Hi, I really need your help. My Husbands Laptop has a bug that I can’t fix. I ran Adaware, Spybot, Norton Anti Virus and Counterspy. I had them fix all it found, now I can’t get on the internet to run some of the scans you all recommend. I was able to get on a few times in safe mode, but not long enough to get a complete scan. When I try to get on the internet, it starts looking for the homepage but ends up with Page can not be displayed. In the lower toolbar it says Server not found. Now I ran HJT and hope you can help me. Here is the log.
Thank you so much :confused:

Logfile of HijackThis v1.99.1
Scan saved at 8:11:25 PM, on 10/9/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\HPConfig.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\essspk.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\WINNT\ESSD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\explorer.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://earmyu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
F1 - win.ini: run=C:\WINNT\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll (file missing)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [ESS Daemon] C:\WINNT\ESSD.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Tuta] C:\Documents and Settings\Administrator\Application Data\apbr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpa: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\System32\HPConfig.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

Hi,
Download CWShredder. Next, download CleanUp! and install it.
Make Windows to show all files:-
Go to Start > My Computer.
Go to Tools menu, click Folder Options.
Uncheck Hide protected operating system files.
Then, click to select the option Show hidden files and folders.
Click Apply and then click OK to exit.


Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.


Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://earmyu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
F1 - win.ini: run=C:\WINNT\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - HKCU\..\Run: [Tuta] C:\Documents and Settings\Administrator\Application Data\apbr.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O19 - User stylesheet: (file missing)

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.


Exit from HijackThis. Delete this file:-
C:\Documents and Settings\Administrator\Application Data\apbr.exe

Delete this folder:-
C:\Program Files\P.S.Guard


Go to Start > Search. Here click "All files and folders" in the left pane. Next, click on "More advanced options". Here select the options "Search system folders", "Search hidden files and folders" and "Search subfolders". Next, type/copy the below mentioned filename and search for it, if you find it, right-click on it and click delete:-
msinfo.exe


Run CWShredder and click "Fix ->" button.


After this, run CleanUp! and click "Options.." button. Here move the "Quick Setup" slider to "Thorough Cleanup" position. Uncheck the option "Delete Favorites Palces/Bookmarks", if you have any bookmarks. Click "OK" to return to main window, and click "CleanUp!" to start cleaning. After it completes, click "Close" and click "No" to avoid logging off.


Restart the PC, and run HijackThis and please post a fresh log.

Before getting a new HijackThis log, run CounterSpy and click "Spyware Scan" button. Here click the "Scan Options" button and select the "Full Scan" option and then click "Start".
Remove any malware it may find. After this, get a new HijackThis log and post it here.

Hi Swatkat, I will do all this...........just a question. The HJT log entry R0 is the homepage (earmyu.com). Should I still remove it?

Hi,
:oops: I didnt noticed that one. It is a legitimate entry, you can leave it as it is :)

Hey there,
I did everything. I could not find the file C:\Documents and Settings\Administrator\Application Data\apbr.exe , and msinfo.exe but all the other stuff got done. I did not try to connect to the internet yet........I'm a little scared LOL :o . By the way, sorry the reply takes so long. I work all day. Anyway, thanks for your time....... :D
So here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:15:58 PM, on 10/10/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\HPConfig.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\essspk.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\WINNT\ESSD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://earmyu.com/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll (file missing)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [ESS Daemon] C:\WINNT\ESSD.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpa: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\System32\HPConfig.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

Hi,
Log looks clean :)
To make sure that everything is clean, you can perform an online scan at Panda ActiveScan. Save the log it gives after the scan and please post back the same.

Also, download SpywareBlaster and install it. Run it and click "Enable All Protection" and afterwards close it.

Download WinPFind.ZIP and completely extract it to a folder. Then run WinPFind.exe and click "Start Scan". When the scan completes, click "Copy to Clipboard" button to copy the log it gives, and please post it here.

Hi,
:sad: I still can’t get on the Internet. When I open it, it comes up with “can not find server. The I try to go to Daniwen and after I enter it in the Address bar a window pops open saying “ Internet Explorer could not open the search page. Then, when I close that window in the lower bar it reads
“ Downloading from site:res://C:WINN/system32\shdoclc.dll/dnserror.htm.
I have no clue what that is, so I close it befor it finishes.
So, I can’t do the online scan at Panda but I’ll try to download the WinPFind.exe on my Computer and install it on the sick Laptop and post the log.
I sure hope you can help me. Husband’s school is starting again in 3 weeks and we really need the Laptop up and running by then.
Thank's

Hey again.
Here is the WinPFind log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.


If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000    Current Build: Service Pack 2    Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»


Checking %SystemDrive% folder...


Checking %ProgramFilesDir% folder...


