Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adding computer to router disables other computers


  • Please log in to reply

#1
highland403

highland403

    Member

  • Member
  • PipPipPip
  • 228 posts
I have 3 computers that all have AVG on them and they are all networked through a router. I use one of the computers, call it (A), as a server and keep all of our files on it. No one actually sits at computer (A).

(A) was scanned by AVG and a virus was found that the software couldn't remove. I contacted AVG and they told me how to remove the virus, although I am not sure it was comletely removed.

The virus was located here:
C:\WINNT\System32\Lavan\Kahol.exe:\devcheck.exe
C:\WINNT\System32\Lavan\Kahol.exe:\lock.bat
C:\WINNT\System32\Lavan\Kahol.exe
C:\WINNT\System32\Lavan\lock.bat

AVG had me delete the Lavan directory and all of its files.

About the time I discovered the virus, I started having trouble connecting to the internet. After talking to my ISP, we concluded that the router was bad. So I bought a new router and hooked up my three computers to it.

For some strange reason, I can't access the internet on the other computers when (A) is connected to the router. (A) also won't connect. But when I unplug (A) from the router, the other computers can connect to the internet. I also cannot access the internet from (A) even when it bypasses the router and goes straight into the modem.

Do you have any idea what's going on here and how to fix it?

Any help would be greatly appreciated.
  • 0

Advertisements


#2
Dan

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
Do you recieve any error messages? ie: Limited or no connectiity (on Computer A)? Also, try going to Start, Run, type EVENTVWR. Look under the System and Application logs for Errors (Red circles with X in the middle) or Warnings. If so, what are the messages?

It's possible that the virus corrupted your tcp/ip stack / winsock registry entry. If computer (A) is XP, then download XP TCP/IP Repair. Read the warnings pertaining to this product before you use it. Whilst it can cause no permanent damage (it is easy to undo), you may wish to create a Registry back-up before applying it.

The fact that computer A can never connect to the internet leads me to believe that it is your TCP/IP stack that has been corrupted, however, it would help if you provided some more information.

What OS is Computer A?
On Computer A, goto Start, Run, type CMD, type IPCONFIG /ALL. Post the results.
Can you ping the other computers on the network from Computer A? (Start, Run, type CMD, type PING location - ie: PING 192.168.1.101 or PING YAHOO.COM)
Can you ping websites from Computer A?
Can the other computers ping Computer A?
Can you run a tracert from Computer A to yahoo.com? (Start, Run, type CMD, type TRACERT YAHOO.COM)
  • 0

#3
highland403

highland403

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Dan,

The OS of all 3 computers is Windows 2000

The only error message that comes up is "The page cannot be displayed".

The application log had a warning and the same error many many times:
warning 12/15/05 Event System Firing Agent 4098
error(many) 12/15/05 AVG7 Error 100

The system log had the following warnings and errors:
warning 12/21/05 Dnscache
warning(many) 12/20/05 Mrxsmb
error(many) Dcom
warning Print
warning Remote Access
Error Service Control Manager

ipconfig /all results:
Windows 2000 IP Configuration
Host Name: THG
Primary DNS Suffix:
Node Type: Hybrid
IP Routing Enabled: yes
DNS Suffix Search List: mad.wi.charter.com
Ethernet adaptor local area connection:
Connection-Specific DNS Suffix: mad.wi.charter.com
Description: Intel<R> 82559 Fast Ethernet LAN or Motherboard
Physical Address: 00-03-47-76-57-F6
DHCP Enabled: yes
Auto config Enabled: yes
IP Address: 192.168.1.102
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
DHCP Server: 192.168.1.1
DNS Servers: 24.196.64.53
68.115.71.53
24.159.193.40
Lease Obtained: 12/22/05 8:15
Lease Expires: 12/25/05

I can ping the other computers from computer A and they can ping each other and computer A.
Computer A can't ping yahoo.com or any other website.
A tracert ran from computer A to yahoo.com said "unable to resolve target system name".

If it is a corrupted TCP/IP stack, can it be fixed?

Would it make sense to format the harddrive and reinstall the OS?

Steve
  • 0

#4
Dan

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
Formatting is a little drastic a measure for this situation.

The fact that you can not ping Yahoo.com suggests that you have a DNS Server error (which could be caused by Winsock corruption), and yes, Winsock corruption can be fixed quite easily.

Try pinging Yahoo.com again, however ping it's IP, which is: 66.94.234.13, also run a tracert to Yahoo.com again, but once again attempt to tracert via it's IP (tracert 66.94.234.13). Along with this, try pinging the names of the other computers on your network. Please paste the results of these tests by right-clicking on your Command window, selecting 'Select All', and then pressing ctrl+C; then pasting on this forum.

