Intermittent inability to connect to the internet

crazyoyo · ‎07-08-2009

connecting to the internet through Wi-fi; problem on only one PC out of four using the connection; The PC is running Windows XP SP3;

The browser (IE8) will not connect to the web unless I click on diagnostics. It will then repair the connection and I will be able to connect to the internet for some time.

According to a technician who came yesterday, my PC is hijacked by some malware that cannot be cleaned by any antivirus / malware program and that affects all browsers. According to him I should re-install Windows. Problem is this I lost the Windows re-install disc.

I had AVG installed on the computer. I de-installed it and installed NIS 2009. In order to register it and be able to update definitions, I had to run repeatedly the "diagnostics" trick so the PC would open a connection to the internet allowing me to register and then NIS to update itself.

I started a scan yesterday but I had to stop it so the wife could sleep

Do these symptoms look familiar? Does it look malware-related? Should NIS be able to find the problem? Is it some malware that I could remove manually?

Thanks

Phil

delphinium · ‎11-21-2008

Crazyoyo:

Something doesn't entirely make sense. I'm not getting the relationship between malware and reinstalling Windows. I don't see how that would actually resolve a malware problem. Do you have IE8 allowed in your program rules? Are you familiar with those settings in your NIS or do you require assistance finding them ?

If you click on View Network Security Map, does the network show correctly?

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

crazyoyo · ‎07-08-2009

IE8 works after I run diagnostics and I let it repair the connection. Windows, IE8 or I don't know what knows how to repair the connection which breaks down again and then needs to be repaired again. Frankly I don't know a lot about computers but I sure didn't want to re-install the whole thing just because a technician told me I should do so.

Thank you

Phil

yogesh_mohan · ‎07-29-2008

Hi Phil,

Did you try resetting the IE8 Settings?

If not, try that first. Here is the LINK to Microsoft Help page which has detailed instructions. Let us know the results.

Yogesh

crazyoyo · ‎07-08-2009

I tried. It seems to be slightly better but occasionally, the browser will still display the blank page with the button "diagnose problem".

Thank you

Phil

delphinium · ‎11-21-2008

It seems to be more matter of settings in IE 8 and Windows than malware. Do you get any other error messages in the diagnostics that might explain the problem.

Did you check the program rules in Norton?

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

dbrisendine · ‎10-06-2008

crazyoyo -

Just to check for some things can you run a HiJackThis log and provide the details about you system, please. What is the OS and Service Pack on your system?

Please download HiJackThis for this web site. Choose the third one on the list; the executable and save it on your desktop. Run the file and select the first option on the main menu "Do a system scan and save a log file". When this is finished, Notepad will open with the log file in it. Select the Edit > Select all and Edit > Copy commands in Notepad. Then paste the copied log file in a reply post here.

Thanks.

crazyoyo · ‎07-08-2009

Thank you all. I will do that and more asap. Complicated because I need to download the stuff on another machine and put it on the affected machine with a USB stick etc. Please bear with me.

Phil

crazyoyo · ‎07-08-2009

My system is as follows:

Athlon XP 2800+ (2.08 GHZ) with 2GB of RAM running Windows XP SP3

This morning, NIS 2009's scan came up clear (one issue was corrected)

The forum either refuses that I paste all the log (more than 20,000 characters) or refuses parts of it because it recognizes it as bad HTML.

I will try to cut it in two parts and replace:

HTTP by IUUR

www by xxx

/ by ±

\ by §

Part 1:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:54:47, on 09±07±2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:§WINDOWS§System32§smss.exe

C:§WINDOWS§system32§winlogon.exe

C:§WINDOWS§system32§services.exe

C:§WINDOWS§system32§lsass.exe

C:§WINDOWS§system32§svchost.exe

C:§WINDOWS§System32§svchost.exe

C:§WINDOWS§system32§spoolsv.exe

C:§WINDOWS§Explorer.EXE

C:§WINDOWS§system32§carpserv.exe

C:§Program Files§HP§HP Software Update§HPWuSchd2.exe

C:§Program Files§iTunes§iTunesHelper.exe

C:§WINDOWS§system32§ctfmon.exe

C:§Program Files§Microsoft ActiveSync§WCESCOMM.EXE

C:§Program Files§Picasa2§PicasaMediaDetector.exe

C:§Program Files§Windows Media Player§WMPNSCFG.exe

C:§Program Files§HP§Digital Imaging§bin§hpqtra08.exe

C:§Program Files§Common Files§Apple§Mobile Device Support§bin§AppleMobileDeviceService.exe

