Help...fixing other peoples computers is an adventure

Discussion in 'A+ Certification' started by David Nesbitt, Jul 28, 2004.

  1. Just got my A+ ( thank Mike Meyers ) and am currently studying the Network

    Soooo! was called to fix a friend's PC.

    The PC ( CLone PIII-800 ) is running Windows XP Home. The system became
    infected with many virus's which I have eliminated with Norton Anti Virus.
    LiveUPdate will not access the Symantec Web Site and Norton Internet
    refuses to run at all.

    I uninstalled both Anti Virus and NIS and reinstalled....same problem.

    So I decided to reinstall/upgrade WIndows XP Home and now find that I can
    access the internet in Normal mode ( Page Not Found ) for any sites, but
    can if I go into Safe Mode with Networking. all works well.

    I have updated with Windows XP with Windows Update while in safe mode
    it is not receommended. Same problem...IE accesses web sites in safe mode
    but not in
    normal mode.

    Any thoughts on what may be wrong or how to proceed ?

    Really appreciate it.

    David Nesbitt, Jul 28, 2004
    1. Advertisements

  2. There's probably some browser-hijacking software that is screwing with the
    Internet Connection. In fact, this program might fix it for you -
    Patrick Michael, Jul 28, 2004
    1. Advertisements

  3. David Nesbitt

    Geoff Guest

    doing a reinstall of windows on the top of windows is only worth the bother
    if you can't get to windows, with windows xp you won't have to do it much i
    would think

    you are best to do a fresh install of windows
    unless you did this ?
    Geoff, Jul 28, 2004
  4. The best route to fix an infected computer is to backup users important data
    [including users profile] and document configuration [tcp/ip settings, mail/user
    accounts, etc] and then reformat and reinstall. Ultimately the computer will work a
    lot better and will be the shortest path to success.

    Encourage a user to use Ghost to backup their good working configuration, even if
    they back up the image to another partition on the hard drive. NewEgg sells Norton
    SystemWorks Pro for $20 shipped OEM that includes virus protection and Ghost. It is
    very easy to create and restore a Ghost image in very little time. When working with
    a big drive, leave around 5-6 G for the system partition and the rest can be
    partitioned for data. This makes the system partition more manageable in size to
    Ghost or repair.

    If something works in safe mode but not in regular, that means that there is a
    startup program/service/process that is causing the problem and msconfig can be used
    to troubleshoot that by enabling selective startup which may help with your specific

    A firewall is needed before you connect any computer to the internet. Zone Alarm is
    failry easy to set up and free. In a pinch you can enable tcp/ip filtering on a
    Windows network adapter but do it ONLY for tcp. Enable it and leave the list empty
    for tcp. If you enable it for udp, dns name resolution will fail. Disable tcp/ip
    filtering after a firewall is used as a user may have problems trying to network the
    computer some day and not know why.;en-us;816792

    For networking problems things that often work are. - uninstall and reinstall tcp/ip,
    go into Device Manager and uninstall the network adapter and reboot, use latest and
    correct drivers, use lspfix to repair the winsock if it has been corrupted as is
    often evidenced by network connectivity but no internet access.

    Parasites are a huge problem these days. SpyBot AND AdAware need to be in everyone's
    toolkit. AdAware is updated almost daily these days. In addition CWShredder [no
    longer supported], HiJack This and BHODemon are good to have and use.

    Never consider a computer done until it has all current critical updates installed
    from Windows Updates. Other updates such as drivers, and recommended are not
    necessary. Virus protection should be configured to auto update unless dialup is used
    and it must scan all email also. Email attachments are a huge source of worms and

    I found a really great program for PC info/repair called Everest Home edition. What
    it excels at it identifying the motherboard, and installed components. I fixed a
    friends old generic computer and she had NO docs or drivers and the video card had no
    information on it! Everest Home is awesome, it even displays the product key for the
    installed Windows operating system. -- available at this link

    I suggest that if you are going to work on computers these things are a big plus. - A
    bootable floppy and a spare video and pci nic card. My favorites are to go on Ebay
    and buy a couple old Matrox Millenium video cards and 3Com pci nic in the 3C905-TX
    series. Why I like these is for Windows 2000 and newer computers, they install
    automatically without a need to find and install drivers.

