1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: MS-DOS Command Prompt Problem (cmd.exe, command.com)

Discussion in 'Windows XP' started by cheaseeater, Jan 18, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. cheaseeater

    cheaseeater Thread Starter

    Joined:
    Dec 30, 2006
    Messages:
    109
    I have Windows XP on my computer, and when I try to ping something through the command prompt (command.com), this shows up:

    C:\WINDOWS\system32\command.com
    The NTVDM CPU has encountered an illegal instruction.
    CS:0f23 IP:010c OP:c4 f6 06 a9 02 Choose 'Close' to terminate the application

    Running tracert also has the same problem.


    If I try running ping or tracert through cmd.exe, it stalls and doesn't do anything. I have to close the program because it doesn't respond.


    I can use ipconfig in both cmd.exe and command.com. Do I have a virus on my computer, or is there a way to repair the command prompt? I've attached a HijackThis log file.

    Logfile of HijackThis v1.99.1
    Scan saved at 6:47:15 PM, on 1/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\system32\ltmsg.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\SightSpeed\SightSpeed.exe
    C:\Palm\hotsync.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\aim6\anotify.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [Si Meter] C:\PROGRA~1\SIMETE~1\SiMeter.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [SightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe -minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MRIS VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
    O4 - Global Startup: TrayMin200.exe.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
     

    Attached Files:

  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, cheaseeater :)

    Check the computer for the existence of files that should be .exe and appear as .com files.

    Download the enclosed folder and extract its contents to the desktop. It is a batch file. Double click on it and a new document will be produced. Post its contents in a reply.
     

    Attached Files:

  3. cheaseeater

    cheaseeater Thread Starter

    Joined:
    Dec 30, 2006
    Messages:
    109
    Volume in drive C has no label.
    Volume Serial Number is 4029-4DC2

    Directory of C:\Windows\System32

    08/18/2001 07:00 AM 7,680 CHCP.COM
    08/18/2001 07:00 AM 50,620 COMMAND.COM
    08/18/2001 07:00 AM 9,216 DISKCOMP.COM
    08/18/2001 07:00 AM 7,168 DISKCOPY.COM
    08/18/2001 07:00 AM 69,886 EDIT.COM
    08/18/2001 07:00 AM 25,600 FORMAT.COM
    08/18/2001 07:00 AM 26,112 GRAFTABL.COM
    08/18/2001 07:00 AM 19,694 GRAPHICS.COM
    08/18/2001 07:00 AM 14,710 KB16.COM
    08/18/2001 07:00 AM 1,131 LOADFIX.COM
    08/18/2001 07:00 AM 19,456 MODE.COM
    08/18/2001 07:00 AM 15,872 MORE.COM
    08/18/2001 07:00 AM 11,264 TREE.COM
    08/18/2001 07:00 AM 18,432 WIN.COM
    14 File(s) 296,841 bytes
    0 Dir(s) 5,263,011,840 bytes free
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, cheaseeater :)

    There is no sign of malware in your log, nor an issue with the .com files. I will request someone to take a look at it.
     
  5. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    When these COM files get "dumped", are they not dumped as Hidden files??

    IE: Your batch file should include the /AH switch?
     
  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    That's a great idea.

    Hi, cheaseeater :)

    Download and run the enclosed file.

    Thanks, WhitPhil (y)
     

    Attached Files:

  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ping should be run through cmd.exe not command.com

    Do you have a linksys router by any chance?

    I could not do pings with a linksys router and a specific firmware version. It is corrected in the more recent versions.

    If you are connected through a router -- try the ping command connected directly to the modem, bypassing the router.
     
  8. cheaseeater

    cheaseeater Thread Starter

    Joined:
    Dec 30, 2006
    Messages:
    109
    The modem has an IP address? How would that work?
     
  9. cheaseeater

    cheaseeater Thread Starter

    Joined:
    Dec 30, 2006
    Messages:
    109
    Volume in drive C has no label.
    Volume Serial Number is 4029-4DC2

    Directory of C:\Windows\System32

    08/18/2001 07:00 AM 7,680 CHCP.COM
    08/18/2001 07:00 AM 50,620 COMMAND.COM
    08/18/2001 07:00 AM 9,216 DISKCOMP.COM
    08/18/2001 07:00 AM 7,168 DISKCOPY.COM
    08/18/2001 07:00 AM 69,886 EDIT.COM
    08/18/2001 07:00 AM 25,600 FORMAT.COM
    08/18/2001 07:00 AM 26,112 GRAFTABL.COM
    08/18/2001 07:00 AM 19,694 GRAPHICS.COM
    08/18/2001 07:00 AM 14,710 KB16.COM
    08/18/2001 07:00 AM 1,131 LOADFIX.COM
    08/18/2001 07:00 AM 19,456 MODE.COM
    08/18/2001 07:00 AM 15,872 MORE.COM
    08/18/2001 07:00 AM 11,264 TREE.COM
    08/18/2001 07:00 AM 18,432 WIN.COM
    14 File(s) 296,841 bytes
    0 Dir(s) 5,254,320,128 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 4029-4DC2

