Network not Found error

Your problems may not be malware related.

First just try the below (choice the one that is correct for your OS):

For Windows XP Pro: download and run XPproFix
For Windows XP Home: download and run XPHomeFix

Now see if you can ping. Are you sure the router is working okay? Can you login to it using the PC?

 

Yes that is normal. It is trying to fix/replace files that below in the system32 folder. These type of messages are normally fixed by running what I gave you to run. Have you rebooted since installing that fix? If not, try again after reboot.

If ping still does not work continue reading for more info on this type of problem.
See the following link for some info on that error message: http://support.microsoft.com/kb/156687/

You can also look at the info provided in the following link which may help: http://support.microsoft.com/kb/314106

Do other DOS type commands run OK? Try the procedure in the below and attach the log if it works:

Using GetRunKey

 

What error messages did you get? Give the exact word for word message. This is part of what I was trying to test.

Also run Windows Explorer and make sure viewing of hidden files, system files, and file extensions are enabled per the READ ME. The navigate to c:\windows\system32

Look for ping.exe but also look for ping.com. Tell me what you find and what the filesizes are.

 

Rename ping.com to ping.ccc
Rename ping6.exe to ping6.xxx

Now try your ping.

You may have other issues and really should do the below.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

.

 

Also look in system32 for any files starting with regedit and tell me what you find. You may have one named regedit.com which should not be there either.

 

regedit.com should be deleted. The other two are okay. regedit.com is what cause the getrunkey.bat program to fail.

Was there also a regedit.exe ? There should be!

Does ping work now without an error message?

 

You still did not answer...... DOES PING WORK?

Look in c:\windows for regedit.exe . There should be a copy there. If not, we will have to get one from an i386 folder on the PC or from a CD.

 

By the way rename ping6.xxx back to ping6.exe. I forgot that Win XP SP2 included this for IPv6 standards. You can delete the ping.ccc file we renamed from ping.com.

There are probably a few more .com file we need to remove. Do not do this on your own because there are some that are valid. There may be some of the below:
tasklist.com
taskkill.com
taskman.com
taskmgr.com

Just tell me what you find also indicate if the EXE form of the file exist. All of these should be in system32.

 

You will have to look in Device Manager (under My Computer) for your network interface card and see what is going on. There may be a yellow exclaimation point to indicate a problem with the drivers and the may need to be reloaded. It Windows cannot find them on your system you may need the disk for you network card or you may have to download them.

Updates can also be downloaded and manually installed for programs like Ad-Aware and Spybot. They are in the Spyware Tools file directory on the main page of Majorgeeks.

Re try this now too: Using GetRunKey

 

Please read the instructions in the below link again and disable the use of msconfig.

Downloading, Installing, and Running HijackThis


The get a new HJT log and attach it.

[EDIT: Also you did not install HJT properly. You are running it directly from the ZIP file.]

 

You need to extract the hijackthis.exe file from the HijackThis.zip file. You did not do that. What you did was double click on the ZIP file and then you selected the hijackthis.exe file that was still in the ZIP and you ran it. That creates a temporary copy (as seen in your log) while running. If you do this, you will not get backups.

If you cannot upload, it means you did not put hijackthis.exe in the properly folder yet and you also did not disable msconfig.

 

Okay that looks better Amanda! Hang on for a few minutes while I work up a fix!

 

Make sure viewing of hidden files is enabled (per the tutorial).

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {d262e70a-7841-4a85-9aa1-8d66aa593c89} - (no file)
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&6&04.00.09.13&unknown&unknown&http://www.toyota.com/vehicles/2006/tacoma/key_features/ext360.html
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\systask32l.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Prefetch is a folder for Windows XP to help speed up loading of frequently used processes.

How are things working? Can you get online?

 

Is RealTek your NIC (Network Interface Card) in your PC?

Earlier you said you had a Dlink modem and a Realtek router. This does not seem correct.
Did you mean you have a Dlink router and a Realtek NIC?

How do you access the internet (cable or dsl)? There should be a cable modem or a dsl modem for these.

Do you have your PC's TCP/IP protocal set for DHCP?

 

So the Dlink modem is your conversion from DSL to Ethernet....right?

If you have enabled DHCP, I don't understand what you meant by the below:

Where are you looking exactly?

 

Colors of cables do not matter. It's what's in them that matters. There are straight thru cables and crossover cables. But for the moment, I would assume there are no cabling problems because I also assume this configuration worked at some point. And is it safe to assume no one was playing around phyiscally with the cables.

Why are you on Local Area Connection 2? What's on LAN 1?

Are you sure about these last steps being exactly correct?

 

If you are sure that you should be using Local Area Connection 2 and not Local Area Connection 1, then use 2 in the below. Otherwise maybe you need to be operating on Local Area Connection 1.

Clicked on Start, Control Panel, Network Connections
Double clicked on Local Area Network 2
On the General Tab click on the Properties button
In the little window box with the title: This connection uses the following items
find the item labeled something like: Internet Protocol (TCP/IP) and double click on it.
On this Internet Protocol (TCP/IP) Properties form select the below:
Obtain an IP address automatically.
Obtain DNS server address automatically
Click OK and Ok or Apply your way back out of all of these windows.

Any change to status.

If not, you should start checking the LED status LEDs on the router and on your PC to make sure they show connectivity. Normally connectivity is shown by a green LED. Activity (mean data flowing) may be show by a flashing green LED or sometime certain interfaces have a second LED that could be amber (or yellow) in color.