C:§Program Files§Bonjour§mDNSResponder.exe

C:§WINDOWS§System32§CTsvcCDA.exe

C:§WINDOWS§system32§svchost.exe

C:§WINDOWS§System32§svchost.exe

C:§Program Files§Common Files§Microsoft Shared§VS7Debug§mdm.exe

C:§WINDOWS§System32§svchost.exe

C:§Program Files§Norton Internet Security§Engine§16.5.0.135§ccSvcHst.exe

C:§WINDOWS§system32§nvsvc32.exe

C:§WINDOWS§System32§svchost.exe

C:§WINDOWS§System32§MsPMSPSv.exe

C:§Program Files§Internet Explorer§iexplore.exe

C:§Program Files§Norton Internet Security§Engine§16.5.0.135§ccSvcHst.exe

C:§WINDOWS§system32§svchost.exe

C:§Program Files§iPod§bin§iPodService.exe

C:§Program Files§Internet Explorer§iexplore.exe

C:§Program Files§HP§Digital Imaging§bin§hpqSTE08.exe

C:§Program Files§HP§Digital Imaging§bin§hpqbam08.exe

C:§Program Files§HP§Digital Imaging§bin§hpqgpc01.exe

C:§Program Files§Internet Explorer§iexplore.exe

C:§Documents and Settings§Mireille Nassif§Desktop§HiJackThis.exe

R0 - HKCU§Software§Microsoft§Internet Explorer§Main,Start Page = about:blank

R1 - HKLM§Software§Microsoft§Internet Explorer§Main,Default_Page_URL = iuur:±±go.microsoft.com±fwlink±?LinkId=69157

R1 - HKLM§Software§Microsoft§Internet Explorer§Main,Default_Search_URL = iuur:±±go.microsoft.com±fwlink±?LinkId=54896

R1 - HKLM§Software§Microsoft§Internet Explorer§Main,Search Page = iuur:±±go.microsoft.com±fwlink±?LinkId=54896

R0 - HKLM§Software§Microsoft§Internet Explorer§Main,Start Page = iuur:±±go.microsoft.com±fwlink±?LinkId=69157

R1 - HKCU§Software§Microsoft§Internet Explorer§SearchURL,(Default) = iuur:±±g.msn.co.uk±0SEENGB±SAOS01?FORM=TOOLBR

R1 - HKCU§Software§Microsoft§Windows§CurrentVersion§Internet Settings,ProxyOverride = 127.0.0.1;*.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:§Program Files§HP§Digital Imaging§Smart Web Printing§hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:§Program Files§Common Files§Adobe§Acrobat§ActiveX§AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:§Program Files§Skype§Toolbars§Internet Explorer§SkypeIEPlugin.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:§Program Files§Norton Internet Security§Engine§16.5.0.135§coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:§Program Files§Norton Internet Security§Engine§16.5.0.135§IPSBHO.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:§Program Files§Google§Google Toolbar§GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:§Program Files§Google§GoogleToolbarNotifier§5.1.1309.15642§swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:§Program Files§Google§Google Toolbar§Component§fastsearch_A8904FB862BD9564.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:§Program Files§HP§Digital Imaging§Smart Web Printing§hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:§Program Files§Google§Google Toolbar§GoogleToolbar.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:§Program Files§Norton Internet Security§Engine§16.5.0.135§coIEPlg.dll

O4 - HKLM§..§Run: [CARPService] carpserv.exe

O4 - HKLM§..§Run: [NvCplDaemon] RUNDLL32.EXE C:§WINDOWS§system32§NvCpl.dll,NvStartup

O4 - HKLM§..§Run: [hpqSRMon] C:§Program Files§HP§Digital Imaging§bin§hpqSRMon.exe

O4 - HKLM§..§Run: [HP Software Update] C:§Program Files§HP§HP Software Update§HPWuSchd2.exe

O4 - HKLM§..§Run: [AppleSyncNotifier] C:§Program Files§Common Files§Apple§Mobile Device Support§bin§AppleSyncNotifier.exe

O4 - HKLM§..§Run: [QuickTime Task] "C:§Program Files§QuickTime§QTTask.exe" -atboottime

O4 - HKLM§..§Run: [iTunesHelper] "C:§Program Files§iTunes§iTunesHelper.exe"

O4 - HKCU§..§Run: [ctfmon.exe] C:§WINDOWS§system32§ctfmon.exe

O4 - HKCU§..§Run: [H±PC Connection Agent] "C:§Program Files§Microsoft ActiveSync§WCESCOMM.EXE"

O4 - HKCU§..§Run: [Picasa Media Detector] C:§Program Files§Picasa2§PicasaMediaDetector.exe

O4 - HKCU§..§Run: [WMPNSCFG] C:§Program Files§Windows Media Player§WMPNSCFG.exe

O4 - HKCU§..§Run: [swg] C:§Program Files§Google§GoogleToolbarNotifier§GoogleToolbarNotifier.exe

O4 - HKCU§..§RunOnce: [Shockwave Updater] C:§WINDOWS§system32§Adobe§SHOCKW~1§SWHELP~1.EXE -Update -1103471 -"Mozilla±4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; (R1 1.5); .NET CLR 1.0.3705; .NET CLR 1.1.4322; SpamBlockerUtility 4.8.4; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)" -"iuur:±±xxx.miniclip.com±games±tennis-grand-slam±en±"

