• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

Even Slower Notebook, Limited or No Connectivity...

CVicious

FPCH Member
Joined
Mar 4, 2008
Messages
14
#1
I'm currently on my desktop but the computer with the problems is a Dell Inspiron 8200 notebook. The OS is Windows XP SP2. The Wireless adapter is a Dell TrueMobile 1150 Series Mini PCI Card. Also before I began any troubleshooting of my own I checked out Device Manager and noted that there were no "warning" icons next to the device names (ie question mark in front of a yellow circle). I've also tried repairing the wireless network connection, to no avail. I also cannot return the notebook to a restore point using system restore. Whenever I first click on System Restore I am met with a message stating: "System Restre is not able to protect your computer. Please restart your computer, and then run System Restore again." But if I click on it a second time, the program runs, but to no avail.

The problems began a few days back while watching an online video. The screen went black twice then returned to its normal state. Thinking someone was attempting to gain remote access I shut the computer down. I got back on a few hours later and the internet was working fine. I left my computer on over night and upon waking I saw that the internet connection had been severed on the notebook. The volume controls were greyed out as well, so I visited the drivers section on the Dell site and downloaded, unzipped and executed C5mua09i.exe but the volume controls are still greyed out, and there is still no volume control icon in my Quick Launch.

I downloaded, unzipped, and executed the network driver R46345.EXE for the Mini PCI Card from the Dell site as well but I've still got no connectivity, and though my laptop is sitting close to my router it's not picking up on any wireless network.

I've ran chkdsk, dxdiag, Norton Antivirus Full-Scan, Ad-Aware Thorough Scan, Spy-Bot Scan, Winsockfix, LSPFix, and Windows Malicious Program Removal Tool, but no virus/malware can be found. My HJT Log is below. Thanks for any help with this frustrating situation.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:43 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lsac.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1801674531-484763869-1957994488-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.neopets.com
O15 - Trusted Zone: http://*.neopets.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/AbacastClient2.1.20.2.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8345 bytes
 

Tony D

Free PC Help Long Term Member
Joined
Dec 30, 2007
Messages
704
Location
Malvern, PA (USA)
PC Experience
Some Experience
Operating System
OSX
#2
Wow! you've done a lot of work on your own. Sorry, but I'm not qualified to read the HJT log. I'm sure someone else will help with it.

There may be more than one problem here.

I'm wondering if there's an issue with the wireless PCI card itself. Do you have another machine you can try it with? That would eliminate the PCI card.
 

CVicious

FPCH Member
Joined
Mar 4, 2008
Messages
14
#3
Kelly said:
I'm wondering if there's an issue with the wireless PCI card itself. Do you have another machine you can try it with? That would eliminate the PCI card.
Thank you Kelly. You know, someone else thought the same thing, so I'll try swapping the PCI card and see if that fixes my internet problem. But, like you said, that would only elminate the PCI card issue. Lack of volume controls would still be present.

I assumed these maladies were both virus-related and thus limited only to software/driver issues.

If it is a PCI card problem, should there not be some sort of "flag" in my Device Manager? (ie card doesn't even show up in Device Manager list, or error message like "device not working properly"/"conflict".)

Thanks again.
 

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Messages
3,117
Location
South Africa
#4
I would also do a scan with SuperAntiSpyware coz sometimes Norton don't pick up all the virusses. You can download here!
Just update it before scanning and say no to protecting your home page.
 

Tony D

Free PC Help Long Term Member
Joined
Dec 30, 2007
Messages
704
Location
Malvern, PA (USA)
PC Experience
Some Experience
Operating System
OSX
#5
CVicious said:
If it is a PCI card problem, should there not be some sort of "flag" in my Device Manager? (ie card doesn't even show up in Device Manager list, or error message like "device not working properly"/"conflict".)
That's true most of the time, but not always. The computer may think the device is working because it can talk to it. However, the device may indeed be bad.
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#6
The log is clean. (Although that doesn't mean the computer isn't infected)

Definitely run a complete scan with SuperAntiSpyware and MalwareBytes.

After that, see if you can access the internet using Safe Mode With Networking.

Another option is to attempt a System Restore from Safe Mode with a Command Prompt. At the prompt, type in:

%systemroot%\system32\restore\rstrui.exe
 

CVicious

FPCH Member
Joined
Mar 4, 2008
Messages
14
#7
Seth said:
Another option is to attempt a System Restore from Safe Mode with a Command Prompt. At the prompt, type in:

%systemroot%\system32\restore\rstrui.exe.
I'll try that as I've already ran a scan with SuperAntiSpyware (no threats found) and tried accessing the internet using Safe Mode w/Networking through msconfig (no success). I'll do one more scan with MalwareBytes just to exhaust all options.

Thank you and I'll post the results momentarily.
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#8
NP.

