Re: Networking with XP pro

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Paul (hart2findid_at_yahoo.com)
Date: 11/13/04 

Date: 13 Nov 2004 09:09:37 -0800

Chuck <none@example.net> wrote in message news:<q7sap0hiqbpl7dkdsejrumcopb82kcupki@4ax.com>...
> On 12 Nov 2004 13:55:29 -0800, hart2findid@yahoo.com (Paul) wrote:
>
> >Chuck <none@example.net> wrote in message news:<vaq7p0dgnavb4c43dkknon88c36nja28e2@4ax.com>...
> >> On 11 Nov 2004 14:20:22 -0800, *email_address_deleted* (Paul) wrote:
> >>
> >> >Chuck, I removed the thread from this mail to make it a bit clearer:
> >> >
> >> >I found a difference between my kids pc in full mode, and my laptop in
> >> >full mode, my main pc in full mode (and of course the kids pc in safe
> >> >mode)
> >> >
> >> >When using PE, in one of the svchost.exe, there is a service called
> >> >iprip (RIP listener) that only shows up in the kids PC full mode.
> >> >Could this be the guy causing the problems? If yes, how can I remove
> >> >it?
> >>
> >> Paul,
> >>
> >> That's a new one to me.
> >> http://www.dslreports.com/forum/remark%2C8996749~mode=flat
> >> http://www.blackviper.com/WinXP/servicecfg.htm
> >>
> >> You should be able to disable it using (Start - Run) - services.msc. I'd be
> >> very curious about why it's running in the first place though.
> >> 1) Can you disable it?
> >> 2) Does disabling it help the problem?
> >> 3) Does it stay disabled, after you reboot a couple times?
> >>
> >> Cheers,
> >> Chuck
> >
> >Ok chuck, no luck so far: I can disable the services via:
> >
> >network connections tab advanced subtab Windows optional networking
> >components
> >
> >where I can selectnetworking services. When clicking details I see
> >that my two "good' PC's (Main and laptop) only have
> >Internet Gateway Device Discovery and Control Client
> >checked whereas my kids PC has more items checked. I unchecked them
> >(they then remain off after restarting) but it didn't work. I
> >obviously got rid of the RIP listener service.
> >
> >I also ran your macro on main and kids with kids both in full mode and
> >safe mode. I disabled my internet connection so I got rid of the
> >unnecesary stuff:
> >What I see is that pinging from MAIN to KIDS works fine when KIDS is
> >in safe mode, both by name and ip address. In full mode it doesn't
> >work at all.
> >When pinging Main from kids it always works with IP address but never
> >with name.
> >
> >Hope you find some hint. I am getting a little more desperado.
> >
> >thanks
> >Paul
>
> <SNIP>
>
> Paul,
>
> Have patience please. This is getting interesting.
>
> Please review the summary which I created, and, since you can read Dutch a hella
> better than I can (I hope) please verify that my conclusions are correct:
>
> From Main (kids Full)
>
> Target Main - OK/OK
>
> Target Kids - NO
>
> Target 192.168.0.1 - OK/OK
>
> Target 192.168.0.3 - NO
>
>
> From Main (Kids Safe)
>
> Target Main - OK/OK
>
> Target Kids - OK/OK
>
> Target 192.168.0.1 - OK/OK
>
> Target 192.168.0.3 - OK/OK
>
>
> From Kids (Full)
>
> Target Main - NO
>
> Target Kids - OK/OK
>
> Target 192.168.0.1 - OK/OK
>
> Target 192.168.0.3 - OK/OK
>
>
> From Kids (Safe)
>
> Target Main - NO
>
> Target Kids - OK/OK
>
> Target 192.168.0.1 - OK/OK
>
> Target 192.168.0.3 - OK/OK
>
> Even with Kids in Safe Mode, Kids has a name resolution problem with Main. Kids
> can always access Main (by IP address, but not by name). Actually, access from
> Kids doesn't change in Full vs Safe Modes.
>
> Main, OTOH, has no access to Kids (by name or by IP address) unless Kids is in
> Safe Mode.
>
> Please extract IPConfig x 3 - Once for Main, then twice for Kids - once in
> Normal Mode, again in Safe Mode.
>
> Then we're going to do HijackThis from Kids in Normal Mode.
>
> Get HijackThis:
> HijackThis <http://www.majorgeeks.com/download.php?det=3155>
>
> Create a separate folder for HijackThis, such as C:\HijackThis - copy the
> downloaded file there. Then, run HijackThis ("Scan"). Do NOT make any changes
> immediately. Save the HJT Log.
> <http://forums.spywareinfo.com/index.php?showtopic=227>
> <http://forums.spywareinfo.com/index.php?showtopic=11150>
>
> Post the HijackThis log here, along with the IPConfig x 3.

