PDA

View Full Version : Local Area Connection replaced with "Internet Connection"



DigitalMessiah
09-10-2007, 09:54 AM
so I want to run a program called hamachi.... Noticed it doesn't work , some error with the lan adapter... i open my network connections to find I don't have the usual Local Area connection

I have something called internet Connection, I've seen this before and have always on previous installations of Windows XP Pro, have disabled this so LAC is the only thing there, I go to hit the Setup Home or Office network and it says I don't meet the requirements, either my drivers , or NIC are not installed, or there are missing cables or the like... yet here I am posting this message... Any idea how to get my net back to the way it's supposed to be?


And P.S

I'm back SpeedyGonzales, thanks for all your help in the past

DigitalMessiah
09-10-2007, 10:30 AM
Just to add, this says it is an Internet Gateway... but I'm the only computer hooked in to the Router... there is however a couple people hooked in Wirelessly on the LAN, but I have no wireless networking card

pctek
09-10-2007, 11:11 AM
I have something called internet Connection, I have disabled this so LAC is the only thing there, I go to hit the Setup Home or Office network and it says I don't meet the requirements,yet here I am posting this message..

Network is not the same as internet.
If you have LAN already then why mess with it?
Just remove the Internet thing.

DigitalMessiah
09-10-2007, 11:15 AM
On previous installations of XP, LAC would be there, and this gateway thing, and i'd always remove the gateway, THIS time, I have NO LAC, and an internet gateway that I'm connected on

i've tried disabling Wi-Fi and stuff regardless of the fact I have no Wi-Fi Card. and i am the only connection on the router, When I plug DIRECTLY to the modem, I have no connection whatsoever

DigitalMessiah
09-10-2007, 11:35 AM
Also note, that I may of improperly removed Nvidia ActiveArmor firewall and that I have the latest version of McAfee Security Suite

Speedy Gonzales
09-10-2007, 12:20 PM
You should NEVER install anything to do with Nvidia firewall. Dont know if Nvidia Armour firewire is the same as Nvidia firewall on some mobos.

BUT, I think it is.

Its most probably screwing things up.

If you download files, are they corrupt? If they are, thats most probably why.

HOW did you uninstall/remove Nvidia firewall then?

You didnt delete its folder did you? Without uninstalling it?

DigitalMessiah
09-10-2007, 01:08 PM
I deleted ONE file, some sort of htm file that opened the configuration of it, THEN it said in order to uninstall (via a information website just like this) I need to remove nForce Networking Management or something or other out of my Programs list... I did so... and my net still worked and everything, and I just now notice I have no Local Area connection... NOW after fiddling with everything, my McAfee says there is problems (After a few System restorations and undo's) I have NOTHING AT ALL in my Network Connections, yet here I am once again typing to you all..

And under device manager i have this for my Network Adapters

NVIDIA nForce Networking Controller
Driver Date 2/17/2006
Driver Version 50.2.3.0

MS Windows Hardware compatibility (AKA Digitally Signed)

Now, I go to Setup office or home network, and it says there are things missing and preventing me from doing so.

I've downloaded plenty of files since I ditched Active Armor, and things were fine...

DigitalMessiah
09-10-2007, 01:10 PM
I have an MSI K8NGM2 Motherboard, I got it from Newegg... I can't find the original Driver disk

However I can provide you with what little info I know

It has PCI-E 16X, a 1X, and I think 3 PCI standards

It has integrated Network card, I believe it's nForce 4 no idea though

I've tried downloading a Few things for Nvidia nForce4 off the nvidia site but nothing seems to restore the LAC or ANYTHING to my network connections list

it is Socket 939 With an AMD Athlon X2 64 4200+ Winchester model

Speedy Gonzales
09-10-2007, 01:17 PM
HOW are you connecting to the net then??

Dialup or broadband??

If dialup, then it wouldnt need the LAN.

The LAN is only for connecting to another computer on a home network. NOT the net.

But, if youre using broadband, and using a router or something, the network cable would be going from the NIC on the case, to the router, wouldnt it?

I think youre getting confused between Nvidia firewall (a firewall), and a Nvidia based NIC, which would be the onboard LAN. Theyre not the same thing.

Is this the only entry under network adapters then??

NVIDIA nForce Networking Controller
Driver Date 2/17/2006
Driver Version 50.2.3.0 ?

Try deleting this and reboot.

See what happens, and see if anything appears in Network connections.

