I am posting this on behalf of a neighbour; she is a novice, with a new Tiny running Windows XP (I don't know exact CPU/RAM)
She has lost all ability to connect to the Internet.
I had a look at the puter and got this message when I tried to connect;

"Tesconet; Error detected in registry

rydial.dll
shlwapi.dll
urlmon.dll"

*********
When I went into control panel (I'm a novice to by the way!)
I got this from the phone and modem icon
"Phone and modem control panel cannot be opened. You may have a problem with starting telephony services."
***********
Also, there is no "Dial-up Connection" in Control Panel .. should there be? (I run win ME myself and have no experience with XP)

*******

I tried to restore with the system restore, but there was no poinbts there to go back to .. :-/

I'm thinking this MIGHT be a virus, as her Norton keeps coming up with something about a registry change ...

Does it sound like a virus/worm? If so, which one?

HELP! ;-)

(I'll post this in Security and Virus as well ... apologies for the double post, but she is frantic to get computing again!)

Thanks for helping.

Can you use Norton to perform a virus scan or is it disabled or damaged? Does she have the XP firewall enabled, or does she use another software firewall? Was system restore turned off, or did it appear damaged?

Norton runs, but doesn't find anything; it also throws up a message box saying saying something about a registry change. (sorry can't be more specific)

XP firewall has notbeen/is not enabled. She is a novice and has not used a firewall :-(

System restore was on, but only had points back 2 days (she has had the puter 9 weeks)
It did not appear damaged.

I've just tried re-installing her dial-up connection and IE 6; the wizard won't do it; it showed a message saying it detected a higher (?) internet explorer and couldn't go any further. It wouldn't let me do anything manually either.
I've tried unistalling IE6 and re-installing; nothing happens!
In the uninstall/re-install facility, most boxes are showing 0.00... which indicates that nothing is there!
And to add insult to injury, she has just found out that she has to BUY the reformat cd from Tiny, as an EXTRA! Grrrr, they didn't even tell her about this when she bought the puter!

Does she have all the Microsoft critical updates installed? System Restore by default uses 10% of the harddrive, so only having restore points going back two days is strange. Did you try to do a system restore, and if you did what happened? Is there a request by Norton to restore the registry change that Norton is reporting. Have you checked what programs are starting at startup using msconfig, and what tasks are running using the task manager, and if you have what are they? Does she have the Norton restore disk? If not go to http://srnmicro.com/ and download a trial version of Solo, then burn it to a cd and install it and run its scan to see what it detects.

If there is registry damage try this link http://www.diamondcs.com.au/cleanrun.reg download the program and burn it to a cd for her to use.

Capt;
No, no critical updates. (she doesn't know much about computers!)
yes, tried to do system restore; nothing happened.
Yes, Norton says it will fix registry change, "click next" ... but nothing happens.
I've checked in msconfig/start-up, all programs look normal.
I haven't looked in the task manager ... I'll do that tomorrow.
Yes, we've got Norton restore, it wont work! ;-(

Unfortunately, I don't have CD burner ... but I'll pass this on to another friend who can burn cleanreg for us.

Thanks Capt; will let u know how we get on tomorrow ;-)

Tesconet is that your neighbours ISP ??
I see one of two problems:

1) Tesconet is your ISP and the net installation software either is damaged, you can try to reinstall it or,

2) You telephony service is damaged

Go Start > control panel > administrative tools > Services
Now look for the Telephony service and see if it is running (started), if it is then restart it (right click it and go properties). If it tells you that it is damaged. It is possible, if you are using Tesconet as ISP, that their software damaged it, or that Win XP registry got corrupted and this damaged it.
In that case you should format and reinstall XP. Then be careful of the ISP software.
All this is given that i am assuming you are using Tesconet ISP.

OK here is the latest; I found the SVCHOST.EXE in her task manager (Thats a file from Nachi worm?)

I'm downloading fixes for it now and will floppy them and try and clean her machine.

Hylian; yes, thanks, I thought maybe the Tesco.net has corrupted, but her machine won't let me re-install (cos to use the disc from Tesco.net, it has to connect to the internet, and her machine isn't capable of that ... is that the Nachi damage?)