chuck, I agree with you summary. here are the ipconfigs:

1) main

Windows IP-configuratie

        Host-naam . . . . . . . . . . . .: Main
        Primair DNS-achtervoegsel. . . . .:
        Knooppunttype: . . . . . . . . . .: onbekend
        IP-routering ingeschakeld. . . . .: ja
        WINS-proxy ingeschakeld . . . . . : nee

Ethernet-adapter LAN-verbinding 2:

        Verbindingsspec. DNS-achtervoegsel:
        Beschrijving . . . . . . . . . . .:
          VIA Rhine II Fast Ethernet Adapter
        Fysiek adres. . . . . . . . . . . : 00-0A-E6-60-04-6E
        DHCP ingeschakeld:. . . . . . . . : nee
        IP-adres. . . . . . . . . . . . . : 192.168.0.1
        Subnetmasker. . . . . . . . . . . : 255.255.255.0
        Standaardgateway. . . . . . . . . :

Ethernet-adapter ZONNETADSL:

        Status van medium . . . . . . . . : medium ontkoppeld
        Beschrijving . . . . . . . . . . .:
          ADSL USB MODEM LAN Adapter
        Fysiek adres. . . . . . . . . . . : 00-D0-41-12-C1-A7

2) kids full mode

Windows IP-configuratie

        Host-naam . . . . . . . . . . . .: KIDS
        Primair DNS-achtervoegsel. . . . .:
        Knooppunttype . . . . . . . . . . : gemengd
        IP-routering ingeschakeld. . . . .: nee
        WINS-proxy ingeschakeld . . . . . : nee

Ethernet-adapter LAN-verbinding 4:

        Verbindingsspec. DNS-achtervoegsel:
        Beschrijving . . . . . . . . . . .:
          Realtek RTL8139 Family PCI Fast Ethernet NIC
        Fysiek adres. . . . . . . . . . . : 00-40-F4-6E-FA-18
        DHCP ingeschakeld:. . . . . . . . : nee
        IP-adres. . . . . . . . . . . . . : 192.168.0.3
        Subnetmasker. . . . . . . . . . . : 255.255.255.0
        Standaardgateway. . . . . . . . . :
        DNS-servers . . . . . . . . . . . : 192.168.0.254

3) kids safe mode

Windows IP-configuratie

        Host-naam . . . . . . . . . . . .: KIDS
        Primair DNS-achtervoegsel. . . . .:
        Knooppunttype . . . . . . . . . . : gemengd
        IP-routering ingeschakeld. . . . .: nee
        WINS-proxy ingeschakeld . . . . . : nee

Ethernet-adapter LAN-verbinding 4:

        Verbindingsspec. DNS-achtervoegsel:
        Beschrijving . . . . . . . . . . .:
          Realtek RTL8139 Family PCI Fast Ethernet NIC
        Fysiek adres. . . . . . . . . . . : 00-40-F4-6E-FA-18
        DHCP ingeschakeld:. . . . . . . . : nee
        IP-adres. . . . . . . . . . . . . : 192.168.0.3
        Subnetmasker. . . . . . . . . . . : 255.255.255.0
        Standaardgateway. . . . . . . . . :
        DNS-servers . . . . . . . . . . . : 192.168.0.254

Than the hijackdata:

Logfile of HijackThis v1.98.2
Scan saved at 17:01:24, on 13-11-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S00MT2.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.turtlefind.com/search/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.turtlefind.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.turtlefind.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.turtlefind.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.turtlefind.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=192.168.0.254:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Koppelingen
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} -
C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\WCESCOMM.EXE"
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program
Files\Kontiki\bin\bh309190.dll/201
O8 - Extra context menu item: Ontvang alles met FlashGet - C:\Program
Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Ontvang met FlashGet - C:\Program
Files\FlashGet\jc_link.htm
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
- C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
- (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} -
http://www.4daagsefoto.nl/plugin/4daagse.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) -
http://www.installengine.com/engine/isetup.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control)
- http://www.housecall.nl/housecall/xscan4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12C97ECA-95FD-4B99-828F-5C7125427CDC}:
NameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{12C97ECA-95FD-4B99-828F-5C7125427CDC}:
NameServer = 192.168.0.254

 Hope this helps you and me!

thanks Paul

Quantcast