    Necessary utilities. I find that these are always helpful and have on a cdrom or
    floppy. Keep in mind that if you do a new install for a dial up user, you will wish
    you had some of these. --- Winzip is a must as you will find if you try to unzip a
    file without it. Acrobat 5.1 and Word 97 reader to read files and docs. Zone Alarm,
    AdAware, BHODemon,and HiJack This for protection and parasite elimination. The latest
    service pack for Windows 2000 and XP. Diagnostic tools - Everest Home, Msconfig,
    HandyRecovery [recover deleted files] , Ethereal, Dumpacl, and from SysInternals -
    TCPview, Process Explorer, Autoruns, Filemon, Regmon, and PsTools.

    I may have got carried away, but hopefully something something will help for now or
    future adventures of computer repairs.
    Steven L Umbach, Jul 28, 2004
  5. David Nesbitt

    TechGeekPro Guest

    Wow, is this the same ImhoTech I had a run in several weeks ago? You were
    correct and polite about it. Keep this up and you might just start to grow on
    TechGeekPro, Jul 28, 2004
  6. First off, I want to thank everyone for their suggestions. It is a bit
    spooky to try to fix someone else's computer
    for the first time and have so much seem to go wrong.

    SO where I am:

    1. I did try the following The prgram ran
    but was not able to find anything to fix.

    2. My Norton Anti-virus full scan produced no errors ( Yeah !)

    3. I ran Ad-Aware and Spybot and go rid of all things detected ( although I
    did have to manually edit the registry
    at the end to accomplish this.

    4. I installed TuneUp Utilities 2004 and cleaned the registry and disk .

    5. I installed Zone Alarm as a Firewall. Unfortunately, it did not help too
    much as it could not access the internet either in Normal mode.

    6. I tried netsh int ip reset from the command line. It did stuff but the
    problem remained.

    7. I installed CWShredder and ran it. It could find no problems.

    8. I looked at the Hosts file and it only contained the loop back address. I
    also ran things like HiJack, but I was not prepared to
    delete anything....I just passed A+, not MSCE or whatever.

    9 As the PC was going through a wireless router, I disconnected the router
    and connected the cable modem directly and hoped for happiness.
    Nope. FYI ... A laptop connects to the internet via the wireless router and
    seems to be experiencing no problems

    10. I tried to use MSCONFIG to isolate the what may be such luck

    11. All continued to work just fine in Safe mode with Networking.


    My plan of attack:

    1. Assume Windows XP is bad and do a clean install. ( actually my first
    thought was to use the PC as a boat anchor ....but that just seems a bit
    defeat-ist ).

    2. I intend to bring the PC to my home instead of where it is.

    3. I can do a clean install from the Windows XP CD. I think I must back up
    things like MY Documents and such

    Anyway, I and seeing double and I have yet to have a beer.

    Any thoughts about my strategy would be welcome....

    Once again thank you so much for all the help.

    David Nesbitt, Jul 29, 2004
  7. I agree with this opinion. I work at a small computer store/repair center
    and it's amazing how many problems can be fixed by scanning for viruses and
    spyware, and then removing them. Of course, there's usually spyware that
    lingers around after an Ad-Aware and Spybot scan, but HijackThis, LSPFix and
    other programs usually get rid of what AdAware and Spybot cannot.

    Ocasionally, there's a system that gets completely destroyed by the virus
    and it needs a restore. But that's probably close to the 10% you speak of.
    Patrick Michael, Jul 29, 2004
  8. Just an update everyone...This morning I posted the problem to

    Their immediate suggestion was:

    Download firefox while in safemode and install and operate it in normal
    mode. If you can access the web that way,
    It's an IE problem and you should post your Hijack This log here for review

    My response was as follows:

    Good day....

    1 .I ran Spybot and Norton AntiVirus again today ( just to make sure )

    2. I installed Firefox which runs fine in safe mode

    3. In normal mode, Firefox would not run as it could not detect my
    ethernet connection. I always asked for the dialup and I found no obvious
    way to change this.

    Note: I boot MSCONFIG set not to run the startup items in normal
    mode but all the services to run.

    4. I retried Ping in command mode while in Normal mode:

    something new....

    Ping transmit failed: error code 65
    Same with tracert
    Ping works fine.

    5. I ran the Hack utility and have attached the log.

    6. Back in safe mode, I tried Ping and it worked fine.

    7. I must say that the connection in safe mode is not 100% stable.
    On occasion I must reboot into safe mode to get it to work once more.

    The hack log is as follows:

    Logfile of HijackThis v1.98.0
    Scan saved at 12:01:40 PM, on 29/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Documents and Settings\xx\My Documents\Hijack\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = proxy:8080
    R3 - URLSearchHook: (no name) - {724F6607-4698-48F8-903F-120EA084E3F9} - (no
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} -
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
    Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    O4 - HKLM\..\Run: [MSConfig]
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    Class) -
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
    Information Class) -
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
    O18 - Protocol: burst - {2F2BA850-6714-11D4-8D0D-00B0D02A5D4E} -

    I am waiting for a response before I proceed.

    Thank you for the suggestions this morning as I will give them a try later

    I will keep you posted.

    Again thank you for you great support

    David Nesbitt, Jul 29, 2004
  9. Just another followup reseponse from PCGUIDE.COM

    Have Hijack This fix all of the following by placing a check in the
    appropriate boxes and hitting fix checked. Make sure all browser and all
    Windows Explorer windows are closed before fixing.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    about :blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about
    R3 - URLSearchHook: (no name) - {724F6607-4698-48F8-903F-120EA084E3F9} - (no

    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no
    O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} -

    O18 - Protocol: burst - {2F2BA850-6714-11D4-8D0D-00B0D02A5D4E} -

    Reboot after fixing.

    Your log shows that MSConfig is running at startup. This indicates that you
    may be using "diagnostic startup" rather than "normal startup", to stop
    something running. While this is OK, when looking for malware, it is
    possible that you have disabled it, and it will not then show up in the
    Hijack this log. Before posting a fresh log, would you please open MSConfig,
    and choose the "normal startup" option. Then everything will be running, and
    will show up in your log.

    Please post a followup Hijack this log, and say if your problems persist.


    Also Microsoft Knowledge Base Article - 316414 talks about Ping: transmit
    failed, error code 65" error message

    Have a great one

    David Nesbitt, Jul 29, 2004
  10. Have you contacted the ISP's tech support to verify settings?

    Tom MacIntyre, Jul 29, 2004
  11. In all honesty I have not.. I am working on the assumption that hte
    connection does work. That
    is, the existing settings that allow IE and Firefox to work in Safe mode
    should allow them to work
    in Normal mode.

    Having said is worth a call.

    In the end though, I have investigated enough time on this and will proceed
    with a clean install of XP.

    Again thanks to you all.

    David Nesbitt, Jul 30, 2004
  12. I amworking on the paid technician route. As it turns out, this person is a
    friend and also runs a
    business. I will be her new tech. I let it go a lot longer than need be for
    the learning experience, plus we
    did have a workaround ( safe mode ) to get to the internet. As she said, if
    she had to pay me for all the
    time I put in, it would have been cheaper to just buy a new PC.

    In the real world as labour and time are big cost factors, a decsion to
    simply format and reinstall
    would have come much earlier.

    SO I shall try the last few suggestions such as remove Norton ...

    Then if success continues to elude me, I shall strike by the little bit
    bravery needed to do a clean install of XP

    David Nesbitt, Jul 30, 2004
  13. Hi David.

    See you are still working on this. A couple things.

    I scanned your HiJack this log and it appears that the computer is configured to use
    a proxy server? " C:\Program Files\Norton Internet Security\ccPxySvc.exe " and "
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
    proxy:8080 ". Check the settings in safe mode compared to regular boot in tools/IE
    options/connections/lan settings and if they differ configure the same setting in
    regular boot as used in safe mode. A proxy server would be the server on the network
    that computers use for internet access versus the normal default gateway access.
    Maybe Norton is "looping" the internet connection through itself because there is
    "C:\Program Files\Norton Internet Security\ccPxySvc.exe " running on the computer. I
    have not used that product so I am not sure how the proxy is handled. Usually if not
    using a proxy server [such as Microdot ISA] computers are configured to use "auto" or
    nothing is configured for lan settings.

    As far as using msconfig. You said you disabled just applications. The problem with
    that is a lot of software such as Norton and personal firewalls are installed as
    services which can be seen in services.msc. The reason is these applications are user
    independent and are running before a user logs on as services do. That is why
    msconfig gives the option to disable non critical system services. While msconfig is
    good and built in I prefer using Autoruns to view all the various places that an
    executable may be launched on a computer, and be given the opportunity to disable.
    You may want to try Process Explorer to view processes running in regular mode and in
    safe mode. The ones that run in regular mode but not in safe mode are the ones to
    target for disabling for regular boot and be suspicious of. With process Explorer,
    you can save output to a file for comparison. Always be suspicious of processes that
    do not have a publisher name associated with them.

    When you run AdAware, always run it twice in a row to see if new items are found.
    Some parasites are very difficult to eliminate and using safe mode may help. I use
    the customize option to scan with AdAware and select all options under memory and
    registry to scan. I also select tweaks/cleaning engine - automatically try to
    unregistered objects.

    Don't worry about the time you are spending on this issue, it is part of the learning
    process. I have done it myself on a number of occasions. I had a very nasty variation
    of Cool Web Search on one of my computers a couple weeks ago that I spent at least a
    couple hours on to resolve. Waiting for reboots is the worst part of computer
    troubleshooting. Good luck. --- Steve
    Steven L Umbach, Jul 30, 2004
  14. Very wise words. And exactly the reason why my career in both
    electronics repair and my brief stint as a helpdesk technician was so
    emotionally painful to me. I desperately need to know why things won't
    work, and so badly that I'll spend hours and days to get to the bottom
    of things. Stubborn as a mule, that's me.
    One note...about not contacting the's always a good idea to
    check these, if your TV doesn't it plugged in?

    Tom MacIntyre, Jul 30, 2004
  15. Right also. See my previous post about my anal retentive technical
    tendencies. :)

    Tom MacIntyre, Jul 30, 2004
  16. In conclusion, the problem seems to have been Norton Internet Security. I
    once more deleted the
    product, deleted all references to it in the registry and deleted all files
    that I could think of.

    On doing this, normal mode internet access returned.

    On reinstalling the product, I found myself in exactly the same boat.
    there is no provision within NIS to not install NIS and to install Norton
    ( which is part of ).

    SO I must recommend something for anti-virus ( some people have suggested
    just buying
    the Norton Anti-virus portion ) and something for blocking Pop-ups and the

    As the computer is connected to a router, the router will act as the

    Thank yu once more.

    David Nesbitt, Aug 2, 2004
  17. Hey Michael , Thanks for the thoughts.

    Earlier in the process, I ran a Hijack scan and there was a Proxy=8080
    included. I think that
    I was able to remove that shortly afterwards. THe current scan ( without
    Norton ) is as follows:

    Logfile of HijackThis v1.98.0
    Scan saved at 2:50:38 AM, on 02/08/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\xx\My Documents\Hijack\hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
    Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM32\qttask.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap
    Pro\soap.exe min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    O4 - Global Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\1200UB\WATCH.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
    O18 - Protocol: burst - {2F2BA850-6714-11D4-8D0D-00B0D02A5D4E} - (no file)

    I suspect that I can get rid of SOAP at some point as well.
    I spent a lot of time at the Symantec website and followed their many
    suggestions as to how to
    resolve the problem. In the end to no avail.

    As for Mozilla, the user of the PC is very PC illiterate and sort of has
    gotten used to IE. My ISP has aligned itself with Yahoo and
    provides an updated IE browser that allows the user quick access to Yahoo
    mail. It also controls Popups as well as a bunch of
    other things.

    I most likely will take your suggestion about AVG.

    As for the router, I will look into its make and specs when I return the PC
    to her probably Monday. I think that it
    does have NAT but will investigate further..

    Thank again

    David Nesbitt, Aug 2, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.