    Directory of C:\Windows\System32

    07/10/2005 06:25 PM 2 cmd.com
    07/10/2005 06:25 PM 2 ping.com
    07/10/2005 06:25 PM 2 regedit.com
    07/10/2005 06:25 PM 2 tasklist.com
    07/10/2005 06:25 PM 2 tracert.com
    5 File(s) 10 bytes
    0 Dir(s) 5,254,320,128 bytes free
     
  10. cheaseeater

    cheaseeater Thread Starter

    Joined:
    Dec 30, 2006
    Messages:
    109
    C:\WINDOWS\system32\cmd.exe - ping 192.168.2.1
    The NTVDM CPU has encountered an illegal instruction.
    CS:0dee IP:001e OP:ff ff ff ff ff Choose 'Close' to terminate the application

    This happens when i tried pinging through cmd.exe
     
  11. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, cheaseeater :)

    Download ComboFix from Here or Here. to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    When connected to the modem your WAN address will be used; this is the actual address that is seen in the internet and is what we see here.

    When you are connected to a router -- you normaly see only the LAN address that the router assigns it when running ipconfig /all

    Have no fear you will not lose any connectivity with this

    But you didn't tell me whether you have a Linksys router. If you do, I KNOW this is the problem because I could neither ping or do tracerts until I upgraded the firmware. And IF you do, you may not want to upgrade to the very lastest version -- I had problems with that as well.
     
  13. cheaseeater

    cheaseeater Thread Starter

    Joined:
    Dec 30, 2006
    Messages:
    109
    Yeah, but I can't ping anything with this computer. I have a U.S. Robotics Wireless Router.
     
  14. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    Did you run the Combo fixes?
     
  15. cheaseeater

    cheaseeater Thread Starter

    Joined:
    Dec 30, 2006
    Messages:
    109
    Just did.

    "Chris" - 07-01-20 10:19:29 Service Pack 2
    ComboFix 07-01-18 - Running from: "C:\Documents and Settings\Chris\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\cmd.com
    C:\WINDOWS\system32\ping.com
    C:\WINDOWS\system32\REGEDIT.com
    C:\WINDOWS\system32\tasklist.com
    C:\WINDOWS\system32\tracert.com
    C:\Program Files\winupdates


    ((((((((((((((((((((((((((((((( Files Created from 2006-12-20 to 2007-01-20 ))))))))))))))))))))))))))))))))))


