[Resolved] [Unable to connect to internet, use messenger or AVG, etc]

**noahdfear** · 15th August 2008

The I386 folder and it's contents are valid. I'm going to be out of pocket for a couple of days and will get back with you then.

mva5493 · 20th August 2008

Dave,

Tinytuba has brought this computer home to see if I can figure out what is wrong with it. Not sure exactly what is going on with it but I noticed a few things. The only page it will load is google, and she says that only happened after she did something you instructed her to do. I noticed that google will load and it will search but none of the links for the results will display. Don't know if it is related or not but the time is set to military and can't be changed.

Also took her card out and put it in this machine to make sure it wasn't the issue, and connected no problems.

**noahdfear** · 20th August 2008

Hi Val

The machine is unable to resolve dns, meaning it can't translate text to IP addresses. Google's IP address was added to the HOSTS file. MSN was too, so I'm a bit stumped as to why it won't resolve. We'll check that later too.

Click Start>Run on that machine and type the following address, then hit enter.

http://noahdfear.net/downloads/clock_fix.exe

If it opens a file download dialog, you can select Save or Run, doesn't matter.
If you save it, just run it when the download is complete.
If necessary, download and transfer it to the PC.
If the default format shown by the tool is not what you want, press R and hit Enter to set it from the International Settings control panel.
Reboot when done.
Let me know how that goes.

Lets get another look at things too .... in case I've missed something along the way.

Download a fresh copy of ComboFix from the following address.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Make sure it is on the Desktop, then close out all other programs and run it using the following command in the Run dialog.

"%userprofile%\desktop\combofix.exe" /skipfix

Post the resulting log (C:\ComboFix.txt) here.

mva5493 · 20th August 2008

Will do. Will be back with results shortly.

mva5493 · 20th August 2008

Combofix logfile:

ComboFix 08-08-18.05 - Brian 2008-08-20 0:36:53.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.635 [GMT -4:00]
Running from: C:\Documents and Settings\Brian.BULLSHIT\desktop\combofix.exe
Command switches used :: /skipfix

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))
.

2008-08-19 14:23 . 2008-08-19 14:23 <DIR> d-------- C:\Program Files\Common Files\Funk Software
2008-08-19 14:23 . 2008-08-19 14:23 <DIR> d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Avg8
2008-08-19 14:22 . 2008-08-19 14:22 <DIR> d-------- C:\WINXP\system32\en
2008-08-19 14:22 . 2008-08-19 14:22 <DIR> d-------- C:\WINXP\system32\bits
2008-08-19 12:13 . 2008-08-19 14:16 <DIR> d-------- C:\Documents and Settings\Administrator.TINY
2008-08-19 07:30 . 2008-08-19 14:16 <DIR> d-------- C:\Documents and Settings\Guest
2008-08-19 07:18 . 2008-08-19 14:16 <DIR> d-------- C:\Documents and Settings\Other Users
2008-08-18 12:16 . 2008-08-18 12:16 <DIR> d-------- C:\Program Files\Motorola Wireless
2008-08-18 12:16 . 2004-03-05 09:53 1,044,480 --a------ C:\WINXP\system32\ROBOEX32.DLL
2008-08-18 12:16 . 2004-03-25 20:49 336,256 --a------ C:\WINXP\system32\drivers\wind502u.sys
2008-08-18 12:16 . 2003-07-16 22:43 94,208 --a------ C:\WINXP\system32\W32N50CT.dll
2008-08-18 12:16 . 2003-07-16 22:28 17,142 --a------ C:\WINXP\system32\CBTNDIS5.sys
2008-08-18 12:16 . 1998-05-13 00:00 4,716 --a------ C:\WINXP\system32\VERSION.LIB
2008-08-18 12:15 . 2008-08-18 12:15 <DIR> d-------- C:\Program Files\Funk Software
2008-08-18 12:15 . 2003-05-14 16:01 62,673 -ra------ C:\WINXP\system32\drivers\odysseyIM3.sys
2008-07-28 12:58 . 2007-09-06 00:22 289,144 --a------ C:\WINXP\system32\VCCLSID.exe
2008-07-28 12:58 . 2006-04-27 17:49 288,417 --a------ C:\WINXP\system32\SrchSTS.exe
2008-07-28 12:58 . 2008-05-29 09:35 86,528 --a------ C:\WINXP\system32\VACFix.exe
2008-07-28 12:58 . 2008-05-18 21:40 82,944 --a------ C:\WINXP\system32\IEDFix.exe
2008-07-28 12:58 . 2008-07-02 13:33 82,432 --a------ C:\WINXP\system32\IEDFix.C.exe
2008-07-28 12:58 . 2008-05-23 18:21 81,920 --a------ C:\WINXP\system32\404Fix.exe
2008-07-28 12:58 . 2003-06-05 21:13 53,248 --a------ C:\WINXP\system32\Process.exe
2008-07-28 12:58 . 2004-07-31 18:50 51,200 --a------ C:\WINXP\system32\dumphive.exe
2008-07-28 12:58 . 2007-10-04 00:36 25,600 --a------ C:\WINXP\system32\WS2Fix.exe
2008-07-28 12:58 . 2008-07-28 13:00 1,244 --a------ C:\WINXP\system32\tmp.reg
2008-07-26 12:12 . 2008-07-26 12:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-26 12:12 . 2008-07-26 12:12 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 18:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 18:20 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft Help
2008-08-19 18:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-19 01:23 --------- d-----w C:\Program Files\Belarc
2008-07-18 05:00 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-18 00:37 --------- d-----w C:\Program Files\Microsoft Works
2008-07-18 00:36 --------- d-----w C:\Program Files\MSBuild
2008-07-18 00:24 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-17 23:26 --------- d-----w C:\Program Files\Finale 2007
2008-07-12 10:39 --------- d-----w C:\Program Files\Java
2008-07-10 16:44 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Lavasoft
2008-07-10 15:26 --------- d-----w C:\Program Files\The Weather Channel FW
2008-06-20 17:41 245,248 ----a-w C:\WINXP\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINXP\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 16:18 785520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 20:39 461584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-19 09:02 185896]
"MaxtorOneTouch"="C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 08:45 712704]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 11:15 81920]

