safe mode with networking I still cannot run norton or connect to internet. Does this sound like a virus? What steps can I take? I have an accesible laptop with internet connection so I can download stuff on it and copy to my desktop. Please help!
Thank You so much.


----------



## etaf (Oct 2, 2003)

how are you connected to the internet with that PC - as much info as possible 

can you go into device manager
start>
control panel>
system>
hardware tab>
device manager button>

have a look for network adapters 
click on the +
and post back what you have there

also any ! or X or ?


----------



## Jme0724 (Jul 6, 2005)

Hey thanks for your response and help.

I have a motorola cable modem the computer is connected through a netgear router which is connected to the cable modem. It is a cable high speed internet connection.

Under network Adapters I found : Intel R 82559 Fast Ethernet LOM with Alert on LAN2*

No ! or X or ? just the *.

Thanks so much


----------



## etaf (Oct 2, 2003)

what else is connected tot he router -??

can you post an ipconfig /all

TWO Methods to do that - some people have problems with ONE----

ONE ---------------------------------
start
run
cmd
ipconfig /all

rightclick in the box
select all
enter
control key + C key - to copy
then reply here and 
control key + V to paste

TWO -----------------------------------------------

Start, Run, CMD to open a DOS window and type:

IPCONFIG /ALL >C:\RESULT.TXT

Open C:\RESULT.TXT with Notepad and copy/paste the entire results here.


----------



## Jme0724 (Jul 6, 2005)

It is connected wirelessly to the laptop I am on now.

here is what it said: Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.


Thanks


----------



## ~Candy~ (Jan 27, 2001)

I'm wondering if a system restore will fix the problem?


----------



## etaf (Oct 2, 2003)

EDIT

GOOD IDEA ACACAndy
only just read your idea

--------------------------
OK so the router is all OK and you can access the internet via the laptop 
can you post an IPCONFIG /ALL from the laptop
model of the desktop 
is it connected via cable?

start>
control panel>
network connections>
can you right click on the network connection listed
properties
do you have TCP/IP listed 
can you highlight it and then click the properties button
whats there too


if you right click


----------



## Jme0724 (Jul 6, 2005)

I thought so as well, however when I open system restore from the control panel I get the window with nothign in it. I've tried using help/search to find another way into system restore but it will not open that either. 
Do you know another way to get into system restore? It will not run in safe mode correct?

Thank You


----------



## Jme0724 (Jul 6, 2005)

Yes the laptop is connected through the router with a wireless card and is working fine.
The desktop is a gateway E-1400 intel pentium 3 with 648 MHz and 320 mb of ram. has XP pro with SP2

It is connected through a cable.

From the laptop the IPCONFIG is:

Error: unrecongnized or incomplete command line.

USAGE:

ipconfig [/? | /all | /renew [adapter] | /release [adapter] |

/flushdns | /displaydns | /registerdns |

/showclassid adapter |

/setclassid adapter [classid] ]

where

adapter Connection name

(wildcard characters * and ? allowed, see examples)

Options:

/? Display this help message

/all Display full configuration information.

/release Release the IP address for the specified adapter.

/renew Renew the IP address for the specified adapter.

/flushdns Purges the DNS Resolver cache.

/registerdns Refreshes all DHCP leases and re-registers DNS names

/displaydns Display the contents of the DNS Resolver Cache.

/showclassid Displays all the dhcp class IDs allowed for adapter.

/setclassid Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and

default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address

leases for all adapters bound to TCP/IP will be released or renewed.

For Setclassid, if no ClassId is specified, then the ClassId is removed.

Examples:

> ipconfig ... Show information.

> ipconfig /all ... Show detailed information

> ipconfig /renew ... renew all adapters

> ipconfig /renew EL* ... renew any connection that has its

name starting with EL

> ipconfig /release *Con* ... release all matching connections,

eg. "Local Area Connection 1" or

"Local Area Connection 2"

On the desktop:
Under the Network connection there is the Local area connection which says it is connected to the Intel R 82559 Fast Ethernet LOM with alert on LAN 2*
under properties it says connect using :Intel R 82559 Fast Ethernet LOM with alert on LAN 2* then there are three boxes ALL checked which are: client four Microsoft network, File and printer sharing four Microsoft network and Internet Protocol (TCP/IP). All of these are checked. I highlighted TCP/IP and clicked properties there it said obtain IP automatically and obtain DNS server automatically both of these were checked.


----------



## etaf (Oct 2, 2003)

this may get you to restore 
start>
programs>
accessories>
system tools>
system restore>

I worried about the results from the LAPTOP 
this has XP
you go
start>
run>
cmd>

a black window opens

you type

IPCONFIG /ALL

and you should get something like this



> Microsoft Windows XP [Version 5.1.2600]
> (C) Copyright 1985-2001 Microsoft Corp.
> 
> C:\Documents and Settings\wayne>ipconfig /all
> ...


perhaps we need to update the drives for the LAN

can you get www.belarc.com program onto the destop - via floppy or write a CD

then see what it thinks the LAN is


----------



## ~Candy~ (Jan 27, 2001)

Jme0724 said:


> Yes the laptop is connected through the router with a wireless card and is working fine.
> The desktop is a gateway E-1400 intel pentium 3 with 648 MHz and 320 mb of ram. has XP pro with SP2
> 
> It is connected through a cable.
> ...


I'd say you might have either typed it wrong, or forgot the space.

It's

ipconfig(space)/all


----------



## Jme0724 (Jul 6, 2005)

Ok here is the new laptop one, sorry about the one earlier I may have typed it in wrong. As far as the desktop when I go through the steps you suggested to get to system restore it gives me an error message stating that I do not have sufficient security privelages to restore your system, but I do not have an administrative icon, I only have mine and I have administrative privelages. I'm going to try to download the program to a cd and get it to the desktop.
Thanks


----------



## etaf (Oct 2, 2003)

can you post the results of ipconfig /all


----------



## Jme0724 (Jul 6, 2005)

sorry here is the laptop IPCONFIG:
Windows IP Configuration



Host Name . . . . . . . . . . . . : Jamie

Primary Dns Suffix . . . . . . . : 

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : nc.hr.cox.net



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : nc.hr.cox.net

Description . . . . . . . . . . . : D-Link AirPlus G DWL-G630 Wireless Cardbus Adapter

Physical Address. . . . . . . . . : 00-11-95-4C-00-29

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Monday, June 19, 2006 12:27:56 PM

Lease Expires . . . . . . . . . . : Thursday, June 22, 2006 12:27:56 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-08-0D-09-14-13


----------



## etaf (Oct 2, 2003)

ok great at least we know we both can see the same thing and what to expect

any luck with belarc


----------



## Jme0724 (Jul 6, 2005)

sorry posted it on page 1.. Here is the Belar results:
For some reason it appears that the system is not recognizing a network connection at all.

--------------------------------------------------------------------------------

The license associated with the Belarc Advisor product allows for free personal use only. Use on multiple computers in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your computer by the Belarc Advisor. Your computer profile was not sent to a web server. Click here for more info.

--------------------------------------------------------------------------------

About Belarc

System Management Products

Your Privacy

In page Links:

Installed Hotfixes

Software Licenses

Software Versions

System Security Status CIS Benchmark Score

2.50 of 10 (details...)

Virus Protection

Virus definitions are older than 30 days

Microsoft Security Updates

Up-to-date

--------------------------------------------------------------------------------

Computer Profile Summary 
Computer Name: Computer (in MSHOME) 
Profile Date: Monday, June 19, 2006 3:41:28 PM 
Advisor Version: 7.1h 
Windows Logon: Jme0724

Click here for Belarc's System Management products, for large and small companies.

Operating System System Model 
Windows XP Professional Service Pack 2 (build 2600) Gateway E-1400 
System Serial Number: 0019685799
Chassis Serial Number: 0019685799
Enclosure Type: Mini-Tower 
Processor a Main Circuit Board b 
650 megahertz Intel Pentium III
32 kilobyte primary memory cache
256 kilobyte secondary memory cache Board: Intel Corporation SU810 AAA15184-800
Serial Number: IUSU02306465
Bus Clock: 100 megahertz
BIOS: Intel Corp. SU81010A.15A.0024.P10.0004180904 04/18/2000 
Drives Memory Modules c,d 
14.99 Gigabytes Usable Hard Drive Capacity
6.32 Gigabytes Hard Drive Free Space

LG CD-ROM CRD-8483B
MITSUMI CR-48X9TE [CD-ROM drive]
3.5" format removeable media [Floppy drive]

QUANTUM FIREBALLlct15 15 [Hard drive] (15.02 GB) -- drive 0, s/n 612018702389, rev A01.0F00, SMART Status: Healthy 320 Megabytes Installed Memory

Slot 'DIMM1' has 64 MB
Slot 'DIMM2' has 255 MB 
Local Drive Volumes

c: (FAT32 on drive 0) 14.99 GB 6.32 GB free

Network Drives 
None detected 
Users (mouse over user name for details) Printers 
local user accounts last logon 
Administrator 6/19/2006 10:47:04 AM (admin) 
Jme0724 6/19/2006 3:38:47 PM (admin) 
Justin 6/19/2006 3:17:10 PM (admin) 
local system accounts 
ASPNET never 
Guest never 
HelpAssistant never 
SUPPORT_388945a0 never

Marks a disabled account; Marks a locked account CutePDF Writer on CPW2: 
hp photosmart 1115 series on DOT4_002

Controllers Display 
Standard floppy disk controller
Intel(R) 82801AA Bus Master IDE Controller
Primary IDE Channel [Controller]
Secondary IDE Channel [Controller] Intel(R) 82810-DC100 Graphics Controller (Microsoft Corporation) [Display adapter]
Gateway EV700 [Monitor] (16.1"vis, May 2000) 
Bus Adapters Multimedia 
Intel(R) 82801AA USB Universal Host Controller Intel(r) 82801AA AC'97 Audio Controller 
Communications Other Devices 
Gateway Data Fax Modem

Intel(R) 82559 Fast Ethernet LOM with Alert on LAN 2* 
HID-compliant consumer control device
USB Human Interface Device
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
HID-compliant mouse
USB Root Hub 
Virus Protection [Back to Top] 
Norton AntiVirus Version 11.09 
Virus Definitions Version 12/8/2004 Rev 7 
Realtime File Scanning On

Missing Microsoft Security Hotfixes [Back to Top]


----------



## etaf (Oct 2, 2003)

cheers - i would delete the KEY information - gointo edit
from here


> Missing Microsoft Security Hotfixes [Back to Top]


down


----------



## etaf (Oct 2, 2003)

lets check out the NIC card leds on the back see if they are working

http://www.duxcw.com/faq/network/testnic.htm


> An indicator that a NIC and cabling is functioning is to check the LINK (sometimes labeled LNK, etc.) and Activity (ACT, etc.) LEDs, if there are any, on the NIC and on the device at the other end of the cable. The LINK should be solid with no flickering and the ACTIVITY should be blinking, which indicates, of course, network activity. This indication is not as thorough a test as the diagnostics program and it is not foolproof


I suspect we may have a faulty card - but it would be worth re-inststalling the software - I think you can go to the gateway website and enter the serial number of the machine for support and get drivers


----------



## Jme0724 (Jul 6, 2005)

Hi there are lights on and they are solid. Do you think that the other problems, norton not executing and running and not being able to get into the system recovery, is unrelated?
Thanks


----------



## etaf (Oct 2, 2003)

No may be related - it could well be but i thought that was disabled now


----------



## Jme0724 (Jul 6, 2005)

Norton is disabled. I think it may be a virus, but I'm really not sure. The system was running find, except the past couple of weeks a box would appear when I opened internet explorer that would say workoffline or try again, clicking tryagain always worked, sometimes it would give you the connect button option, but the internet was never unable to connect. What do you think I should do next? 
Thank You


----------



## ~Candy~ (Jan 27, 2001)

What is your idea of disabled? If any part of Norton is still in the startup items (start, run, msconfig startup) it could still be involved.


----------



## etaf (Oct 2, 2003)

so even with that IPCONFIG /ALL information it still works and connects tothe internet OK 
is that correct


----------



## Jme0724 (Jul 6, 2005)

The laptop does connect to the internet ok. However, the desktop is the system I am having problems with. It will NOT connect to the internet. Norton was deleted from the system, and tried to reinstall it, but it will not complete the installation. So it may still be causing a problem in that aspect. The desktop is the one with the error in the IPCONFIG/ ALL. What should I try next?

Thanks


----------



## etaf (Oct 2, 2003)

have you answered post #18 and #19 re lights on the NIC and driver


----------



## Jme0724 (Jul 6, 2005)

Yes I think it was post 19. The lights are on and solid green and orange. 

THanks


----------



## Jme0724 (Jul 6, 2005)

I guess I should clarify that. The two lights green and orange are solid where the cat 5 cable plugs into the back of the computer. The only other lights that I have are on the cable modem all are solid and the PC activity light is flashing. The ethernet card was installed after the computer was purchased, through the student store on a university campus, where I also purchased the computer. I do not think it is a gateway card, but I don't have any information on it, so I'm not sure.


----------



## ~Candy~ (Jan 27, 2001)

Can you try to start in safemode w/networking?

Another thing, if you haven't tried this already, remove the network card in the device manager, then do a scan for new hardware.


----------



## Jme0724 (Jul 6, 2005)

I'll try it again. yesterday when I did it I still could not connect. Trying it now


----------



## Jme0724 (Jul 6, 2005)

When I boot in safemode w/networking and log in as administrator I get the black screen with safemode in the bottom left and right corners and safe mode on the top and nothing else. When I go into task manager to log off administrator there is no network adapter found and then it brings up an explorer.exe end program. So Im assuming explorer is having issues launching wiht the admin log in. 
When I log in , still in safemode w/networking, with my personal log in it loads with icons. What should I do now?

Thanks


----------



## etaf (Oct 2, 2003)

ops my bad re #19 
i'll wait for AcaCandy to reply


----------



## Jme0724 (Jul 6, 2005)

no problem. Thanks.


----------



## ~Candy~ (Jan 27, 2001)

I was just curious to see if you could get an IP Config in safe mode?


----------



## Jme0724 (Jul 6, 2005)

I can't get to the run option in the start menu, because it doesn't show everything in safemode. Is there another way to get to the cdm?


----------



## ~Candy~ (Jan 27, 2001)

Is there start, command prompt? Since you had it open in normal mode? I'm going to reboot into safe mode with networking. I don't think start, run should be missing


----------



## Jme0724 (Jul 6, 2005)

Never mind I figured out how to get to it. Its still givng me the error message. When I type IPCONFIG /ALL. it says: an internal error occurred: The request is not supported.


----------



## ~Candy~ (Jan 27, 2001)

Dang. 

Ok, I had to restart my system anyway, so no big deal. A crap load of Windows updates 

Etaf, what do you think about removing the nic via device manager?


----------



## Jme0724 (Jul 6, 2005)

Yeah gotta love those  I also keep getting the symantec email error message. Maybe because of Norton? The box usually shows up blank though, just symantec email proxy on top. Before it said it couldn't scan emails because the internet connection was not set up.


----------



## etaf (Oct 2, 2003)

yep - sounds like a good plan


----------



## ~Candy~ (Jan 27, 2001)

So, you don't have all of Norton disabled then? Can you uncheck all of the Norton stuff from start, run, msconfig, startup? Or perhaps post a Hijack This log and we can see what is starting there?


----------



## ~Candy~ (Jan 27, 2001)

etaf said:


> yep - sounds like a good plan


Ok, I see Norton is still loading some stuff, so I think we should deal with that first, since I have a sneaking suspicion norton may be blocking something.


----------



## etaf (Oct 2, 2003)

norton removal tool
http://service1.symantec.com/SUPPOR...sf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=


----------



## Jme0724 (Jul 6, 2005)

Should I do this from normal mode or safemode? Can I download Hijack this to a disk and run it on the desktop?


----------



## Jme0724 (Jul 6, 2005)

shoudl I just use the norton removal and completely remove it instead?


----------



## etaf (Oct 2, 2003)

> Should I do this from normal mode or safemode? Can I download Hijack this to a disk and run it on the desktop?


put in its own directory - do not use temp or desktop - it saves backups


----------



## etaf (Oct 2, 2003)

> shoudl I just use the norton removal and completely remove it instead?


completely remove - i assume you have the original disk to be able to put back on if wanted - I hate norton myself and took off my PC day two....


----------



## ~Candy~ (Jan 27, 2001)

Jme0724 said:


> shoudl I just use the norton removal and completely remove it instead?


I think I'd try add/remove programs first, if that doesn't go well, then use the Norton removal tool. Just my two centavos....I've run into easy uninstalls, and some bear uninstalls. Let's hope for an easy one


----------



## ~Candy~ (Jan 27, 2001)

etaf said:


> completely remove - i assume you have the original disk to be able to put back on if wanted - I hate norton myself and took off my PC day two....


I use it on my laptop, and it actually works pretty good. I put it on one desktop  and wow, I ended up reformatting it to get rid of it


----------



## Jme0724 (Jul 6, 2005)

I did the start run msconfig under startup norton was not listed. I am going to try to remove it using add/remove programs...I'll let you know how that goes


----------



## ~Candy~ (Jan 27, 2001)

Alrighty. I'm doing some real life stuff, so hopefully etaf stays around.


----------



## etaf (Oct 2, 2003)

yep- watching, yea I think norton virus is OK - its the full secruity centre i have always had trouble with


----------



## Jme0724 (Jul 6, 2005)

I understand.  Thanks so much


----------



## Jme0724 (Jul 6, 2005)

ok it has been removed through add/remove programs and is now rebooting. should I download hijack this and burn to cd to put on my desktop so that I can get you a log ?


----------



## ~Candy~ (Jan 27, 2001)

etaf said:


> yep- watching, yea I think norton virus is OK - its the full secruity centre i have always had trouble with


That is what I have on the laptop  And yeah, I am surprised too, but, I'm of the belief, if it's working, leave it alone 

Jme0724, you're welcome. I'll pop in and out. If I don't get some laundry done soon, I'll have no place to hide it anymore


----------



## ~Candy~ (Jan 27, 2001)

Jme0724 said:


> ok it has been removed through add/remove programs and is now rebooting. should I download hijack this and burn to cd to put on my desktop so that I can get you a log ?


I don't think we'll need that now that you've completely removed Norton. Try to get us an IP CONFIG now and/or get on the internet.