Checking %WinDir% folder...
UPX!                 1/10/2005 4:17:24 PM        170053     C:\WINNT\Tsc.exe
UPX!                 2/18/2005 6:40:14 PM        1044560    C:\WINNT\vsapi32.dll
aspack               2/18/2005 6:40:14 PM        1044560    C:\WINNT\vsapi32.dll
PECompact2           10/6/2005 8:48:36 AM        16028767   C:\WINNT\LPT$VPN.879
qoologic             10/6/2005 8:48:36 AM        16028767   C:\WINNT\LPT$VPN.879
SAHAgent             10/6/2005 8:48:36 AM        16028767   C:\WINNT\LPT$VPN.879
PECompact2           10/6/2005 8:48:36 AM        16028767   C:\WINNT\VPTNFILE.879
qoologic             10/6/2005 8:48:36 AM        16028767   C:\WINNT\VPTNFILE.879
SAHAgent             10/6/2005 8:48:36 AM        16028767   C:\WINNT\VPTNFILE.879
UPX!                 5/3/2005 11:44:44 AM        25157      C:\WINNT\RMAgentOutput.dll


Checking %System% folder...
winsync              5/8/2001 5:00:00 AM         1309184    C:\WINNT\SYSTEM32\wbdbase.deu
Umonitor             3/2/2002 2:44:52 PM         528144     C:\WINNT\SYSTEM32\RASDLG.DLL
FSG!                 10/2/2005 4:30:20 PM        1389       C:\WINNT\SYSTEM32\ole32vbs.exe


Checking %System%\Drivers folder and sub-folders...


Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts



Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/10/2005 5:20:38 PM    H  464528     C:\WINNT\ShellIconCache
9/17/2005 3:51:04 PM     H  4          C:\WINNT\uccspecb.sys
9/17/2005 3:51:04 PM     H  111        C:\WINNT\WindowsShellOld.Manifest
10/10/2005 5:31:04 PM    H  1005       C:\WINNT\system32\vsconfig.xml
10/12/2005 5:48:08 AM    H  1024       C:\WINNT\system32\config\software.LOG
10/11/2005 6:03:26 AM    H  1024       C:\WINNT\system32\config\default.LOG
10/10/2005 5:29:50 PM    H  1024       C:\WINNT\system32\config\SECURITY.LOG
10/10/2005 5:29:22 PM    H  1024       C:\WINNT\system32\config\SAM.LOG
10/10/2005 5:29:14 PM     S 64         C:\WINNT\CSC\00000001
9/30/2005 10:08:36 PM     S 64         C:\WINNT\CSC\00000002
10/10/2005 5:29:12 PM    H  6          C:\WINNT\Tasks\SA.DAT


Checking for CPL files...
Microsoft Corporation          5/8/2001 5:00:00 AM         31504      C:\WINNT\SYSTEM32\fax.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         128272     C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         118032     C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         36112      C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         122128     C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         303888     C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         17168      C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         83216      C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         5904       C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         61200      C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         296208     C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         236304     C:\WINNT\SYSTEM32\desk.cpl
Microsoft Corporation          8/29/2002 7:14:40 AM        292352     C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         90896      C:\WINNT\SYSTEM32\powercfg.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         125712     C:\WINNT\SYSTEM32\sysdm.cpl
Intel Corporation              1/9/2002 12:08:18 AM        94208      C:\WINNT\SYSTEM32\igfxcpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         67344      C:\WINNT\SYSTEM32\access.cpl
AvantGo, Inc.                  8/17/2003 6:14:24 PM        69632      C:\WINNT\SYSTEM32\mbllnk.cpl
Apple Computer, Inc.           4/11/2001 12:22:06 PM       287232     C:\WINNT\SYSTEM32\QuickTime.cpl
10/9/1998 5:01:00 PM        183808     C:\WINNT\SYSTEM32\bdeadmin.cpl
Microsoft Corporation          5/22/2002 11:29:20 PM       60824      C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          10/30/2001 8:10:00 AM       326144     C:\WINNT\SYSTEM32\joy.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation          8/29/2002 7:14:40 AM        292352     C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl
IBM Corporation                9/23/1999 6:44:36 PM        94208      C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl


»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»


Checking files in %ALLUSERSPROFILE%\Startup folder...
4/3/2005 4:44:14 PM         618        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Instant Wireless Configuration Utility.lnk
4/3/2005 4:44:10 PM         1488       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
4/3/2005 4:44:14 PM         655        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk


Checking files in %ALLUSERSPROFILE%\Application Data folder...


Checking files in %USERPROFILE%\Startup folder...