O4 - HKUS§S-1-5-18§..§Run: [CTFMON.EXE] C:§WINDOWS§System32§CTFMON.EXE (User 'SYSTEM')

O4 - HKUS§S-1-5-18§..§Run: [ALUAlert] C:§Program Files§Symantec§LiveUpdate§ALUNotify.exe (User 'SYSTEM')

O4 - HKUS§S-1-5-18§..§RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS§.DEFAULT§..§Run: [CTFMON.EXE] C:§WINDOWS§System32§CTFMON.EXE (User 'Default user')

O4 - HKUS§.DEFAULT§..§RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:§Program Files§HP§Digital Imaging§bin§hpqtra08.exe

crazyoyo · ‎07-08-2009

Part 2:

(same replacements as Part 1):

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:§WINDOWS§System32§msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:§WINDOWS§System32§msjava.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:§Program Files§Microsoft ActiveSync§inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:§Program Files§Microsoft ActiveSync§inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:§Program Files§Microsoft ActiveSync§inetrepl.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:§Program Files§Skype§Toolbars§Internet Explorer§SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:§PROGRA~1§MI1933~1§OFFICE11§REFIEBAR.DLL

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:§Program Files§HP§Digital Imaging§Smart Web Printing§hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:§WINDOWS§Network Diagnostic§xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:§WINDOWS§Network Diagnostic§xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:§Program Files§Messenger§msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:§Program Files§Messenger§msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=iuur:±±xxx.meshcomputers.com

O16 - DPF: RaptisoftGameLoader - iuur:±±xxx.miniclip.com±haphazard±raptisoftgameloader.cab

O16 - DPF: Yahoo! Chess - iuur:±±download.games.yahoo.com±games±clients±y±ct1_x.cab

O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - iuur:±±down.plaxo.com±down±release±instub.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - iuur:±±messenger.zone.msn.com±binary±MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - iuur:±±go.microsoft.com±fwlink±?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - iuur:±±messenger.zone.msn.com±binary±MineSweeper.cab31267.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - iuur:±±a1540.g.akamai.net±7±1540±52±20030530±qtinstall.info.apple.com±bonnie±us±win±QuickTimeInstaller.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - iuur:±±messenger.zone.msn.com±EN-GB±a-UNO1±GAME_UNO1.cab

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - iuur:±±h20270.xxx2.hp.com±ediags±gmn2±install±HPProductDetection.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - iuur:±±update.microsoft.com±microsoftupdate±v6±V5Controls±en±x86±client±muweb_site.cab?1128674725062

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - iuur:±±das.microsoft.com±activate±cab±x86±i486±NTANSI±retail±DASAct.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - iuur:±±messenger.zone.msn.com±binary±MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - iuur:±±messenger.msn.com±download±MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - iuur:±±messenger.zone.msn.com±binary±ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - iuur:±±messenger.zone.msn.com±binary±Bankshot.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - iuur:±±messenger.zone.msn.com±binary±MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - iuurs:±±fpdownload.macromedia.com±get±shockwave±cabs±flash±swflash.cab

O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - iuur:±±update.hpphoto.com±download±HPSWUpdate.ocx

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - iuur:±±us.dl1.yimg.com±download.companion.yahoo.com±dl±toolbar±yiebio5_3_16_0.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:§PROGRA~1§COMMON~1§Skype§SKYPE4~1.DLL

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:§Program Files§Norton Internet Security§Engine§16.5.0.135§coIEPlg.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:§Program Files§Google§Google Toolbar§Component§fastsearch_A8904FB862BD9564.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:§Program Files§Common Files§Apple§Mobile Device Support§bin§AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:§Program Files§Bonjour§mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:§WINDOWS§System32§CTsvcCDA.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:§Program Files§Google§Common§Google Updater§GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:§Program Files§Common Files§InstallShield§Driver§11§Intel 32§IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:§Program Files§iPod§bin§iPodService.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:§Program Files§Norton Internet Security§Engine§16.5.0.135§ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:§WINDOWS§system32§nvsvc32.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:§PROGRA~1§TRENDM~1§INTERN~2§PcCtlCom.exe (file missing)

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Unknown owner - C:§PROGRA~1§TRENDM~1§INTERN~2§PcScnSrv.exe (file missing)

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Unknown owner - C:§PROGRA~1§TRENDM~1§INTERN~2§Tmntsrv.exe (file missing)

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:§PROGRA~1§TRENDM~1§INTERN~2§TmPfw.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:§PROGRA~1§TRENDM~1§INTERN~2§tmproxy.exe (file missing)

O24 - Desktop Component 0: (no name) - file:±±±C:±Documents%20and%20Settings±Mireille%20Nassif±My%20Documents±My%20Pictures±webmuseum±wm±paint±auth±cezanne±bath±cezanne.large-bathers.jpg