Who will be able to get this one?

Discussion in 'adware, spyware & hijack cleaning' started by saxofun, Feb 29, 2004.

Thread Status:
Not open for further replies.
  1. saxofun

    saxofun Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    17
    Here is the situation:
    I am surfing the net for a while, then without warning, I am not able to get any page with my browser, even by closing/reopening it

    I tried with different browser, with no result (IE, Netscape, Firefox).
    So, it is not a problem of brower.

    What is weird is that I am still active on the net because:
    1. Doing a DOS "Route Print", I can scan my IPs (router, PC, ISP).
    2. Doing a DOS ping to www.yahoo.com, I have a 4 full replies correctly.
    3. I called my ISP, but they told me that everything is allright.
    So the problem is not a matter of connection neither,

    I scanned my PC alternatively with anti-Virus NOD32v2.0 and Antiviruskit12, Spybot and Adaware no virus detected.

    I try with or without my Kerio Personal Firewall (V4), but the problem still occurs at a random period of Net browsing.

    The only solution I found to retrieve a connection is to reboot my router and my PC....Argh...

    So what is the problem? unknown virus? windows?
    What is your opinion?

    I have:
    Pentium III
    Windows2000Pro ServicePack4
    Browser: Firefox
    Firewall: Kerio Personal 4
    Antivirus: NOD32
    Internet: High Speed Sympatico
    Router: Ellink High Speed ADSL
    Network Adapter: Realtek RTL8139/810x Family Fast Ethernet NIC
    DSL Modem: SpeedStream 5200
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi saxofun :)

    Why don't u follow the instructions here,

    http://www.wilderssecurity.com/showthread.php?t=15913

    And we'll find out. ;)



    snowbound
     
  3. saxofun

    saxofun Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    17
    Here it is:

    Logfile of HijackThis v1.97.7
    Scan saved at 20:37:20, on 29/02/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\cisvc.exe
    C:\WINNT\System32\svchost.exe
    E:\Internet\Firewall\Kerio Personal\Personal Firewall 4\kpf4ss.exe
    E:\Sécurité\Anti Virus\NOD32\nod32krn.exe
    C:\PROGRA~1\SYMPAT~1\GESTIO~1\app\pppoeservice.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    E:\Internet\Firewall\Kerio Personal\Personal Firewall 4\kpf4gui.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\inetsrv\inetinfo.exe
    C:\WINNT\Explorer.EXE
    E:\Internet\Firewall\Kerio Personal\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    E:\Graveur\Easy CD Creator 5\DirectCD\DirectCD.exe
    E:\Sécurité\Anti Virus\NOD32\nod32kui.exe
    E:\System Tools\Asmw PC-Optimizer Pro\startupmaintenance.exe
    E:\System Tools\Eraser\eraser.exe
    E:\System Tools\Buzzsaw\Buzzsaw.exe
    E:\System Tools\Macro Angel\MacroAngel.exe
    E:\Internet\Browser\firefox.exe
    C:\WINNT\system32\cidaemon.exe
    C:\WINNT\system32\cidaemon.exe
    E:\System Tools\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "E:\Graveur\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [nod32kui] E:\Sécurité\Anti Virus\NOD32\nod32kui.exe /WAITSERVICE
    O4 - HKCU\..\Run: [Start up Maintenance] E:\System Tools\Asmw PC-Optimizer Pro\startupmaintenance.exe
    O4 - HKCU\..\Run: [Eraser] E:\System Tools\Eraser\eraser.exe -hide
    O4 - HKCU\..\Run: [WrCtrl] "E:\Internet\Firewall\WinRoutePro\wrctrl.exe"
    O4 - Global Startup: Buzzsaw.exe.lnk = E:\System Tools\Buzzsaw\Buzzsaw.exe
    O4 - Global Startup: Macro Angel.lnk = E:\System Tools\Macro Angel\MacroAngel.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Office2000Pro\Office\OSA9.EXE
    O9 - Extra button: Real.com (HKLM)
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi saxofun,

    Assuming NOS is now your resident AV, it might help to remove the Norton BHO.

    Check the item below in HijackThis, close all windows except HijackThis and click Fix checked:

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

    Regards,

    Pieter
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    it looks to me as if you have 2 firewalls runnin g
    kerio pf4 & winroute pro

    O4 - HKCU\..\Run: [WrCtrl] "E:\Internet\Firewall\WinRoutePro\wrctrl.exe


    winroute is probably blocking the dhcp renewa from your cable company
     
  6. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    and in no way two firewalls are good cause for a machine to run well
     
  7. saxofun

    saxofun Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    17
    In fact, I had tried Winroute Pro and uninstalled it, but a key remained....
    I will remove it and try again...
    to be continued...
     
Thread Status:
Not open for further replies.