Checking files in %USERPROFILE%\Application Data folder...
9/19/2004 9:20:22 PM        0          C:\Documents and Settings\Administrator\Application Data\dm.ini


»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
YComp 5.0.2.4    = Yahoo! Companion


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83BD3F}
= shellwp.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NetWareUNCMenu
{e3f2bac0-099f-11cf-8daa-00aa004a5691}   = nwprovau.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0002-C0E1-C0E1C0E1C0E1}   = C:\PROGRA~1\Corel\WORDPE~1\programs\pfse90.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll


[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}   = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88}   = &Yahoo! Companion    : C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}   = REALBAR  : C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
{8E718888-423F-11D2-876E-00A0C9082467}   = &Radio   : C:\WINNT\system32\msdxm.ocx


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ButtonText   = Create Mobile Favorite   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
MenuText     = Create Mobile Favorite...    : C:\Program Files\Microsoft ActiveSync\inetrepl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText   = Messenger    :


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion  : C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} = REALBAR    : C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
EssSpkPhone essspk.exe
IgfxTray    C:\WINNT\System32\igfxtray.exe
HotKeysCmds C:\WINNT\System32\hkcmd.exe
Synchronization Manager mobsync.exe /logon
SynTPLpr    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HP Display Settings C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
CP4HPOT C:\PROGRA~1\HPONE-~1\OneTouch.EXE
ESS Daemon  C:\WINNT\ESSD.exe
NAV Agent   C:\PROGRA~1\NORTON~1\navapw32.exe
HPDJ Taskbar Utility    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
Symantec NetDriver Monitor  C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
SSC_UserPrompt  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Zone Labs Client    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HP Component Manager    "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update  "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
TkBellExe   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
sunasDTServ C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe


sunasServ   C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL   Installed = 1
MAPI    Installed = 1
MSFS    Installed = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Yahoo! Pager    C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon    1



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun  149



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray          {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit    = C:\WINNT\system32\userinit.exe,
Shell       = Explorer.exe
System      =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nwprovau
= nwprovau.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs



»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/12/2005 5:55:21 AM

Hi,

Make Windows to show all files:-
Go to Start > My Computer.
Go to Tools menu, click Folder Options. Here, Uncheck the option Hide protected operating system files. Then, click to select the option Show hidden files and folders. Click "Apply" and then click "OK" to exit.


Next, boot in Safe Mode.


Delete these files:-
C:\WINNT\RMAgentOutput.dll
C:\WINNT\SYSTEM32\ole32vbs.exe
C:\WINNT\uccspecb.sys


Go to Start > All Programs > Accessories > Command Prompt. Here in the command prompt, type the following command:-
netsh winsock reset and press Enter key.


Reboot the system and please post a new WinPFind log. Also, check whether you can access websites through that PC.

Hey,
I deleted the 3 files, but at the Command Prompt it told me
"The following command was not found: winsock reset"
I will reboot and send you the WinPFind log later.

Ok, I still can't accsess any websites and here is the next WinPFind log.
Thank's

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.


If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000    Current Build: Service Pack 2    Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»


Checking %SystemDrive% folder...


Checking %ProgramFilesDir% folder...


Checking %WinDir% folder...
UPX!                 1/10/2005 4:17:24 PM        170053     C:\WINNT\Tsc.exe
UPX!                 2/18/2005 6:40:14 PM        1044560    C:\WINNT\vsapi32.dll
aspack               2/18/2005 6:40:14 PM        1044560    C:\WINNT\vsapi32.dll
PECompact2           10/6/2005 8:48:36 AM        16028767   C:\WINNT\LPT$VPN.879
qoologic             10/6/2005 8:48:36 AM        16028767   C:\WINNT\LPT$VPN.879
SAHAgent             10/6/2005 8:48:36 AM        16028767   C:\WINNT\LPT$VPN.879
PECompact2           10/6/2005 8:48:36 AM        16028767   C:\WINNT\VPTNFILE.879
qoologic             10/6/2005 8:48:36 AM        16028767   C:\WINNT\VPTNFILE.879
SAHAgent             10/6/2005 8:48:36 AM        16028767   C:\WINNT\VPTNFILE.879
UPX!                 5/3/2005 11:44:44 AM        25157      C:\WINNT\RMAgentOutput.dll


Checking %System% folder...
winsync              5/8/2001 5:00:00 AM         1309184    C:\WINNT\SYSTEM32\wbdbase.deu
Umonitor             3/2/2002 2:44:52 PM         528144     C:\WINNT\SYSTEM32\RASDLG.DLL
FSG!                 10/2/2005 4:30:20 PM        1389       C:\WINNT\SYSTEM32\ole32vbs.exe


Checking %System%\Drivers folder and sub-folders...


Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts



Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/10/2005 5:20:38 PM    H  464528     C:\WINNT\ShellIconCache
9/17/2005 3:51:04 PM     H  4          C:\WINNT\uccspecb.sys
9/17/2005 3:51:04 PM     H  111        C:\WINNT\WindowsShellOld.Manifest
10/10/2005 5:31:04 PM    H  1005       C:\WINNT\system32\vsconfig.xml
10/12/2005 5:48:08 AM    H  1024       C:\WINNT\system32\config\software.LOG
10/11/2005 6:03:26 AM    H  1024       C:\WINNT\system32\config\default.LOG
10/10/2005 5:29:50 PM    H  1024       C:\WINNT\system32\config\SECURITY.LOG
10/10/2005 5:29:22 PM    H  1024       C:\WINNT\system32\config\SAM.LOG
10/10/2005 5:29:14 PM     S 64         C:\WINNT\CSC\00000001
9/30/2005 10:08:36 PM     S 64         C:\WINNT\CSC\00000002
10/10/2005 5:29:12 PM    H  6          C:\WINNT\Tasks\SA.DAT


Checking for CPL files...
Microsoft Corporation          5/8/2001 5:00:00 AM         31504      C:\WINNT\SYSTEM32\fax.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         128272     C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         118032     C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         36112      C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         122128     C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         303888     C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         17168      C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         83216      C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         5904       C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         61200      C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         296208     C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         236304     C:\WINNT\SYSTEM32\desk.cpl
Microsoft Corporation          8/29/2002 7:14:40 AM        292352     C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         90896      C:\WINNT\SYSTEM32\powercfg.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         125712     C:\WINNT\SYSTEM32\sysdm.cpl
Intel Corporation              1/9/2002 12:08:18 AM        94208      C:\WINNT\SYSTEM32\igfxcpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         67344      C:\WINNT\SYSTEM32\access.cpl
AvantGo, Inc.                  8/17/2003 6:14:24 PM        69632      C:\WINNT\SYSTEM32\mbllnk.cpl
Apple Computer, Inc.           4/11/2001 12:22:06 PM       287232     C:\WINNT\SYSTEM32\QuickTime.cpl
10/9/1998 5:01:00 PM        183808     C:\WINNT\SYSTEM32\bdeadmin.cpl
Microsoft Corporation          5/22/2002 11:29:20 PM       60824      C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          10/30/2001 8:10:00 AM       326144     C:\WINNT\SYSTEM32\joy.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation          8/29/2002 7:14:40 AM        292352     C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl
IBM Corporation                9/23/1999 6:44:36 PM        94208      C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl


»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»


Checking files in %ALLUSERSPROFILE%\Startup folder...
4/3/2005 4:44:14 PM         618        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Instant Wireless Configuration Utility.lnk
4/3/2005 4:44:10 PM         1488       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
4/3/2005 4:44:14 PM         655        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk


Checking files in %ALLUSERSPROFILE%\Application Data folder...


Checking files in %USERPROFILE%\Startup folder...


Checking files in %USERPROFILE%\Application Data folder...
9/19/2004 9:20:22 PM        0          C:\Documents and Settings\Administrator\Application Data\dm.ini


»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
YComp 5.0.2.4    = Yahoo! Companion


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83BD3F}
= shellwp.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NetWareUNCMenu
{e3f2bac0-099f-11cf-8daa-00aa004a5691}   = nwprovau.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0002-C0E1-C0E1C0E1C0E1}   = C:\PROGRA~1\Corel\WORDPE~1\programs\pfse90.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll


[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}   = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88}   = &Yahoo! Companion    : C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}   = REALBAR  : C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
{8E718888-423F-11D2-876E-00A0C9082467}   = &Radio   : C:\WINNT\system32\msdxm.ocx


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ButtonText   = Create Mobile Favorite   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
MenuText     = Create Mobile Favorite...    : C:\Program Files\Microsoft ActiveSync\inetrepl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText   = Messenger    :


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion  : C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} = REALBAR    : C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
EssSpkPhone essspk.exe
IgfxTray    C:\WINNT\System32\igfxtray.exe
HotKeysCmds C:\WINNT\System32\hkcmd.exe
Synchronization Manager mobsync.exe /logon
SynTPLpr    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HP Display Settings C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
CP4HPOT C:\PROGRA~1\HPONE-~1\OneTouch.EXE
ESS Daemon  C:\WINNT\ESSD.exe
NAV Agent   C:\PROGRA~1\NORTON~1\navapw32.exe
HPDJ Taskbar Utility    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
Symantec NetDriver Monitor  C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
SSC_UserPrompt  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Zone Labs Client    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HP Component Manager    "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update  "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
TkBellExe   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
sunasDTServ C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe


sunasServ   C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL   Installed = 1
MAPI    Installed = 1
MSFS    Installed = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Yahoo! Pager    C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon    1



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun  149



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray          {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit    = C:\WINNT\system32\userinit.exe,
Shell       = Explorer.exe
System      =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nwprovau
= nwprovau.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs



»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/12/2005 5:55:21 AM

Hi,
The files are still there! We will use KillBox to delete them. Please download KillBox.ZIP and extract it to a folder.


Next, download WinsockXPFix, do not run it now.


Boot in Safe Mode.


Run KillBox.exe and selcet the options: "End Explorer shell while killing file" and "Standard file kill". After this, copy the below mentioned file path completely and paste it in the "Full Path of file to delete" textbox in KillBox:-
C:\WINNT\SYSTEM32\ole32vbs.exe

Once the filepath is pasted in KillBox, click the button which has a "white cross on a red circle" to delete the file.