I know you reinstalled the driver for the sound card, but I would try actually uninstalling it and then rebooting. Following that, go into Sound and Audio Devices, and see if the drop down arrow for the sound card options is still grayed out.
 

CVicious

FPCH Member
Joined
Mar 4, 2008
Messages
14
#9
Results from MalwareBytes:

Malwarebytes' Anti-Malware 1.06
Database version: 452

Scan type: Quick Scan
Objects scanned: 32360
Time elapsed: 8 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Corey\Local Settings\Temp\nsd3E5.tmp\System.dll (Worm.Voterai) -> No action taken.
C:\Documents and Settings\Corey\Favorites\Online Security Test.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> No action taken.


Seth said:
I would try actually uninstalling it and then rebooting. Following that, go into Sound and Audio Devices, and see if the drop down arrow for the sound card options is still grayed out.
I should do that after removing the infected files MalWareBytes discovered, right?

Thanks again.
 

CVicious

FPCH Member
Joined
Mar 4, 2008
Messages
14
#11
Thank you. The volume controls are back and running, but even after removing the 5 infected items and following that up with Winsockfix, there's still no internet connection and the laptop isn't picking up on my home's wireless network. Any other ideas?

Thanks again.
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#12
Does Device Manager show the wireless card?

Is "wireless" turned on via the function keys?

What exactly happens when you "View the wireless networks"?

Also, try the same as I suggested for the audio card. That is, don't just install an updated driver, but rather uninstall the device from DM and reboot.
 

CVicious

FPCH Member
Joined
Mar 4, 2008
Messages
14
#13
Seth said:
Does Device Manager show the wireless card?

Is "wireless" turned on via the function keys?

What exactly happens when you "View the wireless networks"?

Also, try the same as I suggested for the audio card. That is, don't just install an updated driver, but rather uninstall the device from DM and reboot.
I uninstalled the Mini PCI Card and the problem still persists. Referring back to the volume controls/audio card, I uninstalled that as well, and as I mentioned earlier the controls came back. But, now the Volume Controls are no longer there. When I go to Device Manager, both the Mini PCI Card and Sound codecs/card appear, though I'm still getting no use from them.

In regards to "wireless" being turned on via the function keys, Fn+ F2 (or just F2 alone, or any other function key) does not turn on wireless on my laptop.

When I click on "view the wireless networks", each time it states: "Windows cannot configure this wireless connection. If you have enabled another program to manage this wireless connection, use that software. If you want Windows to configure this wireless connection, start the Wireless Zero Configuration (WZC) service...".

Below is the log from my SUPERAntiSpyware Scan (6 threats were found):

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/05/2008 at 11:45 PM

Application Version : 4.0.1154

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Quick Scan
Total Scan Time : 00:33:32

Memory items scanned : 343
Memory threats detected : 0
Registry items scanned : 397
Registry threats detected : 6
File items scanned : 6207
File threats detected : 0

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On#UninstallString


Thank you again.
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#14

CVicious

FPCH Member
Joined
Mar 4, 2008
Messages
14
#15
Results from Rootkit Revealer (F-Secure Blacklight failed to discover anything wrong):

HKLM\SECURITY\Policy\Secrets\SAC* 4/19/2005 10:05 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 4/19/2005 10:05 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 3/6/2008 1:20 PM 80 bytes Data mismatch between Windows API and raw hive data.

C:\Program Files\Symantec AntiVirus\SAVRT\0511NAV~.TMP 3/6/2008 1:49 PM 0 bytes Hidden from Windows API.
 

AdvancedSetup

FPCH Long Term Member
Joined
Jan 9, 2008
Messages
819
Location
34° 12' 35" N, 118° 29' 21" W
#16
Try this. Delete all the files in Quarantine (if you need help on doing that please let us know)

After you have deleted all the quarantined files then run a disk check on your computer.

CHKDSK C: /F

Then scan again and see if you still have that error
 

CVicious

FPCH Member
Joined
Mar 4, 2008
Messages
14
#17
AdvancedSetup said:
Try this. Delete all the files in Quarantine (if you need help on doing that please let us know).
I deleted the file in Symantec Antivirus' quarantine. That's the only quarantined item I know of currently.

Performing the disck check now...

Thank you.
 

CVicious

FPCH Member
Joined
Mar 4, 2008
Messages
14
#18
The error still persists.

I'll wait a few more hours for a response, then go ahead back up certain files and return the computer back to its factory state.

Thanks again.
 

CVicious

FPCH Member
Joined
Mar 4, 2008
Messages
14
#20
AdvancedSetup said:
Just want to rule out that it's not some type of networking issue that's not related to your PC
I have a few other desktop PCs on my home network and they are all able to obtain and maintain an internet connection. Currently it's just the notebook that's giving me a headache.

I don't have another laptop handy to run tests against, but I do have desktops - though they don't have wireless mini pci cards...

Format?

Thanks.