zhao_yun
asked on
Limited or no Connectivity
Hello everyone, I have a problem that has put me at the end of my resources and I am in dire need of some new ideas. I have a Toshiba Satellite 2545XCDT laptop running XP PRO SP2. I have tried both a D-Link 690TXD PCMCIA card and a linksys USB100M nic. Neither of them are able to resolve an IP. I have rebooted my router and cable modem several times. I have run the Winsock repair utility and the reg patch. I have tried the manual netsh winsock repair command. I have reformatted the system under the impression that spyware or a virus may be causing the problem. The only thing that is install at this point in time is windows XP Pro. I have tried setting a manual IP, DNS and Gateway. I have all the latest patches from Microsux downloaded. There are 3 other computers on the network that are able to get an IP and browse just fine. Both network cards were tested on other computers to verify their functionality. Can anyone please help me? Thanks!!!
D
D
ASKER
Yes, the computer can ping the loopback address. DHCP server scope? Please be more specific. Only firewall installed is windows firewall and it is currently disabled.
Is there any option in the router that will only allow an authorized MAC address obtain an IP and access the network?
ASKER
No such option exists. I am using a Linksys WRT54G router Firmware Version: v1.30.7, Jul. 8, 2003. I have also installed the KB884020 microsoft hotfix. I am going to update the firmware on the router and I will post the results shortly.
ASKER
I am now using Firmware Version: v3.03.6. I tried renewing IP on the laptop again with the same error.
What results do you get when you run an ipconfig /all from the command prompt of your notebook?
ASKER
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Stephen Bay>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : superbass
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : D-Link DFE-690TXD CardBus PC Card
Physical Address. . . . . . . . . : 00-40-05-08-79-69
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.188.225
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Stephen Bay>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : superbass
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : D-Link DFE-690TXD CardBus PC Card
Physical Address. . . . . . . . . : 00-40-05-08-79-69
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.188.225
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
Are you sure the network cable you are using is OK? Or the port on the switch? Have you tried another cable, one you know is OK?
ASKER
Well, i thought that the cable was good. I went to this computer and unhooked the lan cable, hooked it directly into the laptop and was able to resolve and IP. Boy do I feel stupid now. Thanks for your help!
No problem, can happen to anyone, thanx.
ASKER
Well, i thought that fixed the problem. I tried another cable that i knew worked and i got the same error. When i tried going back to the cable that worked, i am now getting the "unable to contact your DHCP server. Still unable to resolve an IP. ; ;
Then try it with your USB NIC again. Maybe there is also some contact problem of the cable with the NIC.
ASKER
I just got back from Wal-Mart. I bought a new cat-5 cable and it is now working just fine. Talk about strange. Thanks again!!!
ASKER
Sigh.... I updated the antivirus database and rebooted and now have the same error....
Then you might as well check your system for malware:
Turn off System Restore (Control Panel, System).
start msconfig (Start, Run, msconfig), select the startup tab and remove the ticks from any programs you aren't sure of what they might be.
Let your PC be restarted
Download and install Spy-bot S & D (http://www.safer-networking.org/en/index.html)
Let the installer activate the tea-timer and update Spy-bot.
Click on "make registry backup", wait until done and click on next.
Let the scan finish, then select all the found items and select clean.
If the system wasn't able to clean out everything it found, let it reboot. Spy-bot should startup before you log-on, do another scan.
Again select all found items and clean. When finished select "immunize", then close spy-bot.
Download and install Adaware (http://lavasoft.com).
Let the installer do an update, then scan the system.
Select all found items and let them be removed.
A reboot may also be necessary here.
If either Spy-bot or adaware or both still weren't able to remove all malware, reboot your system to safe-mode and let the tool which couldn't remove a malware do another scan. If it is adaware, change the scan settings to scan within archives, then start a scan.
Again select all found malware and let them be removed.
Use the following link to scan your system for virii on-line (The advantage here is if your AV program has been compromised by a virus, it won't be able to detect at least that virus anymore, so an external scan can help)
http://housecall.trendmicro.com
if you still have malware on your system after that, download the latest version of HijackThis:
http://www.hijackthis.de/downloads
run it and save the log. Paste the log to the following website:
http://www.hijackthis.de/en
Click the "analyze" button and you will have an analysis of your log.
Now paste the analyzed log here, so we can help further (provided you don't get enough info from the log and can do it yourself).
next make sure your AV Software is up-to-date and running. Let the system do a thorough AV scan.
Turn off System Restore (Control Panel, System).
start msconfig (Start, Run, msconfig), select the startup tab and remove the ticks from any programs you aren't sure of what they might be.
Let your PC be restarted
Download and install Spy-bot S & D (http://www.safer-networking.org/en/index.html)
Let the installer activate the tea-timer and update Spy-bot.
Click on "make registry backup", wait until done and click on next.
Let the scan finish, then select all the found items and select clean.
If the system wasn't able to clean out everything it found, let it reboot. Spy-bot should startup before you log-on, do another scan.
Again select all found items and clean. When finished select "immunize", then close spy-bot.
Download and install Adaware (http://lavasoft.com).
Let the installer do an update, then scan the system.
