-
help
I need help. something I downloaded really screwed up my computer. I think I got rid of all the virus/trojans and spyware shit. but xp still will not grab an IP address so I can not get it online. I am in slax live cd right now and it doens't let me do anything with the HD. what a bugger but yea help
-
re: socket error
Go get avgfree and throw it on the box (http://free.grisoft.com) you can download both the program and the updates so the box doesnt have to be online to do it. Install and do the updates. Then boot into safe mode and run the scan and see what it cleans. (to verify its clean)
For your socket error:
On an XP Home/Pro computer, when trying to browse the Internet, you are getting "Page Cannot Be Displayed" and when you go to the command prompt window and run ipconfig /all, you get an APIPA in the form of 169.254.x.x. Then immediately run ipconfig /renew, you get this error message: "An operation was attempted on something that is not a socket"
If so, you have a damaged winsock2 key in the registry.
You should check System Information (winmsd) Expand Components / Network / click on Protocol - if the section headings item of "Name" have a value starting with with anything other than MSAFD or RSVP then that is probably what is causing the problem.
Examples:
MSAFD Tcpip [TCP/IP]
MSAFD Tcpip [UDP/IP]
RSVP UDP Service Provider
RSVP TCP Service Provider
MSAFD NetBIOS [DeviceNetBT_Tcpip...
and so on
It may be a third-party firewall or a Spyware or a Virus. ("New.Net" is a common spyware for example) Make sure that MSCONFIG is in Normal Startup and then see if uninstalling the third party firewall (best done from its own uninstall program if available) or the Spyware from Add Remove Programs will resolve the issue. If it's a virus, then an Anti Virus Program will be able to deal with that.
You may want to try downloading either Ad-Aware 6 or Spybot to another computer and then installing one of them on the infected XP Home/Pro computer and try to wipe out Spyware and see if that resolves the issue.
If none of that works or is possible, you could try this method for replacing the winsock and winsock2 registry keys:
WARNING: using Registry Editor incorrectly, can cause serious problems that may require you to reinstall your operating system.
Step 1: Delete registry keys
A)Open Regedit from the Run line
B)Go to both of the following keys, EXPORT each of them, and then delete them: (To export a key, you right click on it and choose
"export" - you can choose where to export them to - DESKTOP is handy - and you need to type in a file name such as "exported
Winsock key" / "exported WinSock2 key" and then click on SAVE)
HERE ARE THOSE TWO KEYS HKLM
-SYSTEM
--CurrentControlSet
---Services
----Winsock
THAT YOU NEED TO DELETE
HKLM
-SYSTEM
--CurrentControlSet
---Services
----WinSock2
C)Restart the computer
NOTE: It is important to restart the computer after deleting the Winsock keys. Doing so causes the XP operating system to recreate
shell entries for those two keys. If this is not done, the next step does not work correctly.
Step 2: Install TCP/IP on top of itself
A)Open the properties window of the network connection (Local Area Connection)
B)Click Install
C)Click Protocol, then Add
D)Click Have Disk
E)Type the path to the %systemroot%inf folder (usually C:Windowsinf) and click OK (if you try to click Browse, then browse to the inf folder, it may not show up in the list)
F)You should now see "Internet Protocol (TCP/IP)" in the list of available protocols. Select it and click OK.
G)Restart the computer
When the computer reboots you will have functional Winsock keys. If so, then be sure to delete the exported winsock and
winsock2 reg files. (You don't want to accidentally put them back in the registry)
Side effects and possible problems:
This method will restore basic functionality to the Winsock keys, but is not a complete rebuild. On a default install of Windows XP
the registry key:
HKLM
-SYSTEM
--CurrentControlSet
---Services
----Winsock2
-----Parameters
------Protocol_Catalog9
-------Catalog_Entries
will have 11 sub-keys. When applying this method, the Catalog_Entries will only have 3 sub-keys. It works and there does not appear to be any side effects. Missing entries relate back to the:
HKLM
-SYSTEM
--CurrentControlSet
---Services
----Tcpip
-----Parameters
------Interfaces
key. Also, third-party proxy software or firewalls may need to be reinstalled.
If issue is resolved, then be sure to delete the exported Winsock / WinSock2 .reg keys as you don't want to accidentally end up importing those damaged keys back into the registry.
Also, if you run a hijack this and save the list and post here, I can run thru it and see if its clean or not.
Hope that all helps. The socket error (not getting an IP) fix should work though (damaged winsock or winsock2 file is causing it)
**Help info culled from my own tech website. =)
-
damn thats alotta info. I dont feel so much like I have lost my nerderyness now. thanks man. ill probly get it all fixed tomorrow. oh yea now when I run ipconfig it freezes.
-
whoo it all works now. ill run hijack this later tonight. but I gotta move all my shit outta my place by 8am tomorrow morning. fun times.
-
Logfile of HijackThis v1.99.1
Scan saved at 7:08:23 PM, on 2/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Common Files\AOL\1135840116\ee\AOLSoftware.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\winstall.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\NICOLE~1.NIC\LOCALS~1\Temp\Rar$EX00.64 1\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crimelibrary.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135840116\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [04ug00pk.dll] RUNDLL32.EXE 04ug00pk.dll,b 99977734
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [uiom] C:\PROGRA~1\COMMON~1\uiom\uiomm.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1139446422859
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51...ol/h2hpool.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\l02slaf71d2.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
-
Remove
C:\winstall.exe (its a part of spysheriff Removal tool - boot into safemode and run it)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
(why are you running a search toolbar?)
O4 - HKLM\..\Run: [04ug00pk.dll] RUNDLL32.EXE 04ug00pk.dll,b 99977734
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exe
O4 - HKCU\..\Run: [uiom] C:\PROGRA~1\COMMON~1\uiom\uiomm.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\l02slaf71d2.dll
Why are you running VMnet DHCP service ???
-
Why are you running VMnet DHCP service ???
that was for vmware while im trying to learn linux.
then the toolbar shit is from the other dude.
-
Logfile of HijackThis v1.99.1
Scan saved at 9:07:08 PM, on 2/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\AOL\1135840116\ee\AOLSoftware.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hpsw.exe
C:\WINDOWS\System32\vmnat.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Gaim\gaim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\NICOLE~1.NIC\LOCALS~1\Temp\Rar$EX00.36 0\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135840116\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\n6n6lg5s16.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
____________
after running again
edit, there is something that keeps popping up ad windows, in IE and firefox.
-
Boot into safemode w/ networking
Remove
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
Not needed, you can remove these (speeds up boottime)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Then goto www.pandasoftware.com and run their virus scan while in safemode. When it's done, save the results and either paste them here, or attach the .txt file.
-
well pana active scan doesn't work for me. when I click on my computer or local disks, it flashes error in the bottom left then sits there and does nothin
-
Hmm, possibly a problem with active x or java.
try http://housecall.trendmicro.com (which prolly wont work if panda doesnt)
Have you installed avg free http://free.grisoft.com and ran the updates, then done a scan in safe mode? That might identify some of the files, or clean them.
-
well that link you gave me to fix up that constant pop up didn't work I still get those. but all the viruses are gone. panda and the other scans dont work still. I downloaded a new java and installed it but that didn't help
-
Check to see if ActiveX is working
http://www.pcpitstop.com/testax.asp
-
-
Then you have something on your pc still causing issues.