----------



## Jme0724 (Jul 6, 2005)

Still no internet connection. I ran the IP CONFIG and go the same error messag as before. Norton appears to be removed, however their is still an icon in the tray at the bottom right and the executable file is still saved under C: Should I try the removal tool to make sure its completely wiped off?


----------



## Jme0724 (Jul 6, 2005)

under msconfig startup there is nothing related to norton, but under services the live update is still checked and running?


----------



## ~Candy~ (Jan 27, 2001)

Go to add/remove and remove live update. I'm not getting too far


----------



## Jme0724 (Jul 6, 2005)

ok all is removed and rebooted. still no internet connection :/?


----------



## Jme0724 (Jul 6, 2005)

Ip config gives me same error message


----------



## etaf (Oct 2, 2003)

AcaCandy may be back any sec - but i guess the next move is to remove the NIC from device manager - if nortons all off now

then let windows redetect it and install drivers - 

do you have any idea of the make/model of the NIC or have the CD that was supplied when you bought it - just in case we need the drivers

are you running SP2 of XP


----------



## ~Candy~ (Jan 27, 2001)

I'd go with the removal now, as etaf posted above. Please be sure we have needed cds......


----------



## Jme0724 (Jul 6, 2005)

Sorry it took me so long to get back. Unfourtanately I do not have any of the CDs because it was installed aftermarket by the store that I bought the computer from, I have the gateway CDs that came with the computer but not the ethernet card. Is that the same as the NIC? I'm not sure of the make or model? Is there a way I could find out? I am running SP 2 on XP pro


----------



## etaf (Oct 2, 2003)

whats under devcice maanger for network adapter - see if we can find them online - cant see in history


----------



## ~Candy~ (Jan 27, 2001)

I think Windows should be able to find the drivers...but, if not, we can try to figure that out later. It's not working now, so by removing it, and trying to reinstall it, we're not really breaking anything else 

In device manager, perhaps it gives the make/model there?


----------



## Jme0724 (Jul 6, 2005)

let me see what I can find out from device manager. Where should I remove it from? straight from the device manager ?


----------



## ~Candy~ (Jan 27, 2001)

Yes, under network adapters...but tell us what it says first.


----------



## Jme0724 (Jul 6, 2005)

Im not sure if I have the right place. under network connections under control panel there is Intel R 82559 Fast Ethernet LOM with alert on LAN 2*. Is that the right place?


----------



## etaf (Oct 2, 2003)

yep thats it - saw that in the post before and had trouble finding drivers, but will have a search


----------



## Jme0724 (Jul 6, 2005)

ok sorry, I got the device manager and it says the same under network adapters as posted in 68


----------



## Jme0724 (Jul 6, 2005)

under properties for that its says device is working properly. other details given are that its intel in location pc1 bus 1 device 1 function 0. the driver version is 5.41.22.0 and its under c: system 32 drivers e 100b325.sys. If any of that helps?


----------



## ~Candy~ (Jan 27, 2001)

Etaf, does that sound like an onboard device?


----------



## ~Candy~ (Jan 27, 2001)

http://www.soft32.com/download_170650.html

Hmmmm.................I'll be back in a few again.


----------



## etaf (Oct 2, 2003)

> Etaf, does that sound like an onboard device?


certainly does for everything i have found sofar
its a gateway PC - not sure we had the full model number


----------



## Jme0724 (Jul 6, 2005)

the tower says E-1400, can't find anything else. Is there another place to look for model number.


----------



## etaf (Oct 2, 2003)

http://support.gateway.com/s/manuals/servers/eseries/8504419.pdf
is this the device

so you had a NIC {ethernet network card } installed in a PCI slot

correct?

you may have another motherboard card

I'll look thriough the manual

EDIT page 3 shows a LAN connection on the back


----------



## etaf (Oct 2, 2003)

http://www.fmdrivers.net/drivers/Gateway/E1400/

i think these are the network drivers for the PC
http://www.fmdrivers.net/drivers/Gateway/E1400/network/

Intel(r) 82559 Fast Etherlink, version 3.1.2 for Microsoft(r) Windows(r) 95, Windows 98, Windows 98 SE, and Windows NT(r)


----------



## ~Candy~ (Jan 27, 2001)

I'm having a strange thought here. What if he has the ethernet cable plugged into the add in card, and we're trying to get an IP CONFIG on the onboard? 

Can we get a confirmation as to where the cable is plugged into on the back of the computer please?


----------



## Jme0724 (Jul 6, 2005)

The cable is plugged into the slot that looks like a large telephone plug.


----------



## etaf (Oct 2, 2003)

yep - my thoughts - or the PCI card has failed 
waiting confirmation of the correct manual posted........

also the gateway serial number would be useful to get info off there support site - the drivers i posted may not work on XP

can you look at the manuall - is it the one on page 3 - so betwen mouse and serial connection

and have you got another one anywhere in the PCI slots - which are at the top of the box


----------



## ~Candy~ (Jan 27, 2001)

Ok, I'm still thinking here. The laptop is connected wirelessly, correct?

Have we tried to shut the modem and router down for 5 minutes, then plug them back in, and restart BOTH computers.

Also, have we tried connecting the computer directly to the modem?

Sorry, if this has been gone over prior, I'm still multi-tasking, and I can't remotely operate my washing machine yet


----------



## ~Candy~ (Jan 27, 2001)

Jme0724 said:


> The cable is plugged into the slot that looks like a large telephone plug.


But there may be two......one further down the tower, and one closer to the top.


----------



## Jme0724 (Jul 6, 2005)

the seriel number is: 0019685799. Is the manual on the gateway site that you are referring to?


----------



## etaf (Oct 2, 2003)

post #76 i posted the link to the PDF manual

so starting from post #80
can we just check my questions and AcaCandy questions


----------



## Jme0724 (Jul 6, 2005)

Sorry for some reason my internet connection dropped on my laptop. 
answer to 81 and 82 :I unplugged everything, waited and replugged and rebooted both machines. Still no internet connection. The cable is plugged into the top slot on the tower there is not another slot for a cable.
Also the laptop is connected wirelessly through the router.

Etaf: The manual page 3 is the right tower, thats the one I have


----------



## etaf (Oct 2, 2003)

OK so on that page you have plugs along the bottom listed left to right

line in / line out / USB ports / keyboard / mouse / RJ45 - the LAN on board {is it plugged in here } / serial port / video port

if it is 
going up the page - there are two slots - this is where two PCI cards could be put - do you have anything in those slot positiions


----------



## Jme0724 (Jul 6, 2005)

It is plugged in right above the mouse and the two slots beside the serial port/video port are empty. There are no cards in the slots


----------



## etaf (Oct 2, 2003)

OK - so now I am confused - without looking back in the posts - cause theres loads now  #63
did you say you purchased a NIC LAN ethernet card ???


----------



## Jme0724 (Jul 6, 2005)

Sorry, I didn't purchase it, the university store which I bought the computer through automatically installed the ethernet cards. I am not sure if it was in there from the factory or if they installed it afterwards, but when I brought the system home it was all in there.


----------



## etaf (Oct 2, 2003)

OK
1) the manual shows a factory installed LAN
2) the info in device manage indicates a motherboard NIC 
3) the drivers listed for your system and serial number do not show a NIC driver

so .... 

have you pulled the cable out of the back of the desktop and plug into the laptop
then goto start>run>cmd>ipconfig /release and ipconfig /renew 
see if it picks up an IP for the ethernet device on the laptop

post IPCONFIG /ALL


----------



## ~Candy~ (Jan 27, 2001)

Can we take the router out of the issue, and plug the desktop directly to the cable modem? Do the shutdown for 5 again, then reboot the desktop. That way we may be able to figure out if something happened to the onboard nic?

As a side note, you've unplugged the ethernet cord and plugged it back in (on both sides, to be sure it is secure)?


----------



## Jme0724 (Jul 6, 2005)

etaf said:


> OK
> 1) the manual shows a factory installed LAN
> 2) the info in device manage indicates a motherboard NIC
> 3) the drivers listed for your system and serial number do not show a NIC driver
> ...


I cannot get the system info to copy/paste.


----------



## etaf (Oct 2, 2003)

this is on the laptop - why can you not get the info - you post the ipconfig from the laptop before

or does the laptop now have the same symptoms as the desktop


----------



## ~Candy~ (Jan 27, 2001)

etaf said:


> what else is connected tot he router -??
> 
> can you post an ipconfig /all
> 
> ...


See this post again.


----------



## Jme0724 (Jul 6, 2005)

etaf said:


> this is on the laptop - why can you not get the info - you post the ipconfig from the laptop before
> 
> or does the laptop now have the same symptoms as the desktop


No I can get the info, I just can't figure out how to get it to copy and paste to the thread. I put it in wordpad but when i hit paste it doesn' do anything here. I can't remember if I didn something different when I posted it the last time from the laptop.


----------



## Jme0724 (Jul 6, 2005)

AcaCandy said:


> Can we take the router out of the issue, and plug the desktop directly to the cable modem? Do the shutdown for 5 again, then reboot the desktop. That way we may be able to figure out if something happened to the onboard nic?
> 
> As a side note, you've unplugged the ethernet cord and plugged it back in (on both sides, to be sure it is secure)?


I have unplugged the ethernet cord on both sides and plugged it back in. I can try just plugging directly into the cable modem from the desktop.


----------



## ~Candy~ (Jan 27, 2001)

Try to get the IP info first. I posted above the reminder on how to do it.