Select all found items and let them be removed.
A reboot may also be necessary here.
If either Spy-bot or adaware or both still weren't able to remove all malware, reboot your system to safe-mode and let the tool which couldn't remove a malware do another scan. If it is adaware, change the scan settings to scan within archives, then start a scan.
Again select all found malware and let them be removed.
Use the following link to scan your system for virii on-line (The advantage here is if your AV program has been compromised by a virus, it won't be able to detect at least that virus anymore, so an external scan can help)
http://housecall.trendmicro.com
if you still have malware on your system after that, download the latest version of HijackThis:
http://www.hijackthis.de/downloads
run it and save the log. Paste the log to the following website:
http://www.hijackthis.de/en
Click the "analyze" button and you will have an analysis of your log.
Now paste the analyzed log here, so we can help further (provided you don't get enough info from the log and can do it yourself).
next make sure your AV Software is up-to-date and running. Let the system do a thorough AV scan.
ASKER
System restore turned off....
msconfig only shows Avast on startup list...
System restarted.
Installed Spybot & update....
Immunized system and created reg. backup....
Scanned for problems....no problems found.
Error during scan:
Xuron55.Installdollars (Datei C:\WINDOWS\win.ini kann nicht geöffnet werden. The process cannot access the file because it is being used by another process)
Installed Adaware and update.
Ran full system scan:
Ad-Aware SE Build 1.05
Logfile Created on:Saturday, March 26, 2005 12:16:24 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R34 23.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»»»»»»»»» »»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»»
MRU List(TAC index:0):12 total references
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»»
Ad-Aware SE Settings
========================== =
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
========================== =
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
3-26-2005 12:16:25 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : S-1-5-21-1454471165-484763 869-120266 0629-1003\ software\m icrosoft\w indows\cur rentversio n\explorer \runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1454471165-484763 869-120266 0629-1003\ software\m icrosoft\w indows\cur rentversio n\explorer \comdlg32\ opensavemr u
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1454471165-484763 869-120266 0629-1003\ software\m icrosoft\w indows\cur rentversio n\explorer \comdlg32\ lastvisite dmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1454471165-484763 869-120266 0629-1003\ software\m icrosoft\w indows\cur rentversio n\explorer \recentdoc s
Description : list of recent documents opened
MRU List Object Recognized!
Location: : software\microsoft\directd raw\mostre centapplic ation
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1454471165-484763 869-120266 0629-1003\ software\m icrosoft\m icrosoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1454471165-484763 869-120266 0629-1003\ software\m icrosoft\i nternet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\direct3 d\mostrece ntapplicat ion
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3 d\mostrece ntapplicat ion
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : .DEFAULT\software\microsof t\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsof t\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : C:\Documents and Settings\Stephen Bay\recent
Description : list of recently opened documents
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 428
ThreadCreationTime : 3-26-2005 5:09:42 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 3-26-2005 5:09:46 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 3-26-2005 5:09:47 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 588
ThreadCreationTime : 3-26-2005 5:09:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 3-26-2005 5:09:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 3-26-2005 5:09:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 796
ThreadCreationTime : 3-26-2005 5:09:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 896
ThreadCreationTime : 3-26-2005 5:09:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1000
ThreadCreationTime : 3-26-2005 5:09:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 3-26-2005 5:09:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1432
ThreadCreationTime : 3-26-2005 5:10:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast 4\
ProcessID : 1600
ThreadCreationTime : 3-26-2005 5:10:20 PM
BasePriority : Normal
FileVersion : 4, 5, 514, 0
ProductVersion : 4, 5, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2003 ALWIL Software
OriginalFilename : aswDisp.exe
#:13 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 1608
ThreadCreationTime : 3-26-2005 5:10:20 PM
BasePriority : Idle
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.
#:14 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2044
ThreadCreationTime : 3-26-2005 5:11:09 PM
BasePriority : Normal
#:15 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 176
ThreadCreationTime : 3-26-2005 5:11:10 PM
BasePriority : High
FileVersion : 4, 5, 536, 0
ProductVersion : 4, 5, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2003 ALWIL Software
OriginalFilename : aswServ.exe
#:16 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 640
ThreadCreationTime : 3-26-2005 5:12:22 PM
BasePriority : Normal
FileVersion : 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.4.3790.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:17 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1716
ThreadCreationTime : 3-26-2005 5:12:35 PM
BasePriority : Normal
#:18 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 272
ThreadCreationTime : 3-26-2005 5:13:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1312
ThreadCreationTime : 3-26-2005 5:14:24 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:20 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1968
ThreadCreationTime : 3-26-2005 5:15:54 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
New critical objects: 0
Objects found so far: 12
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
New critical objects: 0
Objects found so far: 12
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
New critical objects: 0
Objects found so far: 12
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
New critical objects: 0
Objects found so far: 12
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\syste m32\driver s\etc\host s".
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»»»»»»»»» »»»»»»»»»» »»»»»»»»»» »»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
1 entries scanned.
New critical objects:0
Objects found so far: 12
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
New critical objects: 0
Objects found so far: 12
12:30:03 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»» »»
Total scanning time:00:13:38.577
Objects scanned:65812
Objects identified:0
Objects ignored:0
New critical objects:0
All items removed.