Let's test for Winsock Corruption:
Goto Start, Run, type msinfo32, press enter. Now, expand the tab 'Components', then 'Network' and then click on 'Protocol'.

You will have ten sections inside Protocol and the section headings will include the following names if the Winsock2 key is clean:
1) MSAFD Tcpip [TCP/IP]
2) MSAFD Tcpip [UDP/IP]
3) RSVP UDP Service Provider
4) RSVP TCP Service Provider
5) MSAFD NetBIOS [\Device\NetBT_Tcpip...
6) MSAFD NetBIOS [\Device\NetBT_Tcpip...
7) MSAFD NetBIOS [\Device\NetBT_Tcpip...
8) MSAFD NetBIOS [\Device\NetBT_Tcpip...
9) MSAFD NetBIOS [\Device\NetBT_Tcpip...
10) MSAFD NetBIOS [\Device\NetBT_Tcpip...

Look through your list, and ensure that you have all of those headings. If you have extra headings, or if some of those headings are different, then you have winsock corruption. If you have winsock corruption, do the following: Goto Start, Run, type CMD, type: netsh int ip reset resetlog.txt - press enter. Your Winsock should now be reset; restart your computer and try to connect to the web; it should now work. If it doesn't, then it's not Winsock corruption.

If all of your Winsock headings look fine, then it must be your DNS Server.
First of all, flush your DNS Cache by going to Start, Run, type CMD, and then type: IPCONFIG /FLUSHDNS - press enter.

Now, try this command:
Start, Run, CMD - Type: nslookup yahoo.com
You should recieve a similar result to this:
Server:  gizmo54ps.bigpond.com
Address:  144.140.71.29

Non-authoritative answer:
Name:	yahoo.com
Addresses:  216.109.112.135, 66.94.234.13
If you don't, then do the following:
(Start, Run, type CMD) 1) Type: nslookup and press enter
2) Type: server 144.140.71.29 and press enter
3) TYpe: nslookup yahoo.com
Now you should recieve a window exactly identical to mine.. If you did, then type exit and press enter and call your ISP and inform them of your situation; they should be able to solve the problem.

If it's not a DNS issue, and also not a Winsock issue, then we'll have to keep on digging..
  • 0

#5
highland403

highland403

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Dan,

Here is the result of pinging, the first time. As you can see, pinging the names of the other computers from computer A did not work. I went to each of those computers and went to Start, Run, CMD and ran ipconfig /all. Neither of these computers had an IP address.

Microsoft Windows 2000 [Version 5.00.2195]
© Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator.MAIN>ping 66.94.234.13

Pinging 66.94.234.13 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 66.94.234.13:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\Administrator.MAIN>tracert 66.94.234.13

Tracing route to 66.94.234.13 over a maximum of 30 hops

1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

C:\Documents and Settings\Administrator.MAIN>ping Renee
Unknown host Renee.

C:\Documents and Settings\Administrator.MAIN>ping Steve
Unknown host Steve.

C:\Documents and Settings\Administrator.MAIN>


At this point I couldn't even access the internet after unplugging computer A from the router. And as you probably guessed, I couldn't access files on computer A either. Panic!?! I didn't do anything that would cause everything to quit. I plugged Computer A back into the router and I am back to where I was, i.e. both computers can talk to computer A if A is not plugged into the router. So I ran the pings you requested again and the pings to the other computers worked as you can see below. By the way, I have to copy the ping results and save them to a file on A. Then unplug A from the router and access the files I saved on A from one of the other computers, and paste the files into this forum. I would have done it this way before, if I would have thought of it. Sorry for rambling on, but this whole thing has got me :tazz: :)


Microsoft Windows 2000 [Version 5.00.2195]
© Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator.MAIN>ping 66.94.234.13

Pinging 66.94.234.13 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 66.94.234.13:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\Administrator.MAIN>tracert 66.94.234.13

Tracing route to 66.94.234.13 over a maximum of 30 hops

1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

C:\Documents and Settings\Administrator.MAIN>ping Renee

Pinging Renee [192.168.1.100] with 32 bytes of data:

Reply from 192.168.1.100: bytes=32 time<10ms TTL=128
Reply from 192.168.1.100: bytes=32 time<10ms TTL=128
Reply from 192.168.1.100: bytes=32 time<10ms TTL=128
Reply from 192.168.1.100: bytes=32 time<10ms TTL=128

Ping statistics for 192.168.1.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\Administrator.MAIN>Ping Steve

Pinging Steve [192.168.1.101] with 32 bytes of data:

Reply from 192.168.1.101: bytes=32 time<10ms TTL=128
Reply from 192.168.1.101: bytes=32 time<10ms TTL=128
Reply from 192.168.1.101: bytes=32 time<10ms TTL=128
Reply from 192.168.1.101: bytes=32 time<10ms TTL=128

Ping statistics for 192.168.1.101:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\Administrator.MAIN>

I checked the Protocol and all of the section headings were the same as what you posted.