DigitalMessiah
09-10-2007, 01:19 PM
I'm on Shentel NTC Cable, it's a local crap service, I'm going from my Integrated NIC, to the Router, to the Modem, If I go STRAIGHT to the Modem, I have no connection

I honestly have NO Idea how i'm holding an internet connection with nothing under network connections

Ever since I've been using Cable, for about 3 years, I've ALWAYS been connected when my Local Area Connection was enabled and running

Nvidia Firewall is gone, I don't see any of it anywhere, I could run a search for something though

That nForice networking controller is there, and Hamachi, the VPN program i've used for a couple years, I've disabled that to try and trouble shoot

If I delete the networking controller I lose the internet all together

DigitalMessiah
09-10-2007, 01:21 PM
Let me get you an updated HJT Report, changing stuff around, useless junk and what not

Everytime I restart I get something saying Found New Hardware, PCI Device

and it can never find the drivers it needs

Speedy Gonzales
09-10-2007, 01:33 PM
You've got a MSN messenger worm, by the looks of it.

Run HJT again, tick these entries then tick fix checked

Close browser/s.

These are safe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

This is a worm

O4 - HKLM\..\Run: [Microsoft Spooler Service] rBot.exe

These are safe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

Worm

O4 - HKLM\..\RunServices: [Microsoft Spooler Service] rBot.exe

If you dont use Nero Home, tick this

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

Get trojan remover in my sig too. Update it then scan, then select all options under the utilities menu.

See if The removal tool finds it and removes it (http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FxKelvir.exe)

And read this (http://www.symantec.com/business/security_response/writeup.jsp?docid=2005-030810-3319-99)

DigitalMessiah
09-10-2007, 01:39 PM
Acquired that rBot.exe a month and a half ago when attempting to obtain some "illegal programs"... McAfee Quarentined it, I did the FIX on HJT for that just now, and am Running the two tools you said to use,

Basically it looks like it Can't find my ethernet driver, even though the Device manager says it is there..

Does this look like i'll need to reformat again?

I've been wondering why people can't view me on the network.. I can see them and access their files, but they can't see me or do anything to me

DigitalMessiah
09-10-2007, 01:44 PM
Here is what I have so far, I will edit accordingly

Taken from Trojan Remover

This file is called by a system services registry key

C:\WINDOWS\system32\DRIVERS\AmdTools.sys

an executable file with this name has not been found

it may not exist, the file is loaded by the following key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\AmdTools\"ImagePath"


and this one
F:\INSTALL\GMSIPCI.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\GMSIPCI\"ImagePath"

Speedy Gonzales
09-10-2007, 01:44 PM
Acquired that rBot.exe a month and a half ago when attempting to obtain some "illegal programs"...

Well, obviously it didnt do it properly, since its running on startup.

And tick everything else I posted as well.

You'll know for next time, dont go to crack or warez sites.

Speedy Gonzales
09-10-2007, 01:45 PM
Here is what I have so far, I will edit accordingly

Taken from Trojan Remover

This file is called by a system services registry key

C:\WINDOWS\system32\DRIVERS\AmdTools.sys

an executable file with this name has not been found

it may not exist, the file is loaded by the following key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\AmdTools\"ImagePath"

Select remove from the registry. And if it detects any files relating to Kelvir select remove reference from the registry.

Then reboot then select all options under the utilities menu.

DigitalMessiah
09-10-2007, 02:19 PM
I've reset everything, about to restart here soon, the Symantec Kelvir searcher is just about done, hang tight

bear in mind that when i open a command prompt

and type ipconfig

I get this...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Sean>ipconfig

Windows IP Configuration


Ethernet adapter {C7819F84-0025-46E9-9940-D5437665BC25}:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 5.0.0.17
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

C:\Documents and Settings\Sean>


I believe the first ip with the odd numbers is Hamachi... my VPN

pctek
09-10-2007, 02:25 PM
[B]

If dialup, then it wouldnt need the LAN.

The LAN is only for connecting to another computer on a home network. NOT the net.

Er.....I connect via LAN to the internet.
You mean LAN is for broadband or networks - specifically your connection to an adsl modem.

Not for dialup.

And the net is a network.

DigitalMessiah
09-10-2007, 05:21 PM
Well after bumbling with some nForce drivers, i got the net BACK again.. Still have nothing in my network connections menu... ipconfig shows I have a connection..

VPN is shot.. setting up home network is shot... By the looks of it, reformatting may be my only solution if you guys are out of ideas...

However I can't find the original disk that came with my mobo to install all the basic drivers.... so... yeah

Apparently I DO have nForce4 , onboard NIC....

I don't know what other information I can provide to help assist you guys...