    2007-01-17 21:58 <DIR> d-------- C:\DOCUME~1\Chris\Application Data\Wireshark
    2007-01-17 21:51 <DIR> d-------- C:\Program Files\Wireshark
    2007-01-17 20:50 <DIR> d-------- C:\Program Files\BySoft Network Monitor
    2007-01-17 20:49 <DIR> d-------- C:\Downloads
    2007-01-17 20:49 <DIR> d-------- C:\DOCUME~1\Chris\Application Data\GetRightToGo
    2007-01-17 18:32 <DIR> d-------- C:\Program Files\Microsoft Encarta
    2007-01-17 18:27 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2007-01-17 17:44 <DIR> d-------- C:\Program Files\Microsoft Works Suite 2004
    2007-01-17 16:57 5,632 --a------ C:\WINDOWS\SYSTEM32\write.exe
    2007-01-17 16:51 73,216 --a------ C:\WINDOWS\SYSTEM32\avwav.dll
    2007-01-17 16:51 44,544 --a------ C:\WINDOWS\SYSTEM32\hticons.dll
    2007-01-17 16:51 227,840 --a------ C:\WINDOWS\SYSTEM32\avtapi.dll
    2007-01-17 16:51 16,384 --a------ C:\WINDOWS\SYSTEM32\avmeter.dll
    2007-01-17 16:51 138,752 --a------ C:\WINDOWS\SYSTEM32\sndvol32.exe
    2007-01-17 16:50 35,328 --a------ C:\WINDOWS\SYSTEM32\winchat.exe
    2007-01-17 16:46 80,384 --a------ C:\WINDOWS\SYSTEM32\charmap.exe
    2007-01-17 16:46 605,696 --a------ C:\WINDOWS\SYSTEM32\getuname.dll
    2007-01-17 16:46 56,832 --a------ C:\WINDOWS\SYSTEM32\sol.exe
    2007-01-17 16:46 55,296 --a------ C:\WINDOWS\SYSTEM32\freecell.exe
    2007-01-17 16:46 126,976 --a------ C:\WINDOWS\SYSTEM32\mshearts.exe
    2007-01-17 16:46 119,808 --a------ C:\WINDOWS\SYSTEM32\winmine.exe
    2007-01-17 16:46 114,688 --a------ C:\WINDOWS\SYSTEM32\calc.exe
    2007-01-17 15:24 <DIR> d-------- C:\DOCUME~1\Chris\.Analyzer
    2007-01-11 11:22 <DIR> d-------- C:\DOCUME~1\Guest\Application Data\acccore
    2007-01-10 22:50 <DIR> d-------- C:\Program Files\RegistrySmart
    2007-01-08 20:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
    2007-01-08 20:06 <DIR> d-------- C:\DOCUME~1\Chris\Application Data\River Past G5
    2007-01-08 20:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\River Past G5
    2007-01-02 21:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
    2007-01-02 21:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
    2007-01-01 19:56 <DIR> d-------- C:\Program Files\Gamescampus
    2007-01-01 18:25 <DIR> d-------- C:\Hijackthis
    2006-12-31 12:01 606,684 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys
    2006-12-30 22:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
    2006-12-30 22:35 <DIR> d-------- C:\DOCUME~1\Chris\Application Data\Lavasoft
    2006-12-29 17:41 <DIR> d-------- C:\Program Files\7-Zip
    2006-12-29 16:39 <DIR> d-------- C:\Program Files\ACW
    2006-12-29 15:21 <DIR> d-------- C:\DOCUME~1\Chris\Application Data\Hamachi
    2006-12-29 15:19 16,224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hamachi.sys
    2006-12-29 14:39 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2006-12-29 14:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
    2006-12-29 14:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
    2006-12-20 16:41 <DIR> d-------- C:\Program Files\Virtual Earth 3D
    2006-12-20 16:22 <DIR> d-------- C:\Program Files\SightSpeed


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-20 10:14 -------- d-------- C:\DOCUME~1\Chris\Application Data\skype
    2007-01-20 10:02 -------- d-------- C:\Program Files\mozilla firefox
    2007-01-19 20:25 -------- d-------- C:\Program Files\warcraft iii
    2007-01-17 18:35 0 --a------ C:\DOCUME~1\Chris\Application Data\wklnhst.dat
    2007-01-17 18:30 -------- d-------- C:\Program Files\microsoft works
    2007-01-17 16:51 -------- d-------- C:\Program Files\windows nt
    2007-01-17 16:14 6144 --a------ C:\WINDOWS\SYSTEM32\snmpmib.dll
    2007-01-17 16:09 39936 --a------ C:\WINDOWS\SYSTEM32\hostmib.dll
    2007-01-10 23:04 -------- d-------- C:\Program Files\lavasoft
    2007-01-10 22:46 -------- d-------- C:\Program Files\microsoft games
    2007-01-10 22:45 -------- d--h----- C:\Program Files\installshield installation information
    2007-01-10 22:45 -------- d-------- C:\Program Files\phonetools
    2007-01-10 22:44 -------- d-------- C:\Program Files\rgenius
    2007-01-10 22:44 -------- d-------- C:\Program Files\qlp 2002 deluxe
    2007-01-10 22:33 56 -r-hs---- C:\WINDOWS\SYSTEM32\0cd9b03da9.sys
    2007-01-10 22:30 -------- d-------- C:\Program Files\microsoft money
    2007-01-10 22:28 -------- d-------- C:\Program Files\diablo ii
    2007-01-08 20:38 -------- d-------- C:\DOCUME~1\Chris\Application Data\cowon
    2007-01-08 18:18 -------- d-------- C:\Program Files\mcafee
    2007-01-03 22:18 -------- d-------- C:\Program Files\viewpoint
    2007-01-01 19:54 -------- d-------- C:\Program Files\softnyx
    2006-12-31 13:52 -------- d-------- C:\DOCUME~1\Chris\Application Data\comcast
    2006-12-31 11:55 -------- d-------- C:\Program Files\at&t global network client
    2006-12-30 23:55 -------- d-------- C:\Program Files\creative
    2006-12-30 22:05 -------- d-------- C:\Program Files\yahoo!
    2006-12-29 14:17 -------- d-------- C:\Program Files\java
    2006-12-20 16:44 -------- d---s---- C:\DOCUME~1\Chris\Application Data\microsoft
    2006-12-19 20:29 -------- d-------- C:\Program Files\wc3banlist
    2006-12-11 20:01 -------- d-------- C:\Program Files\interactive c 6.0.14
    2006-12-03 11:17 -------- d-------- C:\DOCUME~1\Chris\Application Data\aim
    2006-12-03 11:08 -------- d-------- C:\Program Files\Common Files\aol
    2006-12-03 01:03 -------- d-------- C:\DOCUME~1\Chris\Application Data\acccore
    2006-12-03 01:02 -------- d-------- C:\Program Files\aim6
    2006-11-20 03:42 33280 --a------ C:\WINDOWS\SYSTEM32\snmp.exe
    2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
    2006-11-04 14:14 1245696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    @=""
    "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
    "Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
    "delsaap"=""
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
    "Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /Minimized"
    "PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Comcast\\COMCAS~1\\data\\xtras\\mssysmgr.exe"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
    "SightSpeed"="C:\\Program Files\\SightSpeed\\SightSpeed.exe -minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
    "AdaptecDirectCD"="\"C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
    "zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
    "EM_EXEC"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
    "UpdReg"="C:\\WINDOWS\\Updreg.exe"
    "AHQInit"="C:\\Program Files\\Creative\\SBLive\\Program\\AHQInit.exe"
    "MMTray"="C:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mm_tray.exe"
    "nwiz"="nwiz.exe /install"
    "ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "BigDogPath"="C:\\WINDOWS\\VM_STI.EXE Philips SPC 200NC PC Camera"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
    "LTWinModem1"="ltmsg.exe 9"
    "Si Meter"="C:\\PROGRA~1\\SIMETE~1\\SiMeter.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"="Narrator.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"="Narrator.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
    Shell\AutoRun\command F:\autoplay.exe