C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\
Motorola Wireless USB Adapter.lnk - C:\Program Files\Motorola Wireless\WU830G USB Adapter\Startup.EXE [2008-08-18 12:16:06 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"InstallVisualStyle"= C:\WINXP\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINXP\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^Brian.BULLSHIT^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Brian.BULLSHIT\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINXP\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2005-11-02 23:01 50792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 18:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 14:43 57344 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 13:56 64512 C:\WINXP\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-11-02 23:01 50792 C:\Program Files\Common Files\AOL\1137307829\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 18:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 05:00 90112 C:\WINXP\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2004-06-10 12:51 60928 C:\WINXP\system32\P17.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1137307829\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\1137307829\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1137307829\\ee\\aim6.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINXP\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;C:\WINXP\system32\DRIVERS\wind502u.sys [2004-03-25 20:49]
S0 Spssys;Toshiba SPS Service;C:\WINXP\system32\drivers\spssys.sys []
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINXP\system32\DRIVERS\A3AB.sys [2005-03-22 20:17]
S3 MAC607;MAC607 Filter;C:\WINXP\system32\DRIVERS\MAC607.sys [2007-06-25 02:35]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINXP\system32\Drivers\xbreader.sys [2001-01-02 23:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Brian.BULLSHIT\Application Data\Mozilla\Firefox\Profiles\xs70nloq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 00:37:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-20 0:38:28
ComboFix-quarantined-files.txt 2008-08-20 04:38:18
ComboFix2.txt 2008-08-20 04:18:21
ComboFix3.txt 2008-08-02 04:48:56

Pre-Run: 45,859,635,200 bytes free
Post-Run: 45,847,777,280 bytes free

141 --- E O F --- 2008-07-19 14:44:57

**noahdfear** · 20th August 2008

Is the clock fixed?

Looks to be in order. Please post the log C:\qoobox\ComboFix2.txt

What brand is the wireless adapter?
Is the computer still using wireless?
Did you test it hardwired?

mva5493 · 20th August 2008

No the clock is not fixed, but I kinda skipped it. (simply forgot to do it

It is still using the wireless, the brand is motorola I have not tested it hard wired yet that is the next step

mva5493 · 20th August 2008

omboFix 08-08-18.05 - Brian 2008-08-20 0:15:23.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.664 [GMT -4:00]
Running from: E:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Brian.BULLSHIT\Cookies\brian@clicksor[1].txt
C:\Documents and Settings\Brian.BULLSHIT\Cookies\brian@ehg-idgentertainment.hitbox[2].txt
C:\Documents and Settings\Brian.BULLSHIT\Cookies\brian@myspace[3].txt
C:\Documents and Settings\Brian.BULLSHIT\UserData
C:\Documents and Settings\Brian.BULLSHIT\UserData\81E74DEB\oWindowsUpdate[1].xml
C:\Documents and Settings\Brian.BULLSHIT\UserData\index.dat
C:\Documents and Settings\Brian.BULLSHIT\UserData\KLQZSX63\oXMLStore[1].xml
C:\Documents and Settings\Brian.BULLSHIT\UserData\KLQZSX63\YL[1].xml
C:\Documents and Settings\Brian.BULLSHIT\UserData\W12BCDE3\BlogIt[1].xml
C:\Documents and Settings\Brian\UserData
C:\Documents and Settings\Brian\UserData\index.dat
C:\Documents and Settings\Brian\UserData\SPY381Q7\obe[1].xml

.
((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))
.

2008-08-19 14:23 . 2008-08-19 14:23 <DIR> d-------- C:\Program Files\Common Files\Funk Software
2008-08-19 14:23 . 2008-08-19 14:23 <DIR> d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Avg8
2008-08-19 14:22 . 2008-08-19 14:22 <DIR> d-------- C:\WINXP\system32\en
2008-08-19 14:22 . 2008-08-19 14:22 <DIR> d-------- C:\WINXP\system32\bits
2008-08-19 12:13 . 2008-08-19 14:16 <DIR> d-------- C:\Documents and Settings\Administrator.TINY
2008-08-19 07:30 . 2008-08-19 14:16 <DIR> d-------- C:\Documents and Settings\Guest
2008-08-19 07:18 . 2008-08-19 14:16 <DIR> d-------- C:\Documents and Settings\Other Users
2008-08-18 12:16 . 2008-08-18 12:16 <DIR> d-------- C:\Program Files\Motorola Wireless
2008-08-18 12:16 . 2004-03-05 09:53 1,044,480 --a------ C:\WINXP\system32\ROBOEX32.DLL
2008-08-18 12:16 . 2004-03-25 20:49 336,256 --a------ C:\WINXP\system32\drivers\wind502u.sys
2008-08-18 12:16 . 2003-07-16 22:43 94,208 --a------ C:\WINXP\system32\W32N50CT.dll
2008-08-18 12:16 . 2003-07-16 22:28 17,142 --a------ C:\WINXP\system32\CBTNDIS5.sys
2008-08-18 12:16 . 1998-05-13 00:00 4,716 --a------ C:\WINXP\system32\VERSION.LIB
2008-08-18 12:15 . 2008-08-18 12:15 <DIR> d-------- C:\Program Files\Funk Software
2008-08-18 12:15 . 2003-05-14 16:01 62,673 -ra------ C:\WINXP\system32\drivers\odysseyIM3.sys
2008-07-28 12:58 . 2007-09-06 00:22 289,144 --a------ C:\WINXP\system32\VCCLSID.exe
2008-07-28 12:58 . 2006-04-27 17:49 288,417 --a------ C:\WINXP\system32\SrchSTS.exe
2008-07-28 12:58 . 2008-05-29 09:35 86,528 --a------ C:\WINXP\system32\VACFix.exe
2008-07-28 12:58 . 2008-05-18 21:40 82,944 --a------ C:\WINXP\system32\IEDFix.exe
2008-07-28 12:58 . 2008-07-02 13:33 82,432 --a------ C:\WINXP\system32\IEDFix.C.exe
2008-07-28 12:58 . 2008-05-23 18:21 81,920 --a------ C:\WINXP\system32\404Fix.exe
2008-07-28 12:58 . 2003-06-05 21:13 53,248 --a------ C:\WINXP\system32\Process.exe
2008-07-28 12:58 . 2004-07-31 18:50 51,200 --a------ C:\WINXP\system32\dumphive.exe
2008-07-28 12:58 . 2007-10-04 00:36 25,600 --a------ C:\WINXP\system32\WS2Fix.exe
2008-07-28 12:58 . 2008-07-28 13:00 1,244 --a------ C:\WINXP\system32\tmp.reg
2008-07-26 12:12 . 2008-07-26 12:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-26 12:12 . 2008-07-26 12:12 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 18:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 18:20 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft Help
2008-08-19 18:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-19 01:23 --------- d-----w C:\Program Files\Belarc
2008-07-18 05:00 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-18 00:37 --------- d-----w C:\Program Files\Microsoft Works
2008-07-18 00:36 --------- d-----w C:\Program Files\MSBuild
2008-07-18 00:24 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-17 23:26 --------- d-----w C:\Program Files\Finale 2007
2008-07-12 10:39 --------- d-----w C:\Program Files\Java
2008-07-10 16:44 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Lavasoft
2008-07-10 15:26 --------- d-----w C:\Program Files\The Weather Channel FW
2008-06-20 17:41 245,248 ----a-w C:\WINXP\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINXP\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 16:18 785520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 20:39 461584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-19 09:02 185896]
"MaxtorOneTouch"="C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 08:45 712704]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 11:15 81920]

C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\
Motorola Wireless USB Adapter.lnk - C:\Program Files\Motorola Wireless\WU830G USB Adapter\Startup.EXE [2008-08-18 12:16:06 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"InstallVisualStyle"= C:\WINXP\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINXP\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^Brian.BULLSHIT^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Brian.BULLSHIT\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINXP\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2005-11-02 23:01 50792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 18:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 14:43 57344 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 13:56 64512 C:\WINXP\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-11-02 23:01 50792 C:\Program Files\Common Files\AOL\1137307829\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 18:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 05:00 90112 C:\WINXP\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2004-06-10 12:51 60928 C:\WINXP\system32\P17.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1137307829\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\1137307829\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1137307829\\ee\\aim6.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINXP\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;C:\WINXP\system32\DRIVERS\wind502u.sys [2004-03-25 20:49]
S0 Spssys;Toshiba SPS Service;C:\WINXP\system32\drivers\spssys.sys []
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINXP\system32\DRIVERS\A3AB.sys [2005-03-22 20:17]
S3 MAC607;MAC607 Filter;C:\WINXP\system32\DRIVERS\MAC607.sys [2007-06-25 02:35]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINXP\system32\Drivers\xbreader.sys [2001-01-02 23:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Brian.BULLSHIT\Application Data\Mozilla\Firefox\Profiles\xs70nloq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 00:16:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-20 0:18:20
ComboFix-quarantined-files.txt 2008-08-20 04:18:05
ComboFix2.txt 2008-08-02 04:48:56

Pre-Run: 45,847,814,144 bytes free
Post-Run: 45,832,491,008 bytes free

155 --- E O F --- 2008-07-19 14:44:57

**noahdfear** · 20th August 2008

I inquired about the wireless card brand because there are services for both Motorola and D-Link wireless adapters. We might come back to this.

Please do check the connectivity wired and let me know.

mva5493 · 20th August 2008

will check but, getting a bit sleepy now so will test later in the am.

**noahdfear** · 20th August 2008

I'm off to bed soon anyway. See you tomorrow evening.

mva5493 · 20th August 2008

ok a bit of an update...I am beginning to suspect some other problem. I tried connecting with a 56k modem and a standard dial up connection. It show the connection (sent and received packets) but couldn't load any pages including google. Now it tells me that the page cannot be found. also tried inputing ip address (for google and windows bbs, since google had worked previously, winbbs I just put in to see if it would translate. no luck yet....
I removed and uninstalled the motorola wireless adapter. as well as the netgear wireless card. so now I am wondering if something else is interfering. I know I had a similar problem with my computer after putting avg 8.0 on this machine, but it was resolved by changing my firewall settings. TinyTuba's computer doesn't have any firewall or antivirus at this point. I think it is time to do a bit of reading, and backtracking her posts to see where this problem started.

Not sure if this makes a difference but the error message is server not found:
firefox can't find the server at www.google.com...same message no matter what the address.

mva5493 · 21st August 2008

ran the clock fix and the time seems to be working normally now. Also noticed a few other changes... when booting up the computer at the xp login screen only one profile is there. Before there was one main, a guest, and other users. Now not only is there just one but it was the profile of the previous owner (not TinyTuba's profile).

**noahdfear** · 21st August 2008

Right click My Computer and select Properties.
Select the Advanced tab.
Click Settings in the Startup and Recovery section.
Click Edit.
Post it's contents here please.

What Service Pack version does it show on the General tab of My Computer properties?

Click Start>Run and type the following command, then hit Enter.

regsvr32 dnsapi.dll

Reboot and see if there's any change in connectivity.

mva5493 · 21st August 2008

service pack 2, automatic update tried to install sp 3 but had and error and didn't complete (earlier today)

Regsver32:
dnsapi.dll was loaded, but the dllregisterserver entry point was not found. This file can not be registered.

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINXP
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINXP="Windows XP Media Center Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

no change in connectivity. ie still gives page cannot be displayed error, when I put in an address it gives me the error message that IE cannot open the search page.