I then ran the nslookup. Here is what happened:

Microsoft Windows 2000 [Version 5.00.2195]
© Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator.MAIN>nslookup yahoo.com
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 24.196.64.53: Timed out
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 68.115.71.53: Timed out
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 24.159.193.40: Timed out
*** Default servers are not available
Server: UnKnown
Address: 24.196.64.53

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

C:\Documents and Settings\Administrator.MAIN>nslookup
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 24.196.64.53: Timed out
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 68.115.71.53: Timed out
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 24.159.193.40: Timed out
*** Default servers are not available
Default Server: UnKnown
Address: 24.196.64.53

> server 144.140.71.29
DNS request timed out.
timeout was 2 seconds.
Default Server: [144.140.71.29]
Address: 144.140.71.29

> nslookup yahoo.com
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Can't find address for server yahoo.com: Timed out

What do you think?
  • 0

#6
Dan

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
On Computer (A), when connected to the network, can you release and renew it's IP? Start, Run, CMD, ipconfig /release and then (once it's finished) ipconfig /renew.

Can you ping localhost?

I still have a feeling that something to do with your LSP is corrupted. Please download and run WinSock XP Fix. Whilst it labels itself for 'XP', it is compatible with Windows 2000. Create a Registry back-up before you run the fix though (the program has the option to create the registry back up for you). Let me know what happens after you run this program, and restart your computer.

Thanks.

Edited by Dan G, 23 December 2005 - 02:34 AM.

  • 0

#7
Dan

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
Also, try running the following two commands from Command Prompt (Start, Run, CMD).
1) netsh winsock reset catalog
2) netsh int ip reset reset.log
Once these two commands are finished, reboot your computer and test your connection again.
  • 0

#8
Dan

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
Hm.. My post posted twice... And I can't see any option to delete it.

Edited by Dan G, 23 December 2005 - 04:20 AM.

  • 0

#9
highland403

highland403

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Dan,

I ran release and renew and pinged localhost. Here are the results:

Microsoft Windows 2000 [Version 5.00.2195]
© Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator.MAIN>ipconfig /release

Windows 2000 IP Configuration

IP address successfully released for adapter "Local Area Connection"

C:\Documents and Settings\Administrator.MAIN>ipconfig /renew

Windows 2000 IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : mad.wi.charter.com
IP Address. . . . . . . . . . . . : 192.168.1.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

C:\Documents and Settings\Administrator.MAIN>ping localhost

Pinging THG [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\Administrator.MAIN>


I ran Winsock XP Fix and rebooted. There was no change.

Here are the results of Netsh. I did not reboot because these commands weren't recognized.

Microsoft Windows 2000 [Version 5.00.2195]
© Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator.MAIN>netsh winsock reset catalog
The following command was not found: winsock reset catalog.

C:\Documents and Settings\Administrator.MAIN>netsh int ip reset reset.log
The following command was not found: int ip reset reset.log.

C:\Documents and Settings\Administrator.MAIN>

Steve
  • 0

#10
highland403

highland403

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Dan,

I went to Components\Network\Protocol just to go back over some of the things you had mentioned earlier and this time I found 23 names. I wrote down some of them. They are:
MSAFD nwlnkipx[IPX]
MSAFD nwlnkspx[SPX]
MSAFD nwlnkspx[SPX][PseudoStream]
MSAFD nwlnkspx[SPXII]
MSAFD nwlnkspx[SPXII][PseudoStream]

From what you said in a previous post, this would mean winsock corruption. So I ran netsh int ip reset resetlog.txt but it said the command was not recognized. I also ran netsh winsock reset catalog and netsh int ip reset reset.log but neither of these commands was recognized either.

Steve
  • 0

Advertisements


#11
Dan

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
It doesn't necessarily mean you have Winsock corruption; if you have installed certain programs like NWLink IPX/SPX, then you will have new headings. Your headings look like they were installed by NWLink IPX/SPX; is that correct?

Also, the reason why the netsh commands don't work is because you don't have Windows XP SP2 installed; sorry, I forgot.

Please try the following steps one at a time, and post back the results.

Step 1
Can you connect to your router's web console? Open up a web browser, and type: 192.168.1.1 into the Address bar. Your username and password defaults depend on your router model. If you don't know, consult your manual, or do a google search for your router make/model.