----------



## Jme0724 (Jul 6, 2005)

Sorry guys, My heads in twenty different places today. Heres the Ipconfig all for the laptop :



Windows IP Configuration



Host Name . . . . . . . . . . . . : Jamie

Primary Dns Suffix . . . . . . . : 

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : nc.hr.cox.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : nc.hr.cox.net

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-08-0D-09-14-13

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Tuesday, June 20, 2006 12:16:38 PM

Lease Expires . . . . . . . . . . : Friday, June 23, 2006 12:16:38 PM


----------



## etaf (Oct 2, 2003)

no wireless shown there - the laptop is now using the same cable as the desktop was using

can you do 
ipconfig /release

let us know what happens

post a ipconfig /all

then do a ipconfig /renew

and post ipconfig /all again


----------



## ~Candy~ (Jan 27, 2001)

Ok, and you can connect to the internet. So, we've ruled out a bad cable 

etaf, it assigned .03 this time instead of .02.


----------



## etaf (Oct 2, 2003)

yea the other lease has not expired - so it would give a new IP 
but is there any wireless involved here .....on the laptop - i have lost the plot [email protected])


----------



## Jme0724 (Jul 6, 2005)

after ipconfig release:



Windows IP Configuration



Host Name . . . . . . . . . . . . : Jamie

Primary Dns Suffix . . . . . . . : 

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : 

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-08-0D-09-14-13

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . : 

DHCP Server . . . . . . . . . . . : 255.255.255.255


----------



## ~Candy~ (Jan 27, 2001)

Yeah, it looks like my laptop, if I plug the lan cable in, my wireless gets disabled.

Unless I'm missing something in the plot


----------



## ~Candy~ (Jan 27, 2001)

Jme0724 said:


> after ipconfig release:
> 
> Windows IP Configuration
> 
> ...


Now, you have to do renew


----------



## Jme0724 (Jul 6, 2005)

after ip config renew:



Windows IP Configuration



Host Name . . . . . . . . . . . . : Jamie

Primary Dns Suffix . . . . . . . : 

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : nc.hr.cox.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : nc.hr.cox.net

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-08-0D-09-14-13

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Tuesday, June 20, 2006 12:41:33 PM

Lease Expires . . . . . . . . . . : Friday, June 23, 2006 12:41:33 PM


----------



## ~Candy~ (Jan 27, 2001)

By the way, the lease did expire, it was Thursday in the other post, now it's Friday. 

Oops, there the dryer ding ding, I shall return


----------



## etaf (Oct 2, 2003)

cool - mine doesn't - but thats cool 
so we know the cable router conenctions etc are all OK now 

so back to the Desktop with the phantom NIC installation


----------



## Jme0724 (Jul 6, 2005)

haha. yes I think you're right. It was 2000 when I purchased the desktop and I just remember the university saying that they would install ethernet cards on desktops that needed them so that we could plug into the network on campus from the dorms etc. But like I said it was so long ago and they kinda did everything and just delievered the pc to my room in a box  So are we uninstalling the NIC?


----------



## Jme0724 (Jul 6, 2005)

etaf said:


> cool - mine doesn't - but thats cool
> so we know the cable router conenctions etc are all OK now
> 
> so back to the Desktop with the phantom NIC installation


Just for refernce my laptop is a toshiba satellite A15-S127.


----------



## etaf (Oct 2, 2003)

i cant find a driver on the gateway website for your model and serial number listed - no NIC driver, most everything else - so i guess for XP it uses the windows OK

i changed to win98 {which i know often needs drivers and one appeared} and a driver appeared - so i am making an assumption that its not required for XP - so yep - uninstall from device manager
then reboot
XP should detect new hardware and install drivers


----------



## ~Candy~ (Jan 27, 2001)

Jme0724 said:


> Just for refernce my laptop is a toshiba satellite A15-S127.


Mine is a Toshiba Satellite P35-S6112


----------



## Jme0724 (Jul 6, 2005)

ok its uninstalled and rebooted. I have a message saying system confi utility is currently in diagnostic or selective startup mode causing this message to be displayed and the utility to run every time windows starts. should i click ok?


----------



## Jme0724 (Jul 6, 2005)

it has found new hardware ethernet controller


----------



## Jme0724 (Jul 6, 2005)

what should i do next?


----------



## ~Candy~ (Jan 27, 2001)

etaf, I've been googling....found this, perhaps you can walk him through this if removing the nic card from DM doesn't work.

http://www.cybertechhelp.com/forums/showthread.php?t=59658&page=2


----------



## etaf (Oct 2, 2003)

> I have a message saying system confi utility is currently in diagnostic or selective startup mode causing this message to be displayed and the utility to run every time windows starts. should i click ok?


that just means you have changed some startups - so you can ignore

Now put the ethernet cable back in and we start again

1) device manager under networks adapter - make sure it there again
2) IPCONFIG /ALL

post results


----------



## ~Candy~ (Jan 27, 2001)

Jme0724 said:


> it has found new hardware ethernet controller


Continue on.....allow it to search for the driver.


----------



## etaf (Oct 2, 2003)

AcaCandy - yep

I picked this up from the network forum a while ago -



> The easy way may be to reset the TCP/IP stack to factory defaults.
> 
> TCP/IP stack repair options for use with Windows XP with SP2.
> 
> ...


still reading posts in your link witin a link 
http://www.techwarelabs.com/communi...start=15&sid=1337f067eb4813fa4f1b75752cd73544


----------



## Jme0724 (Jul 6, 2005)

ok it is back under the DM under network adapters. Ip config is still giving me that same error message: internal error occurred: The request is not supported. unable to query host name. ?


----------



## Jme0724 (Jul 6, 2005)

under network connections it says LAC 2 network cable unplugged but it lists the intel 82559. No cables are unplugged though.


----------



## etaf (Oct 2, 2003)

do you have SP2 installed
start>
control panel>
system>
should be listed there


----------



## ~Candy~ (Jan 27, 2001)

Double check 

Perhaps even flip the cable around, the part that goes to the router, plug into the desktop....just for fun. I know it sounds crazy


----------



## ~Candy~ (Jan 27, 2001)

etaf said:


> do you have SP2 installed
> start>
> control panel>
> system>
> should be listed there


Yeah, he said that earlier.

Gosh, I'm hoping he's a he, since I keep doing that


----------



## etaf (Oct 2, 2003)

> under network connections it says LAC 2 network cable unplugged but it lists the intel 82559. No cables are unplugged though.


OK - we can come back to that


----------



## etaf (Oct 2, 2003)

from a bost by Bob Cerelli & quoted yused by terrynet etc
http://forums.techguy.org/networkin...ower.html?highlight=netsh+int+reset+reset.log



> WINDOWSXP with SP2
> 
> There is a new command you can run with SP2 which will reset the Winsock2 registry entries back to their default setting:
> netsh winsock reset catalog
> ...


----------



## Jme0724 (Jul 6, 2005)

actually I am a She  its ok i get it alot with the name Jamie. I do have SP 2 XP.


----------



## Jme0724 (Jul 6, 2005)

flipped the cables no luck there


----------



## Jme0724 (Jul 6, 2005)

etaf said:


> from a bost by Bob Cerelli & quoted yused by terrynet etc
> http://forums.techguy.org/networkin...ower.html?highlight=netsh+int+reset+reset.log


Should I try this?


----------



## etaf (Oct 2, 2003)

AcaCandy - any ideas or should we try post #125 or did you see something else in that google searched link


----------



## ~Candy~ (Jan 27, 2001)

Jme0724 said:


> actually I am a She  its ok i get it alot with the name Jamie. I do have SP 2 XP.




Oops. I have the same thing happen to me  All these men around here think that women can't fix computers


----------



## ~Candy~ (Jan 27, 2001)

etaf said:


> AcaCandy - any ideas or should we try post #125 or did you see something else in that google searched link


Go for it. It is beginning to sound like something happened to the onboard LAN 

But, the good news is, a PCI add in card is really cheap.


----------



## Jme0724 (Jul 6, 2005)

its ok  So where should I start with trying post # 125 the link or the commands?


----------



## etaf (Oct 2, 2003)

the commands - but make sure you get them coorect


----------



## Jme0724 (Jul 6, 2005)

For these commands, Start, Run, CMD to open a command prompt.

Reset WINSOCK entries to installation defaults: netsh winsock reset catalog

Reset TCP/IP stack to installation defaults. netsh int ip reset reset.log

are these the right ones?


----------



## etaf (Oct 2, 2003)

yep 
open a dos window
start>
run>
cmd>
a black box opens
so the command is

netsh winsock reset catalog


----------



## etaf (Oct 2, 2003)

then 
in the same black box type

netsh int ip reset reset.log


----------



## Jme0724 (Jul 6, 2005)

ok i did the reset it says successfully reset the winsock catalog. need to restart in order to complete. Should I restart first then do the reset of TCP/IP or do that now then restart?


----------



## Jme0724 (Jul 6, 2005)

ok did them both after the second one : reset TCP/IP it just gave me the C:\ prompt line again. I will reboot now and see what happens


----------



## Jme0724 (Jul 6, 2005)

ok rebooted ran ipconfig same internal error messag: request not supported.


----------



## ~Candy~ (Jan 27, 2001)

How about an add in nic card? Something could have fried the onboard.


----------



## Jme0724 (Jul 6, 2005)

I've read in a few forums about chaning the Path command, do you think that may work?
under the environment variables.


----------



## etaf (Oct 2, 2003)

you mean this type of thing acacandy posted
http://www.techwarelabs.com/communi...start=15&sid=1337f067eb4813fa4f1b75752cd73544


> b) when I tried to run ipconfig from the Run menu, I would get an error message telling me that ipconfig is not a recognized and that Windows could look online for the right program or I could select from a list
> 
> Well, I fixed a) by going to Computer -> Properties -> Advanced -> Environment variables and replacing the PATH command (that somehow had been repplaced leading a folder for my Treo?) with C:\Windows;C:\Windows\System32, my ipconfig/all at the DOS prompt works, thought it still doesn't from the RUN menu.
> 
> now that a) has been addressed, do people have any thoughts about b)?


----------



## Jme0724 (Jul 6, 2005)

so you're thinking its the card and not a adware/virus problem? Can I just get one from a computer store?


----------



## Jme0724 (Jul 6, 2005)

etaf said:


> you mean this type of thing acacandy posted
> http://www.techwarelabs.com/communi...start=15&sid=1337f067eb4813fa4f1b75752cd73544


Yes, do you think that may help? I have ran ad-adware Se as well.


----------



## etaf (Oct 2, 2003)

give it ago

do you have a full XP CD


----------



## ~Candy~ (Jan 27, 2001)

Jme0724 said:


> so you're thinking its the card and not a adware/virus problem? Can I just get one from a computer store?


At this point, that is what I'm thinking, but go ahead and try the other options.

They run anywhere from $4 to $12. I have 3 spare ones in Acapulco, no spare ones here (I'm in Las Vegas currently), otherwise, I'd just offer to mail you one, as I'll never use that many. I repair systems and always end up with other user's parts, plus I'm a free after rebate freak


----------



## etaf (Oct 2, 2003)

i'm not sure - because I cant remember but other things in XP were not running quite right - is that correct sorry - my memory not so good today

yes you can get an NIC card quite cheaply it would slot into the PCI slot - acacandy beat me   

it could be a virus / spyware I guess - so thats a hjt log

alsothinking of a non-destructive repair with a full XP CD


----------



## Jme0724 (Jul 6, 2005)

I appreciate that. I do havea full XP Cd. Should I try downloading the winsockxpfix or is that basically what I just did with the commands? I can purchase a new card if thats the problem? Which it seems it may be at this point. I'm just hoping it wasn't malware related? Especially since my system restore is not executing either? Wonder if thats related?


----------



## etaf (Oct 2, 2003)

you may want to read through and try the things here 
http://www.techwarelabs.com/communi...start=15&sid=1337f067eb4813fa4f1b75752cd73544


----------



## Jme0724 (Jul 6, 2005)

I can download HJT on my laptop in the zip file and get it to the desk top if you think I should go that route first. If it is virus related then putting the new card in there wouldn't work either right? I could also try the non-destructive repair with the XP cd


----------



## etaf (Oct 2, 2003)

a re-install of XP non-destructive 
http://forums.techguy.org/windows-nt-2000-xp/476585-xps-no-reformat-nondestructive-total.html


----------



## etaf (Oct 2, 2003)

a hjt log would be good - your right if its a network issue with TCP/IP or other software then a NIC would not work - its a case of whats the easier to faultfnd now...

BUT i cannot decode a log and so we need someone from the secruity forum to have a look


----------



## Jme0724 (Jul 6, 2005)

Yeah, I was reading through some of that earlier, seems like a similar problem. I will try some of those things. If that doesn't work, what do I need to do to do the repair with XP Cd just put it in and choose it from the options list?


----------



## Jme0724 (Jul 6, 2005)

ok sorry, just saw your post about the non-destructive repair. I will go through the steps of all of those things.

I will let you know if any work, or if I get the new card. I really appreciate both of you taking your time to help me. I will keep you posted on the status. I think I'll take a little break for now . At least my laptop is working, so its not as bad as it could be  Thanks again. I will let you know how it goes


----------



## etaf (Oct 2, 2003)

cool, i'm in UK - so my bedtime now


----------



## ~Candy~ (Jan 27, 2001)

I'd like to see a hijack log before a repair install please.

Night night etaf


----------



## Jme0724 (Jul 6, 2005)

Ok I will get one over to you.


----------



## Jme0724 (Jul 6, 2005)

AcaCandy said:


> I'd like to see a hijack log before a repair install please.
> 
> Night night etaf


I appreciate you looking at this for me 

Logfile of HijackThis v1.99.1
Scan saved at 6:39:53 PM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecu.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CrypticDisk] "C:\Program Files\Cryptic Disk\CrypticDisk.exe" /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [CrypticDisk] "C:\Program Files\Cryptic Disk\CrypticDisk.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe


----------



## ~Candy~ (Jan 27, 2001)

I've asked someone else to look at the log 

Not my strong point


----------



## Cookiegal (Aug 27, 2003)

Download the trial version of Ewido Anti-Malware *here*.
Install ewido.
During the installation, under "Additional Options" *uncheck* "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click *update*
Click on *Start* and let it update.
*DO NOT* run a scan yet. You will do that later in safe mode.

If you are having problems with the updater, you can use this link to manually update ewido:

ewido manual updates

*Click here* for info on how to boot to safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:

Run Ewido:
Click on *scanner*
Click *Complete System Scan* and the scan will begin.
During the scan it will prompt you to clean files, click *OK*
When the scan is finished, look at the bottom of the screen and click the *Save report* button.
Save the report to your desktop

Restart back into Windows normally now.

Run ActiveScan online virus scan *here*

When the scan is finished, save the results from the scan!

*Come back here and post a new HijackThis log, as well as the logs from the Ewido and Panda scans.*


----------



## ~Candy~ (Jan 27, 2001)

Thanks Cookiegal, I forgot to mention that since this computer has no internet access, she'll have to download them to her working computer, then transfer. So there may be some delay in getting this done....plus, we've been at this most of the day and it could be beer:30   Or wine:30


----------



## Cookiegal (Aug 27, 2003)

Well I didn't read back all six pages. Can you give me a synopsis of what the problem is? Why is there no Internet connection?


----------



## ~Candy~ (Jan 27, 2001)

Because we either have an onboard network card that was blown, or there is some other problem (although I doubt it) --- spyware, virus, etc. where we can't get an IP config/all readout.


----------



## ~Candy~ (Jan 27, 2001)

Jme0724 said:


> ok rebooted ran ipconfig same internal error messag: request not supported.


This is the error message that we get


----------



## Jme0724 (Jul 6, 2005)

Thanks AcaCandy  I will work on downloading the program and getting it to the desktop to run.


----------



## Cookiegal (Aug 27, 2003)

Go to Start - Search and under "More advanced search options". Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools - Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types". Now click "Apply to all folders"
Click "Apply" then "OK"


Let me know if you have this file?

C:\Windows\System32\drivers\tcpip.sys


----------



## ~Candy~ (Jan 27, 2001)

Oh oh, that looks like an important networking file


----------



## Cookiegal (Aug 27, 2003)

Yes, it's a network driver. That error message you get when you try ipconfig could be relating to it being missing or corrupt according to my research. It can be copied from the dll cache.


----------



## Jme0724 (Jul 6, 2005)

Here are the ewido scan results: 
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at:	9:15:53 PM 6/20/2006

+ Scan result:

C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B839AABF-DE5E-44C4-9504-253BBA5A61E5}\RP315\A0029891.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Ignored.
C:\System Volume Information\_restore{B839AABF-DE5E-44C4-9504-253BBA5A61E5}\RP315\A0029916.EXE -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4110 : Ignored.
C:\Documents and Settings\Jme0724\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Justin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Justin\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jme0724\Cookies\[email protected][4].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jme0724\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end


----------



## Jme0724 (Jul 6, 2005)

Here is the new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:22:05 PM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\Windows\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecu.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CrypticDisk] "C:\Program Files\Cryptic Disk\CrypticDisk.exe" /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136940397\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [CrypticDisk] "C:\Program Files\Cryptic Disk\CrypticDisk.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

I could not run the panda because my internet on the computer having the problem is not running. If I can download it and transfer it please let me know and I will try that.

Thanks so much


----------



## ~Candy~ (Jan 27, 2001)

Cookiegal said:


> Yes, it's a network driver. That error message you get when you try ipconfig could be relating to it being missing or corrupt according to my research. It can be copied from the dll cache.


Thanks, I think that we definitely need to look into that issue 

:up:


----------



## Jme0724 (Jul 6, 2005)

sorry it took so long, i also didn't realize you had re-posted. I have a problem: I cannot use my search function. When I go into search from start or through my computer I get the little dog and nothing else, no boxes or search fields. Any suggestions?!?


----------



## Jme0724 (Jul 6, 2005)

Ok I couldn't use the search method so I just changed the folder options under view as cookiegal indicated then I manually searched through each folder C:/ windows/system 32/ drivers/ tcpip.sys.

I have a file named tcpip6.sys
Is that what you're looking for?


----------



## Cookiegal (Aug 27, 2003)

No, that one is legit too but the one I asked for doesn't have a 6 in it. Do you not have that file?


----------



## Jme0724 (Jul 6, 2005)

not that I can find under drivers. Like I said my search function is not working for some reason, so if its in another folder then Imay not be seeing it but I followed the folders you gave me and under the drivers the only tcpip file i have is the one with 6 after it.


----------



## Cookiegal (Aug 27, 2003)

Go to the C:\Windows\system32\dllcache folder. 
Find tcpip.sys and right click on it. Choose Copy from the menu. 
Open the C:\windows\system32\*drivers* folder and right click on an empty space in the window. Choose Paste from the menu.

Then see if you can connect to the Internet please.


----------



## Jme0724 (Jul 6, 2005)

I do not have that file listed under the dll cache either. I have tcpip6.sys and tcpipe.sys, the same as is under the drivers folder.


----------



## Jme0724 (Jul 6, 2005)

should i try putting in the reboot cd and doing a recovery for the file?


----------



## Cookiegal (Aug 27, 2003)

I'm signing off for the night but please do the following and I will check the logs in the morning.

Download *WinPFind*
*Right Click* the Zip Folder and Select "*Extract All*"
Extract it somewhere you will remember like the *Desktop*
Dont do anything with it yet!

*Click here* for info on how to boot to safe mode if you don't already know how.

Reboot into Safe Mode.

Double click *WinPFind.exe*
Click "*Start Scan*"
*It will scan the entire System, so please be patient and let it complete.*

Reboot back to Normal Mode!


Go to the *WinPFind folder*
Locate *WinPFind.txt*
Copy and paste WinPFind.txt in your next post here please.

Please open HijackThis.
Click on *Open Misc Tools Section*
Make sure that both boxes beside "Generate StartupList Log" are checked:

*List all minor sections(Full)*
*List Empty Sections(Complete)*
Click *Generate StartupList Log*.
Click *Yes* at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


----------



## Jme0724 (Jul 6, 2005)

ok will do thanks so much for your help. good night


----------



## Jme0724 (Jul 6, 2005)

Here is the text file from the Winpfind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 10/3/2005 11:59:22 AM 26161916 C:\NAV05ENG.exe
PEC2 10/3/2005 11:59:22 AM 26161916 C:\NAV05ENG.exe

Checking %ProgramFilesDir% folder...
UPX! 8/31/2005 8:56:44 PM 26161916 C:\Program Files\NAV05ENG.exe
PEC2 8/31/2005 8:56:44 PM 26161916 C:\Program Files\NAV05ENG.exe

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/4/2004 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
winsync 8/4/2004 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
aspack 8/4/2004 12:00:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
PECompact2 6/8/2006 9:19:50 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 6/8/2006 9:19:50 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 8/4/2004 12:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
PTech 4/10/2006 1:00:34 PM 555824 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
6/20/2006 10:16:04 PM S 2048 C:\WINDOWS\bootstat.dat
6/16/2006 7:12:24 PM H 8192 C:\WINDOWS\$NtUninstallKB911280$
6/16/2006 7:13:20 PM H 8192 C:\WINDOWS\$NtUninstallKB917953$
6/16/2006 7:13:34 PM H 8192 C:\WINDOWS\$NtUninstallKB917344$
6/16/2006 7:13:46 PM H 8192 C:\WINDOWS\$NtUninstallKB918439$
6/20/2006 10:14:56 PM H 770048 C:\WINDOWS\SYSTEM32\config\system.LOG
6/20/2006 10:14:56 PM H 65536 C:\WINDOWS\SYSTEM32\config\software.LOG
6/20/2006 10:14:56 PM H 8192 C:\WINDOWS\SYSTEM32\config\default.LOG
6/20/2006 10:16:20 PM H 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG
6/20/2006 10:16:06 PM H 12288 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG
6/19/2006 10:57:14 AM H 1024 C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.dat.LOG
5/14/2006 6:21:52 AM S 13309 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
5/4/2006 6:37:36 PM S 7898 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917734.cat
5/11/2006 11:13:22 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred
5/11/2006 11:13:22 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\2ebe24d9-90c0-47be-87ea-d82c145f92b2
6/20/2006 10:14:52 PM H 6 C:\WINDOWS\TASKS\SA.DAT
6/20/2006 10:14:48 PM S 64 C:\WINDOWS\CSC\00000001
6/18/2006 7:37:28 PM S 64 C:\WINDOWS\CSC\csc1.tmp
6/18/2006 9:06:36 PM S 64 C:\WINDOWS\CSC\00000002

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 7:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
3/7/2006 9:35:52 PM 1668 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
8/30/2005 3:02:08 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
2/24/2005 7:44:22 PM 1641 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/30/2005 2:35:42 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
8/30/2005 3:02:08 PM HS 84 C:\Documents and Settings\Jme0724\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
8/30/2005 2:35:42 PM HS 62 C:\Documents and Settings\Jme0724\Application Data\desktop.ini
12/29/2005 10:11:44 AM 68016 C:\Documents and Settings\Jme0724\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 = 
DigExt =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ButtonText = Create Mobile Favorite	: 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
MenuText = Create Mobile Favorite...	: C:\Program Files\Microsoft ActiveSync\INetRepl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger	: C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Microsoft SearchBand = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address	: %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = : 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address	: %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links	: %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar	: 
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SystemTray	SysTray.Exe
HPDJ Taskbar Utility	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
HPHmon03	C:\WINDOWS\system32\hphmon03.exe
ViewMgr	C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
QuickTime Task	"C:\Program Files\QuickTime\qttask.exe" -atboottime
CrypticDisk	"C:\Program Files\Cryptic Disk\CrypticDisk.exe" /tray
HP Software Update	C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
!ewido	"C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
HostManager	C:\Program Files\Common Files\AOL\1136940397\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL	Installed = 1
MAPI	Installed = 1
MSFS	Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
H/PC Connection Agent	"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
CrypticDisk	"C:\Program Files\Cryptic Disk\CrypticDisk.exe" /tray
MSMSGS	"C:\Program Files\Messenger\msmsgs.exe" /background
updateMgr	"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
Aim6	"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini	0
win.ini	0
bootini	0
services	0
startup	0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername	0
legalnoticecaption	
legalnoticetext	
shutdownwithoutlogon	1
undockwithoutlogon	1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun	145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools	0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit	= C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1	- Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6/20/2006 10:28:35 PM


----------



## Jme0724 (Jul 6, 2005)

Here is the generate startup list log from hijack this:

StartupList report, 6/20/2006, 10:35:10 PM
StartupList version: 1.52.2
Started from : C:\hijack this\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\Windows\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\AOL\1136940397\ee\AOLSoftware.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijack this\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Jme0724\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
HPHmon03 = C:\WINDOWS\system32\hphmon03.exe
ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
CrypticDisk = "C:\Program Files\Cryptic Disk\CrypticDisk.exe" /tray
HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
!ewido = "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
HostManager = C:\Program Files\Common Files\AOL\1136940397\ee\AOLSoftware.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
CrypticDisk = "C:\Program Files\Cryptic Disk\CrypticDisk.exe" /tray
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
updateMgr = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
Aim6 = "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exeadvpack.dll

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Internet Explorer Classes for Java]
CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab
OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[cpbrkpie Control]
InProcServer32 = C:\WINDOWS\cpbrkpie.ocx
CODEBASE = http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\FLASH.OCX
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\rsvpsp.dll
Protocol #11: C:\WINDOWS\system32\rsvpsp.dll

--------------------------------------------------

*it was too large to fit, will post remaining to follow *


----------



## Jme0724 (Jul 6, 2005)

Enumerating Windows NT/2000/XP services

Intel(r) 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Belarc SMBios Access: \SystemRoot\System32\Drivers\BANTExt.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
CrypticDisk: \??\C:\WINDOWS\system32\Drivers\CrypticDisk.sys (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
MS IEEE-1284.4 Driver: system32\DRIVERS\Dot4.sys (manual start)
Dot4 HPH09: system32\DRIVERS\hphid409.sys (manual start)
Print Class Driver for IEEE-1284.4: system32\DRIVERS\Dot4Prt.sys (manual start)
Print Class Driver for IEEE-1284.4 HPH09: system32\DRIVERS\hphipr09.sys (manual start)
Storage Class Driver for IEEE-1284.4 (HPH09): System32\Drivers\hphs2k09.sys (manual start)
Dot4USB Filter Dot4USB Filter: system32\DRIVERS\dot4usb.sys (manual start)
Dot4Usb HPH09: System32\drivers\hphius09.sys (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel(R) PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
ewido anti-spyware 4.0 driver: \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys (system)
ewido anti-spyware 4.0 guard: C:\Program Files\ewido anti-spyware 4.0\guard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
HCF_MSFT: system32\DRIVERS\HCF_MSFT.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
i81x: system32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: system32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: system32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: system32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: system32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: system32\DRIVERS\wVchNTxx.sys (manual start)
iAimFP5: system32\DRIVERS\wADV07nt.sys (manual start)
iAimFP6: system32\DRIVERS\wADV08nt.sys (manual start)
iAimFP7: system32\DRIVERS\wADV09nt.sys (manual start)
iAimTV0: system32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: system32\DRIVERS\wATV02NT.sys (manual start)
iAimTV3: system32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: system32\DRIVERS\wCh7xxNT.sys (manual start)
iAimTV5: system32\DRIVERS\wATV10nt.sys (manual start)
iAimTV6: system32\DRIVERS\wATV06nt.sys (manual start)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Intel PentiumIII Processor Driver: system32\DRIVERS\p3.sys (system)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver: C:\WINDOWS\system32\HPHipm09.exe (manual start)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{7E93ECEA-32F7-4B7A-9EE0-E8BF2E04CF21} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Windows CE USB Serial Host Driver: system32\DRIVERS\wceusbsh.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 33,016 bytes
Report generated in 0.450 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Jme0724 (Jul 6, 2005)

Sorry had to break the hjt startup list log into 2 posts, it was too large to fit in one. I will be back on in the morning to check the posts. Thanks again for your help.


----------



## Cookiegal (Aug 27, 2003)

Before trying anything else, let's try this winsock repair.

If you have suddenly lost your Internet connection after removing spy-ware (such as NewDotNet, and Commonname) the following steps will help restore your connection. This works for Windows 9x/NT/2000/XP.

1.) Download http://www.tacktech.com/pub/winsockfix/WinsockFix.zip. (by: Option^Explicit) or http://www.spychecker.com/program/winsockxpfix.html
2.) UnZip WinsockFix.zip (Pay close attention to where the file is extracted to.)
3.) Run WinsockFix.exe.
4.) Click the Fix button.

This program will clean up your TCP/IP connection and rebuild the database. After the program is complete, reboot and let us know if your connection is restored.


----------



## Jme0724 (Jul 6, 2005)

Ran the Winsock Fix and rebooted, still no internet connection.


----------



## Jme0724 (Jul 6, 2005)

ipconfig/all gives me the same internal error message


----------



## Cookiegal (Aug 27, 2003)

Try running this tool please.

http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.removal.tool.html


----------



## Jme0724 (Jul 6, 2005)

I ran this above tool and received the followng message when it completed:

"W32.Sober [B-G, I, L, N, O, Q, V, W, X] has not been found on your computer"


----------



## ~Candy~ (Jan 27, 2001)

Still going, huh? Ok, I'm back, I'll just follow along


----------



## Jme0724 (Jul 6, 2005)

I have a meeting to go to at 12:00 so I will be gone for the next hour and a half or so. I will check back when I return to see if anything new has been posted. Thank you so much for your countinued time and help. This is getting a bit frustrating, and I'd be completely lost without all of your advice  Thanks


----------



## Cookiegal (Aug 27, 2003)

Go to the Run box on the Start Menu and type in:

*sfc /scannow*

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.

You may be prompted to insert the XP CD.


----------



## Jme0724 (Jul 6, 2005)

Ok I'm back,and I'm trying the last post


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## Jme0724 (Jul 6, 2005)

When I do this it flashes the cmd window and closes out quickly?


----------



## Jme0724 (Jul 6, 2005)

I'm sorry I must have had too many spaces. It is working now. It is verifying the windows files now....


----------



## etaf (Oct 2, 2003)

just so you know I'm following along with interest too....


----------



## ~Candy~ (Jan 27, 2001)

Time for a group hug


----------



## Jme0724 (Jul 6, 2005)

it says files that are required for windows to run properly must be copied to the Dll cache. insert windows xp pro sp 2 cd now. I am inserting cd....


----------



## ~Candy~ (Jan 27, 2001)

Hopefully it's that tricky tcpip file


----------



## Jme0724 (Jul 6, 2005)

Welcome back


----------



## Jme0724 (Jul 6, 2005)

I'm hoping. ANy ideas on how it could have been missing? Can a virus/malware do that?


----------



## Jme0724 (Jul 6, 2005)

Its still running, taking a little bit of time.....


----------



## Jme0724 (Jul 6, 2005)

ok it is finished running, should i reboot it?


----------



## ~Candy~ (Jan 27, 2001)

Yes, why not?


----------



## Jme0724 (Jul 6, 2005)

Still no internet


----------



## Jme0724 (Jul 6, 2005)

same internal error msg from ipconfig/all


----------



## Jme0724 (Jul 6, 2005)

still no search function or system restore capability? I found the tcpip.sys file which was put back under dll cache, and copy and pasted it into drivers, however there is still no connection. I'll try restarting computer.


----------



## Jme0724 (Jul 6, 2005)

haven't rebooted yet, but I am getting a ipconfig /all now


----------



## Jme0724 (Jul 6, 2005)

Heres the ipconfig/all from the desktop:



Windows IP Configuration



Host Name . . . . . . . . . . . . : computer

Primary Dns Suffix . . . . . . . : 

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : 

Description . . . . . . . . . . . : Intel(R) 82559 Fast Ethernet LOM with Alert on LAN 2*

Physical Address. . . . . . . . . : 00-D0-B7-AC-ED-DB

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . : 

DHCP Server . . . . . . . . . . . : 0.0.0.0


----------



## ~Candy~ (Jan 27, 2001)

Ok, GOOD NEWS 

Have you rebooted yet? If not, please do so.


----------



## Jme0724 (Jul 6, 2005)

rebooting now


----------



## Jme0724 (Jul 6, 2005)

I have internet! Yay!


----------



## Jme0724 (Jul 6, 2005)

Now, how do I make sure this doesn't happen again? Also, my search function and system restore are still not operating , any suggestions there? and since I took off Norton I only have ewido now. Should I put Norton back on?


----------



## ~Candy~ (Jan 27, 2001)

YEEEEEEEEEEEEEEAAAAAAAAAAAAAAAAAAAAAAAAAAA    

WHEW! What a long thread. You can mark it solved using the THREAD TOOLS drop down menu...I'll give you the honor  


A really big thanks to Karen (Cookiegal)


----------



## ~Candy~ (Jan 27, 2001)

Jme0724 said:


> Now, how do I make sure this doesn't happen again? Also, my search function and system restore are still not operating , any suggestions there? and since I took off Norton I only have ewido now. Should I put Norton back on?


OOPS....forgot about the other issues 

I would suggest the free download of AVG.

Karen probably has some ideas on the system restore problem too


----------



## etaf (Oct 2, 2003)

A really big thanks to Karen (Cookiegal)   and from me too.

Big team hug .........


----------



## Jme0724 (Jul 6, 2005)

ok Great I will dwnld AVG and see what Karen suggests for the system restore/search problem. I just want to make sure if it was a virus or something that caused it that its wiped off the system, you know? Thanks SO much to all of your for your help!


----------



## ~Candy~ (Jan 27, 2001)

She's on IM with me on Yahoo now, I'm sure she'll reply soon


----------



## Jme0724 (Jul 6, 2005)

ok great. thanks. I know we're all ready to mark this thread solved  You guys have been great!


----------



## Cookiegal (Aug 27, 2003)

OK, I'm happy this worked out and I'm all for a group hug! One can never have enough of those. 

I'm sure this was caused by viral activity as are the remaining problems and we should be able to clear those up as well.

I'm looking over the logs you posted earlier again and while I'm doing that, can you run the Panda scan that you couldn't run earlier please.

Run ActiveScan online virus scan *here*

When the scan is finished, save the results from the scan and post them here please.


----------



## Jme0724 (Jul 6, 2005)

sure, will do that now


----------



## Jme0724 (Jul 6, 2005)

Hmm, when I click on scan your pc it does nothing. I tried clicking free online scan in the top right column as well and it did nothing? Am I missing something?


----------



## Jme0724 (Jul 6, 2005)

I found another link on the page and it is now installing the panda active scan , hopefully its the same, I will let you know when I run it and get the results


----------



## Jme0724 (Jul 6, 2005)

ok well that doesn't do anything except for open me to the same page where for some reason the button will not execute? Not sure why? Should I run AVG?


----------



## etaf (Oct 2, 2003)

do you have a popup blocker ???

http://www.pandasoftware.com/products/activescan.htm

this page should have a scan button

then when you click on that a window pops up with
Check now

EDIT 
Pictures


----------



## Jme0724 (Jul 6, 2005)

I disabled it, or so I thought anyways, I'll look again.


----------



## etaf (Oct 2, 2003)

see post i edited with pictures


----------



## Jme0724 (Jul 6, 2005)

thats the link I've been trying but nothing happens when I click the scan button.? I have avg and ewido downloaded do you think they have a pop up blocker that could be blocking it?


----------



## Jme0724 (Jul 6, 2005)

I exited both avg and ewido so they should not be conflicting. ?


----------



## etaf (Oct 2, 2003)

it could be a few issues stopping the popup window is not coming up

if its OK with the others 
heres another online scan which does not seem to use pop up windows
http://housecall65.trendmicro.com/


----------



## Cookiegal (Aug 27, 2003)

You could also reset your ActiveX security settings. Go to Internet Options > Security > Internet, press 'default level', then OK. 
Now press "Custom Level." 
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'. 

Then try to run the Panda scan and allow the ActiveX control to download.


----------



## Jme0724 (Jul 6, 2005)

I don't know whats going on. When I open up etafs link I get the trend micro logo in the left and global and countries on the right and nothing else? Should I try downloading the trial version of panda platinum?


----------



## etaf (Oct 2, 2003)

go with Cookiegal suggestion


----------



## Jme0724 (Jul 6, 2005)

Ok my active x settings are now: 1-automatically prompt is disabled. 2-binary... is enabled
3-dwnld signed and unsigned are both prompt 5-initilize and script...is disabled and run active x and plug in is enabled. yet the scan button on panda will still not work?


----------



## Cookiegal (Aug 27, 2003)

Try this please:

Go to Start - Run and type in the following, then click OK. Be sure to include the space between the 2 and the j.