Thanks for the input you guys ... if you think of anything else, will you let me know?
I'll let you know how I get on with the Nachi removal ... *big sigh* ;-)

Capt;
I REALLY need your help and advice here!
Today I copied everything in my neighbours *startup* (so that I could eliminate useless programs) ... not being experienced with XP OS, I came home, went online and went to
http://www.pacs-portal.co.uk/startup_pages/startup_all.php
and checked everything from that list.

I really can't believe what I found ... would you PLEASE check them for me?

Here are the ones I am worried about:

Startup menu
............

taskmgr.exe
OSA.EXE
EXPLORER.EXE
SVCHOST.EXE
LSASS.EXE
SERVICES.EXE
CSRSS.EXE
SMSS.EXE
System
system idie process SYSTEM

If you confirm what I have found, I'm gonna have to print out your answers and let her see it ... 'cos I'm sure as hell she isn't going to believe me! She has only had this 'puter 9 weeks ....!

;-/

Actually all the stuff you listed is seems normal for the task manager. Pacs-portal is used to determine what programs are needed for startup by using start>run>msconfig to determine them. That is why XP runs the best using 256 of RAM.

Normal? Pacs-Portal lists taskmgr.exe as a homepage hijacker. SVCHOST.EXE as hijacker or GOTORM virus. LSASS.EXE as RATSU.B virus... ???
I'm confused.

MTK. the items that are listed are listed in the task manager not in the startup list of msconfig. Open your task manager, since you have XP, and see if they are not listed there.

Go to http://www.wown.info/ for what should be running in XP's task manager. Do not forget XP has applications, processes(what you listed are processes) and the other objects that we have no need to deal with. I see your confusion between task manager and startup(Pacs-Portal), because of you using older Windows Operating Systems and thinking they are the same. You can use the XP task monitor Applications and MSCONFIG startup programs like the previous operating systems, but not processes.

Taskmgr.exe appears to be a bug picked up from porno sites (and possibly elsewhere)....
http://www.wilderssecurity.net/specialinfo/rapidblaster.html

Removing it manually causes it to 'morph' and is not recommended. Try the Blaster tool to see if you have the bug and clean it off the system.....
http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal

There appears to be a genuine Windows file named SVCHOST.EXE and a bug of the same name as a result of W32.HLLW.Astef virus (from Kazaa and probably other places).

If you are in England, Tiny went bust and was bought out by Time Computers. The restore disc they supply are described here....
http://www.computing.net/windowsme/wwwboard/forum/21386.html Response Number 11
It would be useless if the hard-drive stopped working (e.g.platters stopped spinning). It's only any good if the installed software needed re-installing.

If you wanted a clean install of XP, there appears to be problems re-activating the OS, since the OS has already been registered....
There is a work around and if I can find the details, I will post back.

There is an anti-virus file STINGER from....
http://vil.nai.com/vil/stinger/
It's only 700kb so would fit onto a floppy. I have not tried it, but downloaded a copy just incase.

There is a bug that affects Windows XP machines that have not been updated. The patch for that is too big for a floppy and the bug stops the machine from accessing the net to download the fix. You have to get the patch on another PC and burn it to disc....
Sorry I can't be much more help....
I don't have XP.

Sorry Capt; I haven't confused task manager with startup; I found that list in System Configuration Utility (msconfig) STARTUP, not task manager.

The only other things that were there was
MSMSGS.EXE (messenger utility)
FINDFAST.EXE (MS office facility)
ccApp.exe (Norton anti virus)
LxBBBMON.EXE (Lexmark printer)
SOUNDMAN.EXE (Soundcard support)

I know XP has both processes and applications; but how do I tell the difference between LSASS.EXE from RATSU.B virus and the legitimate process of LSASS, Local Security Authentication Server?
Also, there isn't any EM_EXEC, RunDLL or any of the other processes/applications that one would expect in the usual STARTUP ... and I have checked out the differences between my system (WIN ME) and Win XP (home)

The whole system seems screwed to me; for instance, it wouldn't even open a floppy disc today; it just kept asking if I wanted to format it. (I was trying to run the STINGEr Virus fixer)

michael2,
Sorry, didn't see your post before I replied to Capt.
I finally got stinger to work on the machine; it said it found nothing. (?)

The whole machine seems screwed to me; here are some of the things wrong;
No Internet Explorer in add/remove.
Nothing in Dial/up networking (or XP equivelant) folder in Control Panel.
Norton anti-virus unable to work.
Difficulties getting machine to open/explore floppy discs (just asks if format is required)
All sound disappeared from everything.
All those wierd things in msconfig/startup.