Unable to run web antivirus scan due to lack of connectivity.
Ran Hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 12:41:57 PM, on 3/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\PROGRA~1\ALWILS~1\Avast 4\ashDisp. exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.e xe
C:\Program Files\Alwil Software\Avast4\ashServ.ex e
C:\Program Files\Alwil Software\Avast4\ashMaiSv.e xe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Stephen Bay\Desktop\hijackthis_199 \HijackThi s.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast 4\ashDisp. exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.e xe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.ex e
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.e xe" /service (file missing)
Running thorough anti-virus scan...
msconfig only shows Avast on startup list...
System restarted.
Installed Spybot & update....
Immunized system and created reg. backup....
Scanned for problems....no problems found.
Error during scan:
Xuron55.Installdollars (Datei C:\WINDOWS\win.ini kann nicht geöffnet werden. The process cannot access the file because it is being used by another process)
Installed Adaware and update.
Ran full system scan:
Ad-Aware SE Build 1.05
Logfile Created on:Saturday, March 26, 2005 12:16:24 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R34 23.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):12 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
==========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
==========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
3-26-2005 12:16:25 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : S-1-5-21-1454471165-484763
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1454471165-484763
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1454471165-484763
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1454471165-484763
Description : list of recent documents opened
MRU List Object Recognized!
Location: : software\microsoft\directd
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1454471165-484763
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1454471165-484763
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\direct3
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : .DEFAULT\software\microsof
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsof
Description : windows media sdk
MRU List Object Recognized!
Location: : C:\Documents and Settings\Stephen Bay\recent
Description : list of recently opened documents
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 428
ThreadCreationTime : 3-26-2005 5:09:42 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 3-26-2005 5:09:46 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 3-26-2005 5:09:47 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 588
ThreadCreationTime : 3-26-2005 5:09:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 3-26-2005 5:09:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 3-26-2005 5:09:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 796
ThreadCreationTime : 3-26-2005 5:09:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 896
ThreadCreationTime : 3-26-2005 5:09:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1000
ThreadCreationTime : 3-26-2005 5:09:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 3-26-2005 5:09:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1432
ThreadCreationTime : 3-26-2005 5:10:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast
ProcessID : 1600
ThreadCreationTime : 3-26-2005 5:10:20 PM
BasePriority : Normal
FileVersion : 4, 5, 514, 0
ProductVersion : 4, 5, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2003 ALWIL Software
OriginalFilename : aswDisp.exe
#:13 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 1608
ThreadCreationTime : 3-26-2005 5:10:20 PM
BasePriority : Idle
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.
#:14 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2044
ThreadCreationTime : 3-26-2005 5:11:09 PM
BasePriority : Normal
#:15 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 176
ThreadCreationTime : 3-26-2005 5:11:10 PM
BasePriority : High
FileVersion : 4, 5, 536, 0
ProductVersion : 4, 5, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2003 ALWIL Software
OriginalFilename : aswServ.exe
#:16 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 640
ThreadCreationTime : 3-26-2005 5:12:22 PM
BasePriority : Normal
FileVersion : 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.4.3790.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:17 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1716
ThreadCreationTime : 3-26-2005 5:12:35 PM
BasePriority : Normal
#:18 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 272
ThreadCreationTime : 3-26-2005 5:13:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1312
ThreadCreationTime : 3-26-2005 5:14:24 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:20 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1968
ThreadCreationTime : 3-26-2005 5:15:54 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\syste
»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 12
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
12:30:03 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:38.577
Objects scanned:65812
Objects identified:0
Objects ignored:0
New critical objects:0
All items removed.
Unable to run web antivirus scan due to lack of connectivity.
Ran Hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 12:41:57 PM, on 3/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\PROGRA~1\ALWILS~1\Avast
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.e
C:\Program Files\Alwil Software\Avast4\ashServ.ex
C:\Program Files\Alwil Software\Avast4\ashMaiSv.e
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Stephen Bay\Desktop\hijackthis_199
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.e
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.ex
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.e
Running thorough anti-virus scan...
Reboot into safemode and repeat spybot.
ASKER
same error...
ASKER
C:\WINDOWS\win.ini cannot be opened. The process cannot access the file because it is being used by another process. The nic was uninstalled before running the scan in safe mode. I have also tried installing a wireless linksys nic WPC54G and was not able to connect to the router.
ASKER
The win.ini contains:
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo2
asx=MPEGVideo2
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo2
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo2
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo2
wm=MPEGVideo2
wma=MPEGVideo2
wmv=MPEGVideo2
wmx=MPEGVideo2
wvx=MPEGVideo2
wpl=MPEGVideo
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo2
asx=MPEGVideo2
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo2
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo2
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo2
wm=MPEGVideo2
wma=MPEGVideo2
wmv=MPEGVideo2
wmx=MPEGVideo2
wvx=MPEGVideo2
wpl=MPEGVideo
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Check the DHCP server scope and see if you have something strange (MAC address access control?)
Bad configured Firewalls (win and 3rd party)?