*regsvr32 jscript.dll*


----------



## Jme0724 (Jul 6, 2005)

When I ran it I get the following: Load Library (jscript.dll) failed-The specified module could not be found.

I tried it twice and double checked that I had it typed correctly with the space.


----------



## Cookiegal (Aug 27, 2003)

Jme0724 said:


> Ok my active x settings are now: 1-automatically prompt is disabled. 2-binary... is enabled
> 3-dwnld signed and unsigned are both prompt 5-initilize and script...is disabled and run active x and plug in is enabled. yet the scan button on panda will still not work?


A little further down under "Downloads" do youhave "file download" enabled?


----------



## Jme0724 (Jul 6, 2005)

file download is enabled, however automatic prompting for file download is disabled


----------



## Cookiegal (Aug 27, 2003)

You need that dll file. That's probably why the search companion is not working.

Go to the site and download it to: C:\WINDOWS\SYSTEM32

http://www.dll-files.com/dllindex/dll-files.shtml?jscript


----------



## Jme0724 (Jul 6, 2005)

ok downloaded it and put it in the windows system 32 should I reboot my computer?


----------



## Cookiegal (Aug 27, 2003)

Yes please reboot.


----------



## ~Candy~ (Jan 27, 2001)

When in doubt, reboot


----------



## Jme0724 (Jul 6, 2005)

ok rebooted. and the active scan is now running


----------



## Jme0724 (Jul 6, 2005)

ok the scan ran and now I"m at a screen that says select a device to scan? Which should I chose?


----------



## ~Candy~ (Jan 27, 2001)

The C: drive


----------



## Jme0724 (Jul 6, 2005)

ok scanning my computer


----------



## Jme0724 (Jul 6, 2005)

Still scanning


----------



## ~Candy~ (Jan 27, 2001)

Energizer bunny


----------



## Jme0724 (Jul 6, 2005)

Ok its finally done  heres the report:

Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jme0724\Local Settings\Temp\Cookies\[email protected][1].txt 
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jme0724\Local Settings\Temp\Cookies\[email protected][3].txt 
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Jme0724\Local Settings\Temp\Cookies\[email protected][1].txt 
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jme0724\Local Settings\Temp\Cookies\[email protected][2].txt 
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Jme0724\Local Settings\Temp\Cookies\[email protected][2].txt


----------



## Cookiegal (Aug 27, 2003)

Sorry to put you through all that for just a few cookies.  

Is your search companion working now?


----------



## Jme0724 (Jul 6, 2005)

no problem, at least we know theres nothing else major on there . yes my search companion is working now.


----------



## Jme0724 (Jul 6, 2005)

so is the system restore . Do you know what virus may have caused all this? or how to prevent it? i had norton installed before as well as adaware.


----------



## Cookiegal (Aug 27, 2003)

Unfortunately, I can't identify the specific virus. I suspected Sober because it attacks this particular driver but the tool said it was not found. 

I suspect these problems were all the result of a prior infection that left this damage behind.

There are still some things in system restore to flush out and we will do that in the final step.

How is everything running now?


----------



## Jme0724 (Jul 6, 2005)

oh ok, pretty nasty one none the less. Everything seems to be running well right now. system restore and search companion are executing and the internet seems to be doing fine.


----------



## Cookiegal (Aug 27, 2003)

Great! :up:

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.

*Delete your temporary files:*

In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.

Go to Start - Run and type *%temp%* in the Run box. The Temp folder will open. Click *Edit - Select All* then hit *Delete* to delete the entire contents of the Temp folder.

Finally go to Control Panel - Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

*Empty the recycle bin*.


----------



## Jme0724 (Jul 6, 2005)

Alright everything has been cleared and I made a new restore point. I will download spyware blaster. Should I leave AVG and Ewido and Adadware? or would you recommend the panda software or another antivirus program?


----------



## Cookiegal (Aug 27, 2003)

AVG is a good one but you will also need a firewall such as Zone Alarm, which is very user friendly.

Yes, I recommend using Ad-Aware and SpyBot Search & Destroy regularly as well.

Would you please post a final HijackThis log? I believe there were a couple of minor items that needed to be dealt with and I can't remember if I mentioned them.


----------



## Jme0724 (Jul 6, 2005)

I have a firewall with the router but I will also download the Alarm . So with that and the others I won't need a norton or mcafee program, right?

here is the new hjt log * Thanks 
Logfile of HijackThis v1.99.1
Scan saved at 9:56:06 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\Windows\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\AOL\1136940397\ee\AOLSoftware.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common files\aol\1136940397\ee\aim6.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecu.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CrypticDisk] "C:\Program Files\Cryptic Disk\CrypticDisk.exe" /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136940397\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [CrypticDisk] "C:\Program Files\Cryptic Disk\CrypticDisk.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe


----------



## Cookiegal (Aug 27, 2003)

That's right, you won't need McAfee or Norton and will use up less resources at the same time. 

Go to Control Panel - Add/Remove programs and remove:

*Viewpoint Manager*

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click *fix checked*.

*R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\*

Then you should be good to go.


----------



## Jme0724 (Jul 6, 2005)

Thanks so much! I also see a viewpoint media player...should I keep this or remove it?


----------



## Jme0724 (Jul 6, 2005)

Alright well, it looks like everything is good to go. I guess we can mark this resolved  yay! Big group hug!  Thank you all, acacandy, etaf and cookiegal, so much! I definately recommend this site to my friends for any of their computer troubles. You guys are great! Thanks so much !!!!


----------



## Cookiegal (Aug 27, 2003)

Jme0724 said:


> Thanks so much! I also see a viewpoint media player...should I keep this or remove it?


Please remove Viewpoint Media Player as well.


----------



## Jme0724 (Jul 6, 2005)

ok great! Will do  Thanks again. Have a great night


----------



## ~Candy~ (Jan 27, 2001)

What have I missed? SYSTEM RESTORE is working? 

SEARCH is working?????????



Is it time for another group hug????? 

Oops, I missed a few posts, I see that it is time  

YEAHHHHHHHHHHHHHHHHHH


----------



## Cookiegal (Aug 27, 2003)

You're quite welcome!  

I would just like to add that it was a pleasure working with you as you followed instructions precisely and reported your findings accurately. That makes our job so much easier.


----------



## ~Candy~ (Jan 27, 2001)

Don't forget the solved


----------



## Jme0724 (Jul 6, 2005)

well thank you. You made it very easy to follow and understand, which made it easy for me  I will mark it solved  yeahhhh!!! Thanks again it has been a pleasure working with all you as well.


----------



## ~Candy~ (Jan 27, 2001)

Btw, unless you use OFFICE every day, I'd take this out of startups via start, run, msconfig, startup.

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

When you restart, you'll have a nasty nag message that you've changed something, just say "I DON'T CARE" and make it go away.


----------



## Cookiegal (Aug 27, 2003)

Yeahhh! Group hug!


----------



## Jme0724 (Jul 6, 2005)

oh ok. thanks for the tip. I will do that. I don't use office that often. One quick question, do you know how to get rid of msn messanger. I don't see it under add/remove programs but its in my tray and startup...I don't use it..just curious?


----------



## ~Candy~ (Jan 27, 2001)

We are good 


Thanks again Karen!  We couldn't have done it without you..........


----------



## ~Candy~ (Jan 27, 2001)

Jme0724 said:


> oh ok. thanks for the tip. I will do that. I don't use office that often. One quick question, do you know how to get rid of msn messanger. I don't see it under add/remove programs but its in my tray and startup...I don't use it..just curious?


In the program options, you can choose to not have it run at startup. If you use Outlook Express, you need to be sure it isn't starting from there. If it's not in the add/remove programs, it's probably Windows Messenger and not MSN messenger.....or look at the Windows components....maybe it's there 

The good news is --- Windows Vista (the next OS) won't have it pre-installed


----------



## Jme0724 (Jul 6, 2005)

oh ok gotcaha. I'll look into . its a minor thing...no big deal  Thanks again! Maybe I should have majored in IT and not Psyc hehe. I admire what you guys do


----------



## ~Candy~ (Jan 27, 2001)

I didn't major in anything  I'm trial and error...sometimes big errors  

Mark this solved......so I can see it


----------



## Jme0724 (Jul 6, 2005)

Big group hug and BIG thanks. I'll mark as solved


----------



## ~Candy~ (Jan 27, 2001)

YEAH  

Maybe tonight I won't dream about this thread? 



Nice to work with you "MS" Jamie 

Have a great evening


----------



## Cookiegal (Aug 27, 2003)

AcaCandy said:


> We are good
> 
> Thanks again Karen!  We couldn't have done it without you..........


We make a great team. :up:


----------



## ~Candy~ (Jan 27, 2001)

Cookiegal said:


> We make a great team. :up:


And we can't forget etaf  He's been through this with us as well 

I just may have to nominate him for an MVP award 

If he doesn't have one already


----------



## Cookiegal (Aug 27, 2003)

Of course, Wayne is part of this team!


----------



## etaf (Oct 2, 2003)

thanks guys - glad everythings working all OK now - wow what a thread - I have to second the comment made earlier probably while i was sleeping ..... that its great when someone follows instructions and answer all the questiions posed, it may not seem like it, but it does make things run quicker in the long run... so thanks for that.

cool   :up:


----------