I understand XP is different to ME ... but it can't be THAT different! It's got me beat!

The SVCHOST.EXE ... again, like the LSASS and CSRSS ... how the heck do you tell which is genuine and which is virus???

The hard drive is still working, so I think it would take a reformat; but now I'm worrying about what you said

"If you wanted a clean install of XP, there appears to be problems re-activating the OS, since the OS has already been registered....
There is a work around and if I can find the details, I will post back."Please post back on that, if you find it!

Yeah, I looked at the possibility of a downloading a patc today ... but I have'nt got Burner facility ... so I can't do that for her ;-(

Hey you guys, thanks for the help here; I'm sorry to be a nuisance; just trying to help a friend ...(I know one thing ... if all this is due to a porn site visit ... one husband is about to be blue murdered next door to me! heehee!)

I can't remember where I found this..... either on this web site or somewhere else.....

'Never re-activate after a new installation.
If you have to reinstall Windows XP you normally will have to re-activate too. Well not anymore. Just copy wpa.dbl after you activated the first time. It is located in the system32 folder. Now if you reinstall Windows XP just copy the file back and you're up and running again'.

I have heard of differant ideas about this. Something like.... after XP is installed, there is 30 days to activate the system with Microsoft or the OS stops working. Once registered with MS, if you have to re-install, a record is kept of what hardware was in the PC for the first instalation, and this is compared to the new instalation (it's an anti-share thing).

You are not a nuisance! You are helping a friend and the posters on here are helping you. Are you in England? The Tiny/Time disc may be an expensive con. I would rather do a clean install and find the missing drivers (if any)on the net with another machine.
Someone with XP would have a better idea of what the above refers to.....

Here's a bit more info on activation.....
http://www.petri.co.il/howto_activate_xp.htm

I am sorry that I misunderstood that those itmes were actually in MSCONFIG. If you choose to reformat do not worry about registration as it is easy, since no hardware has been changed. I changed computers a phone call to Microsoft was all that was needed to register it. Did you try SOLO from http://www.srnmicro.com/ since Norton has been attacked and disabled. There is an option using the XP CD to repair the system, instead of doing a complete installation. You insert the CD and when the window comes up select repair instead of upgrade or full installation. A visit to the old porn site is not a good idea at the best of times, even by those that know what they are doing, by someone that is ignorant is asking for trouble and it can be very costly.

michael2, I really appreciate you and Capt helping me! thanks.
I've just been reading about activation here >>>

http://www.youthtech.com/top-picks/winxp/page8.htm

I think with her puter falling apart after 9 weeks, activation is no big prob! lol

Yes, we are in England; and yes, the Tiny/Time reformat disc IS a con ... they are charging her £59 for it ... it's going to take at least 5 days to get to her (after her cheque is cleared ... but she has to have it ... we are both computer novices and cant do install/reformat any other way ... and her puter is useless just now.)
(Thank God Packard Bell shipped reformat floppy with my machine! and, god bless them, provided a free one when I questioned the performance of the original! ...How lucky are all the old timers with Win 95/98 DISCS!)

Capt; thanks for the link to Solo, but I can't get her anything like that just now (with my old crock system not having burner facility ... no av program fits on my floppies! ;-(... )

Unfortunately, her machine wasn't shipped with a CD (see above post with Micheal) she has to get a reformat floppy to access partioned drive ... can't just reload windows anymore ;-( ... Grrrr @ microsoft!

Thanks for all your help; I really appreciate it and Im learning lots! ;-)

(I reckon her hubby is gonna take a good bashing for this! lol, I might even join in!)

£59 !!!!!!!!!!!!!

Capt. Can someone send this chap a Win XP CD and he use the serial that was originally used on the machine? This is not pirating since the machine already has a genuine Win XP OS (although corrupt).

I will check this post Sunday when there is still time to cancell the cheque.

£59 !!!!!!!!!!!!! THAT IS DISGUSTING!

I would want a full version of an opearting system. What does a full version of 98se cost?

oops i forgot about this post !!!
nachi worm is no problem to remove, just unload from memory usiang basic cleaner and go C:\windows\system32 and look for WINS folder, delete it, nachi worm loads it's services from there.