DigitalMessiah
09-10-2007, 05:24 PM
My latest HJT report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:54 AM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Reaper Gaming Mouse] C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: McAfee Application Installer Cleanup (0027591191892238) (0027591191892238mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\002759~1.EXE (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6273 bytes

wainuitech
09-10-2007, 05:26 PM
You can try a Non Distructive Reinstall, download any drivers for your MB from the manufactures web site first,( just in case they are required) save them to either USB / CD. then may pay to save any data that you may not want to lose as a saftey measure.

Non Distructive Reinstall:

You will need your 25 digit product key for this.

Place XP CD in drive: Reboot or shutdown and start PC.
1.When the Press any key to boot from CD message is displayed on your screen, press a key to start your computer from the Windows XP CD.

2.Press ENTER when you see the message To setup Windows XP now, and then press ENTER displayed on the Welcome to Setup screen.

3.Do not choose the option to press R to use the Recovery Console.

4.In the Windows XP Licensing Agreement, press F8 to agree to the license agreement.

5.Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.

6.Follow the instructions on the screen to complete Setup.

Speedy Gonzales
09-10-2007, 05:32 PM
Run HJT again tick these entries, then tick fix checked

Close browser/s again

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

As in my previous post if you dont use Nero Home, tick this.

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

Did trojan remover find anything or remove anything??

What about the Symantec tool?

DigitalMessiah
10-10-2007, 03:11 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:39 AM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Reaper Gaming Mouse] C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: McAfee Application Installer Cleanup (0027591191892238) (0027591191892238mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\002759~1.EXE (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5409 bytes


Trojan remover found as I stated in a previous post, missing entries..

the Kelvir fix didn't find anything

Speedy Gonzales
10-10-2007, 08:35 AM
Run HJT again, and tick this entry

Close browser/s.

O23 - Service: McAfee Application Installer Cleanup (0027591191892238) (0027591191892238mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\002759~1.EXE (file missing)

DigitalMessiah
10-10-2007, 01:45 PM
Wain

I have a K8NGM2 motherboard from MSI, with nForce 4 , it came with Onboard GeForce 6150 if that helps, as I said earleir, it has a pci-e 16 and 1x, and 3 pci standards

It's socket 939

Think you can help me locate the Ethernet driver that comes with it?

here is my next HJT report Speedy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:17 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\THQ\Company of Heroes\RelicCOH.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Reaper Gaming Mouse] C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: McAfee Application Installer Cleanup (0027591191892238) (0027591191892238mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\002759~1.EXE (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5434 bytes

Speedy Gonzales
10-10-2007, 01:55 PM
Tick the entry I posted in my previous post.

After this tick this entry that should be it. Dont post anymore logs.

You'll have to find out if its this (http://global.msi.com.tw/index.php?func=proddesc&prod_no=224&maincat_no=1&cat2_no=171&cat3_no=6)

Or this (http://global.msi.com.tw/index.php?func=proddesc&prod_no=245&maincat_no=1&cat2_no=171&cat3_no=6)

DigitalMessiah
10-10-2007, 02:35 PM
It's the NBP, I remember the color of the SATA Plugs and the RAM bay colors

so the second mobo

wainuitech
10-10-2007, 02:44 PM
It's the NBP, I remember the color of the SATA Plugs and the RAM bay colors

so the second mobo
Just looked at the drivers from the page speedy provided, both boards look to use the same driver, download the system driver for your OS and install that if required.

All a non distruct reinstall will do is reinstall Windows, it may or may not fix the whole problem. Sometimes you still end up having to save all your data ( which you shoul do any way) then wipe the drive and start again from fresh.

DigitalMessiah
12-10-2007, 02:00 AM
Installed the drivers, still connected, but LAC is still missing... No idea what's going on, I'm at a standstill on what to do, I guess as long as I can network with my other computers, from me, out, they can't see my files... I can still play ACTUAL , LAN games, I guess I shouldn't worry about getting VPN to work, unless anyone can recommend a good VPN Software?

DigitalMessiah
15-10-2007, 05:44 AM
bump



any good VPN programs anyone would recommend?

dugimodo
15-10-2007, 10:30 AM
Did you uninstall Hamachi ?

I tried and failed to use that also, and it caused me some grief until I got rid of it. It attempts to disguise an internet connection as a local LAN so you can play muliplayer games with your friends as if you were all connected to a local LAN.

Most multiplayer games can be played over the net without using this.

DigitalMessiah
15-10-2007, 01:02 PM
Some of the games I want to play with friends ... well, let's just say I didn't actually buy it... We'll leave it at that lol