Can you ping your DNS server? Start, Run, CMD, PING 24.196.64.53

Step 2
Please start Computer A in Safe Mode with Networking, and then attempt to connect it:
a) directly into the modem
b) through the router
Please ensure that all other computers are disconnected from the network.

What happens when you do this?

Step 3
Your computer seems to be inconsistant; could you please ensure that you have removed all Malware from Computer A by following these steps. Once you've checked that out, please post back here letting me know.

The fact that your computer can't connect to the internet at all (via the router/directly plugged into the modem) would suggest that you have an LSP problem.. ie: Winsock corruption. However, none of the winsock fixes seem to do anything.

Your computer seems to have some DNS problems, however the fact that you can't even run nslookup using my DNS server once again suggests LSP errors.

If your computer has no malware on it, then it might be necessary to re-install your NIC, and ensure it has up-to-date drivers.
  • 0

#12
highland403

highland403

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Dan,

I don't know what NWLink IPX/SPX is. As I mentioned in a previous post, the NWLink names were not in the protocal file and then they were after I rechecked the file.

I tried working on Steps 1, 2 and 3 but could only get so far.

Step 1
I cannot connect to the router's web console from Computer A. I can connect, however, from the other computers if Computer A is not connected to the router.

When I ping 24.196.64.53 from Computer A, the request times out. No problem though from the other computers if A is not connected to the router.

Step 2
After starting Computer A in safe mode and disconnecting the other computers from the router, I get the error message "The page cannot be displayed" when A is connected directly into the modem and run through the router.

Step 3
I tried to follow the steps as much as possible, but since Computer A cannot connect to the internet, I cannot get updates for any of the cleaning programs. Is there a way to run these programs on one of the other computers, update the programs and then transfer the programs to Computer A?

Steve
  • 0

#13
Dan

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
Step 1
Right-click on your Local Area Connection and select 'Properties' (or alternately, double click on your LAC in the taskbar, and then press the Properties button), once in properties, under 'This connection uses the following items' select NWLink IPX/SPX, and then press Uninstall. Reboot your computer and test your connection; if it still does not work, continue with Step 2.

Step 2
Please download and run LSPFix.
(Note: When you run the program, if you have any files moved to the 'Remove' list, please do not click finish until you have posted here - to exit the program, just close it with the orange X).
  • 0

#14
highland403

highland403

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Dan,

I tried downloading the malware cleaning programs to the computer that can access the internet, updated them and then copied them to a folder in Computer A. I think this worked but I'm not 100% sure. I couldn't run Windows update though.

Below is a copy of the Hijack This log and below that is the log from Ewido Security Suite.

Logfile of HijackThis v1.99.1
Scan saved at 5:13:35 PM, on 12/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\a la mode\Sched\eSched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\SYSTEM32\ataste.exe
C:\WINNT\system32\jamey.exe
C:\WINNT\system32\vanhoutt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WIN2000\guru.exe
C:\WINNT\system32\jamey.exe
C:\WINNT\system32\vanhoutt.exe
C:\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wholenote.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mlswis.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Multiple Listing Service, Inc.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [The Assistant] "C:\Program Files\a la mode\Sched\eSched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OIkfehse] C:\WINNT\SYSTEM32\ataste.exe
O4 - HKLM\..\Run: [Update Visual] jamey.exe
O4 - HKLM\..\Run: [XmasTray] vanhoutt.exe
O4 - HKLM\..\RunServices: [Update Visual] jamey.exe
O4 - HKLM\..\RunServices: [XmasTray] vanhoutt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinTOTAL Scheduler] C:\WIN2000\guru.exe
O4 - HKCU\..\Run: [Update Visual] jamey.exe
O4 - HKCU\..\Run: [XmasTray] vanhoutt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://www.mlswis.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2C15848B-21C0-406A-9902-56C8D90684F3} (alaWeb.clsGetStats) - file://C:\WIN2000\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127847530036
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.gabock.n...emote/msrdp.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} (Vault Files Downloader) - http://vault.alamode.com/cab/vfd.cab
O16 - DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} (alaGrid.TechDocSearch) - file://C:\WIN2000\CONTENT\cabs\alaGrid.CAB
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\InterCAP\ActiveCGM\ActiveX\Acgm.cab
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:09:56 PM, 12/26/2005
+ Report-Checksum: A70292E9

+ Scan result:

C:\Program Files\Symantec\pcAnywhere\WinNTAuth.dll -> Dialer.Generic : Cleaned with backup


::Report End

Steve
  • 0

#15
Dan

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
Steve, could you please post that HiJackThis log here.
Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP