Hi, To anyone who can help,

I tried to get an internet connection at an airport, as i was waiting to connect my flight was boarding so i closed down my laptop and boarded.

When i got home and switched my laptop on, i realised i wasnt automatically connected to my wireless internet, i tried connecting manually and all was happening was a blank window appearring after a few minutes.

I plugged my CAT5 cable in and still no internet.

Whenever i try to load i.e7 all i get is a white page. Also obviously all my web based programs e.g poker, 4OD etc do not work either saying no internet connection, HOWEVER, very strangely, Skype works fine!!!

I then thought i had somehow recieved a virus so i tried running Windows One Care, it said it was switched off or not working, i tried to run it so i could switch it on but it just wouldnt start at all.

I then went to MSCONFIG and just looked around as i didnt really know what i was doing, i noticed in the 'Services' tab that about 98% of the services had been 'stopped' most were Microsoft Windows Services.

I then tried to do a 'System Restore' however nothing at all happens, i tried again and a window popped up which said 'restore is already running' i left it running and still nothing happened, I tried this a couple of times after re-booting the laptop.

I have gone into safe mode and it allowed me to do a system restore from there but it has not solved the problem.

I am running Vista Home Premium and would appreciate any help.

I have also spoken to Microsoft OneCare who told me how to do a scan in safe mode but that found no viruses.

Someone said you guys can help me so...

Thanks in advance, John.

Hi

If you can get into Safe Mode with Networking, do this.

Install HijackThis


Download HJTInstall.exe (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to your Desktop.
Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy/Paste the log to your next reply please.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Hi there, Thanks for your reply, here is the log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:37, on 07/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://hoylegames.sierra.com
O15 - Trusted IP range: http://8.5.0.53
O15 - Trusted IP range: http://8.5.0.58
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/WebfettiInitialSetup1.0.1.0.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD43D9F4-FACF-4EFD-977F-0D733DF98A3F}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 6556 bytes

Do you know what this is in your Trusted IPZones?
http://8.5.0.58

I dont think this is a malware issue, but we can take another look for you.

Lets run an F-Secure online scan it will scan for Viruses, Spyware and RootKits:

Click HERE (http://support.f-secure.com/enu/home/ols.shtml)
Scroll to the bottom of the page and click the Start Scanning button. A window will pop up.
Allow the Active X control to be installed on your computer, then click the Accept button
Click Full System Scan and allow the components to download and the scan to complete.
If malware is found, check Submit samples to F-Secure then select Automatic cleaning
When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

When the cleaning option is presented, Uncheck Submit samples to F-Secure
Click Automatic cleaning
When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post


Note: This scan will only work with Internet Explorer.
You must be logged on a administrator rights to run this scan.
The scan may take a few hours.

Hi there,

The trusted site is for WONplay hoyle games.

The scan only found 1 spyware, any ideas what my problem could be???

Thanks again.

Since this sounds like it is not a malware issue, you really need to tell us the brand and hardware in the laptop so we can help you trouble shoot. This could be a firewall issue but I see no evidence you have a 3rd party firewall though you need to seriously empty out startup.
This could be a corruption of Windows Defender as well.

Hi

Before we move your topic, did you save the F-Secure report? Or make a note of the reported spyware?

I then went to MSCONFIG and just looked around as i didnt really know what i was doing, i noticed in the 'Services' tab that about 98% of the services had been 'stopped' most were Microsoft Windows Services.

That's a problem.

Hi,

As pointed out you will have to address the problem of the Disabled Services.

If you go to BlackViper's site you will find a list of Windows Vista Services (http://www.blackviper.com/WinVista/servicecfg.htm) that you can refer to as you go through the services setting them back to their default values.

If you do not want to labouriously go through them making the changes manually yourself there are some registry files you can use that will change the services Startup keys back to the default values for you, here
Windows Vista SP1 Services Registry Files (http://www.blackviper.com/WinVista/registry.htm)

Anon

You could also boot to Vista dvd and run the repair functions on the lower half of the page that boots up.

Since this sounds like it is not a malware issue, you really need to tell us the brand and hardware in the laptop so we can help you trouble shoot. This could be a firewall issue but I see no evidence you have a 3rd party firewall though you need to seriously empty out startup.
This could be a corruption of Windows Defender as well.

Thanks for all the replies, im really no computer wizz so i think im going to have to take it to a shop. However, what do i need to do to empty out startup and what do i delete???

Thanks again. :D

Thanks for all the replies, im really no computer wizz so i think im going to have to take it to a shop. However, what do i need to do to empty out startup and what do i delete???

Thanks again. :D

Let the shop do it for you as long as you have made that decision.

Let the shop do it for you as long as you have made that decision.

I am sorry im not as clever as you, its too confusing for me!!!

I am sorry im not as clever as you, its too confusing for me!!!

I respect that! Look we can't all be techs.