Next, similary copy these filepaths to KillBox one after another and delete them:-
C:\WINNT\RMAgentOutput.dll
C:\WINNT\uccspecb.sys


After deleting these files, double-click on the WinSockXPFix and then click "Reg Backup" button to backup Registry. After creating backup, click the "Fix" button. Once this operation completes, reboot the system to normal mode and please check whether you can connect to Internet. Also, post a new WinPFind log.

Hi,
the WinsockXPFix is for Win XP. I got Win 2000 on the sick Laptop. Do you still whant me to use it???

Ok, here is the WinPFind log without running the WinsockXPFix. Still no Internet.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.


If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000    Current Build: Service Pack 2    Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»


Checking %SystemDrive% folder...


Checking %ProgramFilesDir% folder...


Checking %WinDir% folder...
UPX!                 1/10/2005 4:17:24 PM        170053     C:\WINNT\Tsc.exe
UPX!                 2/18/2005 6:40:14 PM        1044560    C:\WINNT\vsapi32.dll
aspack               2/18/2005 6:40:14 PM        1044560    C:\WINNT\vsapi32.dll
PECompact2           10/6/2005 8:48:36 AM        16028767   C:\WINNT\LPT$VPN.879
qoologic             10/6/2005 8:48:36 AM        16028767   C:\WINNT\LPT$VPN.879
SAHAgent             10/6/2005 8:48:36 AM        16028767   C:\WINNT\LPT$VPN.879
PECompact2           10/6/2005 8:48:36 AM        16028767   C:\WINNT\VPTNFILE.879
qoologic             10/6/2005 8:48:36 AM        16028767   C:\WINNT\VPTNFILE.879
SAHAgent             10/6/2005 8:48:36 AM        16028767   C:\WINNT\VPTNFILE.879


Checking %System% folder...
winsync              5/8/2001 5:00:00 AM         1309184    C:\WINNT\SYSTEM32\wbdbase.deu
Umonitor             3/2/2002 2:44:52 PM         528144     C:\WINNT\SYSTEM32\RASDLG.DLL


Checking %System%\Drivers folder and sub-folders...


Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts



Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/13/2005 5:22:42 AM    H  464482     C:\WINNT\ShellIconCache
9/17/2005 3:51:04 PM     H  111        C:\WINNT\WindowsShellOld.Manifest
10/12/2005 12:39:28 PM   H  1005       C:\WINNT\system32\vsconfig.xml
10/13/2005 5:40:00 AM    H  1024       C:\WINNT\system32\config\software.LOG
10/13/2005 5:24:16 AM    H  1024       C:\WINNT\system32\config\default.LOG
10/13/2005 5:26:10 AM    H  1024       C:\WINNT\system32\config\SECURITY.LOG
10/13/2005 5:28:34 AM    H  1024       C:\WINNT\system32\config\SAM.LOG
10/13/2005 5:23:58 AM     S 64         C:\WINNT\CSC\00000001
9/30/2005 10:08:36 PM     S 64         C:\WINNT\CSC\00000002
10/13/2005 5:23:58 AM    H  6          C:\WINNT\Tasks\SA.DAT


Checking for CPL files...
Microsoft Corporation          5/8/2001 5:00:00 AM         31504      C:\WINNT\SYSTEM32\fax.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         128272     C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         118032     C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         36112      C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         122128     C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         303888     C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         17168      C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         83216      C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         5904       C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         61200      C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         296208     C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         236304     C:\WINNT\SYSTEM32\desk.cpl
Microsoft Corporation          8/29/2002 7:14:40 AM        292352     C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         90896      C:\WINNT\SYSTEM32\powercfg.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         125712     C:\WINNT\SYSTEM32\sysdm.cpl
Intel Corporation              1/9/2002 12:08:18 AM        94208      C:\WINNT\SYSTEM32\igfxcpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         67344      C:\WINNT\SYSTEM32\access.cpl
AvantGo, Inc.                  8/17/2003 6:14:24 PM        69632      C:\WINNT\SYSTEM32\mbllnk.cpl
Apple Computer, Inc.           4/11/2001 12:22:06 PM       287232     C:\WINNT\SYSTEM32\QuickTime.cpl
10/9/1998 5:01:00 PM        183808     C:\WINNT\SYSTEM32\bdeadmin.cpl
Microsoft Corporation          5/22/2002 11:29:20 PM       60824      C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          10/30/2001 8:10:00 AM       326144     C:\WINNT\SYSTEM32\joy.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation          8/29/2002 7:14:40 AM        292352     C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl
IBM Corporation                9/23/1999 6:44:36 PM        94208      C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl


»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»


Checking files in %ALLUSERSPROFILE%\Startup folder...
4/3/2005 4:44:14 PM         618        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Instant Wireless Configuration Utility.lnk
4/3/2005 4:44:10 PM         1488       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
4/3/2005 4:44:14 PM         655        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk


Checking files in %ALLUSERSPROFILE%\Application Data folder...


Checking files in %USERPROFILE%\Startup folder...


Checking files in %USERPROFILE%\Application Data folder...
9/19/2004 9:20:22 PM        0          C:\Documents and Settings\Administrator\Application Data\dm.ini


»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
YComp 5.0.2.4    = Yahoo! Companion


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83BD3F}
= shellwp.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NetWareUNCMenu
{e3f2bac0-099f-11cf-8daa-00aa004a5691}   = nwprovau.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0002-C0E1-C0E1C0E1C0E1}   = C:\PROGRA~1\Corel\WORDPE~1\programs\pfse90.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll


[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}   = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88}   = &Yahoo! Companion    : C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}   = REALBAR  : C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
{8E718888-423F-11D2-876E-00A0C9082467}   = &Radio   : C:\WINNT\system32\msdxm.ocx


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ButtonText   = Create Mobile Favorite   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
MenuText     = Create Mobile Favorite...    : C:\Program Files\Microsoft ActiveSync\inetrepl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText   = Messenger    :


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion  : C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} = REALBAR    : C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
EssSpkPhone essspk.exe
IgfxTray    C:\WINNT\System32\igfxtray.exe
HotKeysCmds C:\WINNT\System32\hkcmd.exe
Synchronization Manager mobsync.exe /logon
SynTPLpr    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HP Display Settings C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
CP4HPOT C:\PROGRA~1\HPONE-~1\OneTouch.EXE
ESS Daemon  C:\WINNT\ESSD.exe
NAV Agent   C:\PROGRA~1\NORTON~1\navapw32.exe
HPDJ Taskbar Utility    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
Symantec NetDriver Monitor  C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
SSC_UserPrompt  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Zone Labs Client    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HP Component Manager    "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update  "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
TkBellExe   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
sunasDTServ C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe


sunasServ   C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL   Installed = 1
MAPI    Installed = 1
MSFS    Installed = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Yahoo! Pager    C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon    1



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun  149



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray          {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit    = C:\WINNT\system32\userinit.exe,
Shell       = Explorer.exe
System      =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nwprovau
= nwprovau.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs



»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/13/2005 5:44:42 AM

Hi,
You can use WinsockXPFix in 2000 also! It works in all NT based systems.

Hi again,
I ran WinsockXPFix and still no Internet :sad: . I also ran WinPFind again and got the log. I sure hope you are not running out of ideas ;) .
Anyway, here is the latest log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.


If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000    Current Build: Service Pack 2    Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»


Checking %SystemDrive% folder...


Checking %ProgramFilesDir% folder...


Checking %WinDir% folder...
UPX!                 1/10/2005 4:17:24 PM        170053     C:\WINNT\Tsc.exe
UPX!                 2/18/2005 6:40:14 PM        1044560    C:\WINNT\vsapi32.dll
aspack               2/18/2005 6:40:14 PM        1044560    C:\WINNT\vsapi32.dll
PECompact2           10/6/2005 8:48:36 AM        16028767   C:\WINNT\LPT$VPN.879
qoologic             10/6/2005 8:48:36 AM        16028767   C:\WINNT\LPT$VPN.879
SAHAgent             10/6/2005 8:48:36 AM        16028767   C:\WINNT\LPT$VPN.879
PECompact2           10/6/2005 8:48:36 AM        16028767   C:\WINNT\VPTNFILE.879
qoologic             10/6/2005 8:48:36 AM        16028767   C:\WINNT\VPTNFILE.879
SAHAgent             10/6/2005 8:48:36 AM        16028767   C:\WINNT\VPTNFILE.879


Checking %System% folder...
winsync              5/8/2001 5:00:00 AM         1309184    C:\WINNT\SYSTEM32\wbdbase.deu
Umonitor             3/2/2002 2:44:52 PM         528144     C:\WINNT\SYSTEM32\RASDLG.DLL


Checking %System%\Drivers folder and sub-folders...


Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts



Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/13/2005 12:11:06 PM   H  464524     C:\WINNT\ShellIconCache
9/17/2005 3:51:04 PM     H  111        C:\WINNT\WindowsShellOld.Manifest
10/13/2005 4:43:44 PM    H  1005       C:\WINNT\system32\vsconfig.xml
10/13/2005 5:22:20 PM    H  1024       C:\WINNT\system32\config\software.LOG
10/13/2005 4:44:04 PM    H  1024       C:\WINNT\system32\config\default.LOG
10/13/2005 4:43:14 PM    H  1024       C:\WINNT\system32\config\SECURITY.LOG
10/13/2005 4:44:18 PM    H  1024       C:\WINNT\system32\config\SAM.LOG
10/13/2005 4:43:28 PM     S 64         C:\WINNT\CSC\00000001
9/30/2005 10:08:36 PM     S 64         C:\WINNT\CSC\00000002
10/13/2005 4:43:28 PM    H  6          C:\WINNT\Tasks\SA.DAT