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
    Shell\AutoRun\command G:\autorun.exe
    Shell\directx\command G:\DirectX9\dxsetup.exe
    Shell\setup\command G:\setup.exe

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a8caa9e-2007-11db-9916-00c049f89255}]
    Shell\AutoRun\command K:\setupSNK.exe



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20070102-214232-221
    O21 - SSODL: Security Connection - {62A506DA-933E-4EDA-B089-6BAEB34E4A09} - C:\WINDOWS\system32\rmocecat.dll (file missing)
    backup-20070102-214232-846
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    backup-20070102-214232-155
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    backup-20070102-214232-272
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    backup-20070102-214232-858
    O4 - Startup: PowerReg Scheduler V3.exe
    backup-20070102-214232-136
    O4 - HKCU\..\Run: [delmsbb] C:\WINDOWS\delmsbb.exe
    backup-20070102-214232-107
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    backup-20070102-214232-907
    O4 - HKCU\..\Run: [Internet Update] C:\WINDOWS\system32\ntiotrol.exe
    backup-20070102-214232-320
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    backup-20070102-214232-359
    O4 - HKLM\..\Run: [E.exe] C:\documents and settings\chris\local settings\temp\E.exe
    backup-20070102-214232-365
    O4 - HKLM\..\Run: [Y7SXk6.exe] C:\documents and settings\kevin\local settings\temp\Y7SXk6.exe
    backup-20070102-214232-299
    O4 - HKCU\..\Run: [msconf] C:\WINDOWS\system32\msconf.exe
    backup-20070102-214232-113
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Yfl8.exe
    backup-20070102-214232-964
    O4 - HKLM\..\Run: [Internet Update] C:\WINDOWS\system32\ntiotrol.exe
    backup-20070102-214232-850
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    backup-20070102-214232-374
    O4 - HKLM\..\Run: [delsaap] C:\WINDOWS\delsaap.exe
    backup-20070102-214232-803
    O4 - HKLM\..\Run: [delmsbb] C:\WINDOWS\delmsbb.exe
    backup-20070102-214232-165
    O4 - HKLM\..\Run: [Y7SXk6] C:\documents and settings\kevin\local settings\temp\Y7SXk6.exe
    backup-20070102-214232-609
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntiotrol.exe
    backup-20070102-214232-877
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    backup-20070102-214232-699
    O4 - HKLM\..\Run: [vvjitybo] C:\WINDOWS\wmuxpslm.exe
    backup-20070102-214232-667
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    backup-20070102-214232-967
    O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
    backup-20070102-214232-629
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\McDefragTask.job
    C:\WINDOWS\tasks\McQcTask.job

    Completion time: 07-01-20 10:26:21
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/536417

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice