| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 101049 | 2009-06-30 01:41:00 | 169 ip address - HJT log | mwcubsnut (14829) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 787269 | 2009-06-30 01:41:00 | I can not get this laptop to connect to the internet!! I even tried to uninstall and reinstall the network driver, I also tried the WinSock fix. Still nothing. Someone suggested that it may be a virus and not an IP issue. I have tried the iprelease and renew but cant because the media is disconnected!! Here is the HJT log and thank you in advance for anyone who can help!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:20:40 AM, on 1/24/2003 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\atiptaxx.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Documents and Settings\bob\Desktop\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 2201 bytes |
mwcubsnut (14829) | ||
| 787270 | 2009-06-30 01:44:00 | Is that all of it? It looks a bit short Get rid of Symantec, its probably that, thats screwing things up You can tick these entries then tick fix checked Close browsers O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE If this is on broadband, reset the modem. Then reconfigure it. As modem/routers can also get hit by DNSchanger. Which wont appear in a log, and you cant get rid of it until you reset the router. |
Speedy Gonzales (78) | ||
| 787271 | 2009-06-30 01:47:00 | Yes that is it and I thought I did get rid of the Symantec!! | mwcubsnut (14829) | ||
| 787272 | 2009-06-30 01:48:00 | No router either, well not when it is in my posession. It was hooked up to a router with the owner but not since I have had it. Connecting directly with the ethranet cord... | mwcubsnut (14829) | ||
| 787273 | 2009-06-30 01:50:00 | Umm no thats what these belong to O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') 23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Did you uninstall it?? You didnt delete its folder/s, without uninstalling it did you? That wont uninstall it. It must be going through a router or something to get here tho? Unless youre on dialup |
Speedy Gonzales (78) | ||
| 787274 | 2009-06-30 01:54:00 | Run this (ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe). Part of Norton might be left there stuffing things up. | wratterus (105) | ||
| 787275 | 2009-06-30 02:24:00 | What is this? O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll |
mwcubsnut (14829) | ||
| 787276 | 2009-06-30 02:26:00 | Run LSPFix (www.cexx.org) and remove nwprovau.dll. | wratterus (105) | ||
| 787277 | 2009-06-30 02:56:00 | Its not not nasty, its usually for the IPX / SPX protocol, but its rarely used these days. If its getting a 169 IP then it means it can't get a proper IP from the DHCP server. Try running WinsockFix. Should fix any DHCP issues: www.softpedia.com EDIT: Just read your post, I've seen that you've already run winsockfix, sorry:p What happens when you try to ping the default gateway? HAve you tried setting a static IP? Blam |
Blam (54) | ||
| 787278 | 2009-06-30 03:52:00 | I am not sure which of the above worked but I am online! Thanks so very much to all! I need to install an AV - AVG? Avast? | mwcubsnut (14829) | ||
| 1 2 | |||||