Checking for CPL files...
Microsoft Corporation          5/8/2001 5:00:00 AM         31504      C:\WINNT\SYSTEM32\fax.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         128272     C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         118032     C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         36112      C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         122128     C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         303888     C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         17168      C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         83216      C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         5904       C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         61200      C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         296208     C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         236304     C:\WINNT\SYSTEM32\desk.cpl
Microsoft Corporation          8/29/2002 7:14:40 AM        292352     C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         90896      C:\WINNT\SYSTEM32\powercfg.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         125712     C:\WINNT\SYSTEM32\sysdm.cpl
Intel Corporation              1/9/2002 12:08:18 AM        94208      C:\WINNT\SYSTEM32\igfxcpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         67344      C:\WINNT\SYSTEM32\access.cpl
AvantGo, Inc.                  8/17/2003 6:14:24 PM        69632      C:\WINNT\SYSTEM32\mbllnk.cpl
Apple Computer, Inc.           4/11/2001 12:22:06 PM       287232     C:\WINNT\SYSTEM32\QuickTime.cpl
10/9/1998 5:01:00 PM        183808     C:\WINNT\SYSTEM32\bdeadmin.cpl
Microsoft Corporation          5/22/2002 11:29:20 PM       60824      C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          10/30/2001 8:10:00 AM       326144     C:\WINNT\SYSTEM32\joy.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation          8/29/2002 7:14:40 AM        292352     C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation          5/8/2001 5:00:00 AM         41232      C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl
IBM Corporation                9/23/1999 6:44:36 PM        94208      C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl


»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»


Checking files in %ALLUSERSPROFILE%\Startup folder...
4/3/2005 4:44:14 PM         618        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Instant Wireless Configuration Utility.lnk
4/3/2005 4:44:10 PM         1488       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
4/3/2005 4:44:14 PM         655        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk


Checking files in %ALLUSERSPROFILE%\Application Data folder...


Checking files in %USERPROFILE%\Startup folder...


Checking files in %USERPROFILE%\Application Data folder...
9/19/2004 9:20:22 PM        0          C:\Documents and Settings\Administrator\Application Data\dm.ini


»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
YComp 5.0.2.4    = Yahoo! Companion


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83BD3F}
= shellwp.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NetWareUNCMenu
{e3f2bac0-099f-11cf-8daa-00aa004a5691}   = nwprovau.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0002-C0E1-C0E1C0E1C0E1}   = C:\PROGRA~1\Corel\WORDPE~1\programs\pfse90.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}   = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll


[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}   = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88}   = &Yahoo! Companion    : C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}   = REALBAR  : C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
{8E718888-423F-11D2-876E-00A0C9082467}   = &Radio   : C:\WINNT\system32\msdxm.ocx


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ButtonText   = Create Mobile Favorite   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
MenuText     = Create Mobile Favorite...    : C:\Program Files\Microsoft ActiveSync\inetrepl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText   = Messenger    :


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion  : C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} = REALBAR    : C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
EssSpkPhone essspk.exe
IgfxTray    C:\WINNT\System32\igfxtray.exe
HotKeysCmds C:\WINNT\System32\hkcmd.exe
Synchronization Manager mobsync.exe /logon
SynTPLpr    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HP Display Settings C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
CP4HPOT C:\PROGRA~1\HPONE-~1\OneTouch.EXE
ESS Daemon  C:\WINNT\ESSD.exe
NAV Agent   C:\PROGRA~1\NORTON~1\navapw32.exe
HPDJ Taskbar Utility    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
Symantec NetDriver Monitor  C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
SSC_UserPrompt  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Zone Labs Client    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HP Component Manager    "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update  "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
TkBellExe   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
sunasDTServ C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe


sunasServ   C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL   Installed = 1
MAPI    Installed = 1
MSFS    Installed = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Yahoo! Pager    C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon    1



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun  149



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray          {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit    = C:\WINNT\system32\userinit.exe,
Shell       = Explorer.exe
System      =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nwprovau
= nwprovau.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs



»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/13/2005 5:25:38 PM

chyenn,

To narrow down a few things regarding the Internet connection problem:

1. What exact type of connection do you have (dial-up, cable, DSL)?

2. If it's cable or DSL, do you connect directly to the modem, or do you go through a router or switch first?

3. If you're running any firewall software, disable it completely.

4. Some tests:

1. Open your Internet Options control panel, click on the Connections tab, and then on the "LAN Settings" button. In the LAN settings window, make sure none of the proxy-related boxes are checked, and also try toggling the status of the "automatically detect settings" box.


2. Open Internet Explorer and see if you can reach Google and/or Yahoo by their IP addresses as opposed to their URL. In IE's address/location bar, type in the following locations one at a time and tell us what happens:

http://66.102.7.147
http://66.94.230.37


3. Click on the "Run..." option in your Start menu. In the "Open:" box of the resulting window, type "cmd" (omit the quotes) and hit Enter. This will bring up a DOS window

- At the DOS prompt, type the following commands, hit Enter after each, and tell us the exact results:

ping 127.0.0.1
ping 66.102.7.147
ping www.google.com


- Again at the DOS prompt, type the following command, hit Enter, and post the information returned by the command:

ipconfig /all

Hi , ok now we are getting somewhere.
I got the Laptop on DSL over wireless router.
I disabled Zone Alarm, checked the Lan settings and ran all the tests.
I got to Google and Yahoo through the IP address.
Then I did the ping thing. Here are the results:
pinging 127.0.0.1 with 32 bytes of data:
Reply from ping 127.0.0.1 : bytes = 32 times <10ms TTL=128
Reply from ping 127.0.0.1 : bytes = 32 times <10ms TTL=128
Reply from ping 127.0.0.1 : bytes = 32 times <10ms TTL=128
Reply from ping 127.0.0.1 : bytes = 32 times <10ms TTL=128
Ping statistics for 127.0.0.1 :
Packets: Sent = 4, Received = 4, Lost = 0 <0% loss>,
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 66.102.7.147 with 32 bytes of data:
Reply from ping 66.102.7.147 bytes = 32 times <30ms TTL=243
Reply from ping 66.102.7.147 bytes = 32 times <20ms TTL=243
Reply from ping 66.102.7.147 bytes = 32 times <20ms TTL=243
Reply from ping 66.102.7.147 bytes = 32 times <20ms TTL=243
Ping statistics for 66.102.7.147 :
Packets: Sent = 4, Received = 4, Lost = 0 <0% loss>,
Minimum = 20ms, Maximum = 30ms, Average = 22ms

Pinging with www.1.google.com [66.102.7.99] with 32 bytes of data
Reply from 66.102.7.99 : bytes = 32 time = 20 TTL=243
Reply from 66.102.7.99 : bytes = 32 time = 20 TTL=243
Reply from 66.102.7.99 : bytes = 32 time = 20 TTL=243
Reply from 66.102.7.99 : bytes = 32 time = 20 TTL=243
Ping statistics for 127.0.0.1 :
Packets: Sent = 4, Received = 4, Lost = 0 <0% loss>,
Minimum = 20ms, Maximum = 20ms, Average = 20ms

Then I did the ipconfig/all. Here are the results.
Windows 2000 IP Configuration
Host Name : US-E4POYP5HL5PW
Primary DSN Suffix :
Node Type : Hybrid
IP Routing Enabled : No
WINS Proxy Enabled : No

Ethernet adapter Local Area Connection 2 :
Connection – specific DSN Suffix :
Description : Instant Wireless Network PC Card V3.

Physical Address : 00-06-25-A9-09-52
DHCP Enabled : Yes
Autoconfiguration Enabled : Yes
IP Address : 192.168.2.100
Subnet Mask : 225.255.255.0
Default Gateway : 192.168.2.1
DHCP Server : 192.168.2.1
DSN Servers : 68.238.62.12
68.238.96.12
Lease Obtained : Thursday, October 13.2005 4:43:05PM
Laese Expires : Friday, October 14.2005 4:43:05PM
Now with Zone Alarm off I can get on the Web and serf. With Zone Alarm on, my homepage will come up but I can’t go to other web pages.
Zone Alarm will pop open and say “Services and Controller app is trying to access the Internet. If I say No, I can’t go to other pages. If I say Yes, then I can serf.
I’m not sure what Services and Controller app is but I noticed that it is connecting to the DSN Server IP 68.238.96.12.
I hope this is all useful info for you. Thanks for taking the time to help me.

ok now we are getting somewhere.

Yes, we are; good troubleshooting. :)

The "Services and Controller" program is a component of Win 2K and XP which manages Windows operating system services. The actual program file is named services.exe; you will see it listed as a running process in your Task Manager. On a Win 2K system, services.exe should live in the C:\WINNT\system32\ folder; on an XP system it will live in the C:\Windows\system32\ folder. If you find a file named services.exe living in any other folder, there's a pretty good chance that that version of services.exe is part of an infection.

The next time Zone Alarm gives you the “Services and Controller app..." message, allow the connection, and also tell ZA to remember your choice (in other words, tell ZA not to prompt you in the future).

:) Hey swatkat and DMR,
Thank you so much for all your help and patience. There is no way I could have figured this out without your help. The Laptop is clean and up and running and I learned a lot!!! ;)
Again, thanks and take care

Thank you DMR for helping out :)

You're welcome folks. It's good to back from vacation and in full swing here again! :)


chyenn,

Now that your system appears to be clean, please read the following thread for some suggestions on how to protect yourself from future infections:

http://www.daniweb.com/techtalkforums/thread27519.html

Will do......will do......... :D .

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.