Hi,
My internet connection is getting blocked every other minute before it comes back again. I've checked with my broadband provider and everything seems ok. I have AVG (free version) and Zone Alarm (free version). Neither picked anything up. I've just installed Spy Sweeper and it found a few adware and a trojan - topconverting downloader. It appears to have removed these. But I'm still having problems.
Can anyone help me please before I find a short plank to take a long walk off!
richt71 0 Newbie Poster
dlh6213 27 Posting Maven Team Colleague
If you have Windows XP, download WinsockXPFix from here: WinsockXPFix
Run it, and click the Fix button; choose YES when asked if you want to proceed.
If it still doesn't work, try IEFix -- http://windowsxp.mvps.org/IEFIX.htm
If it still isn't working (or even if it is), get the latest, self-extracting, version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html
Close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.
Another thing you can try is getting another browser (such as Firefox or Opera) to see if the problem is with IE or something else.
richt71 0 Newbie Poster
If you have Windows XP, download WinsockXPFix from here: WinsockXPFix
Run it, and click the Fix button; choose YES when asked if you want to proceed.
If it still doesn't work, try IEFix -- http://windowsxp.mvps.org/IEFIX.htm
If it still isn't working (or even if it is), get the latest, self-extracting, version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.htmlClose any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.
Another thing you can try is getting another browser (such as Firefox or Opera) to see if the problem is with IE or something else.
Thanks for your reply.
I'm actually using firefox as my main browser but have tried IE6 plus outlook. All do the same. I'm using windows 98SE.
I'll do as you suggest and get a log file posted.
dlh6213 27 Posting Maven Team Colleague
You can get the non-XP Winsockfix from here:
http://www.digitalminds.net/index.pl/downloads
But if Firefox is doing it too, the problem most likely isn't the browser. Try post a HijackThis log.
richt71 0 Newbie Poster
If you have Windows XP, download WinsockXPFix from here: WinsockXPFix
Run it, and click the Fix button; choose YES when asked if you want to proceed.
If it still doesn't work, try IEFix -- http://windowsxp.mvps.org/IEFIX.htm
If it still isn't working (or even if it is), get the latest, self-extracting, version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.htmlClose any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here.
Another thing you can try is getting another browser (such as Firefox or Opera) to see if the problem is with IE or something else.
Here's the log:-
Logfile of HijackThis v1.99.1
Scan saved at 2:22:51 PM, on 7/26/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\TPPSTRAY.EXE
C:\PROGRAM FILES\ACEBIT\WISE-FTP\WF_SCHEDULER.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\SYNC2IT\SYNC2IT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.3.96.40:8080
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\IPSWITCH\WS_FTP HOME\WSBHO2K0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaaa.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Eraser] C:\PROGRAM FILES\ERASER\ERASER.EXE -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Wise-FTP Scheduler] C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
O4 - HKCU\..\RunServices: [Eraser] C:\PROGRAM FILES\ERASER\ERASER.EXE -hide
O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [Wise-FTP Scheduler] C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
O4 - Startup: Sync2It.lnk = C:\Program Files\Sync2It\Sync2It.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
DMR 152 Wombat At Large Team Colleague
There are no obvious signs of malicious activity (or anything else overtly wrong) in your HijackThis log, although I do have a question about this proxy setting:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.3.96.40:8080
Is that proxy server setting related to/required by your ISP? Since you're going through a proxy, the problem might not be on your end at all.
Also, when you say: " My internet connection is getting blocked", what exactly do you mean by "blocked"? Does your connection just get dropped, or do you really mean that something is blocking it? Do you get any error messages about this? Give us more specific information about that if you can.
richt71 0 Newbie Poster
There are no obvious signs of malicious activity (or anything else overtly wrong) in your HijackThis log, although I do have a question about this proxy setting:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.3.96.40:8080
Is that proxy server setting related to/required by your ISP? Since you're going through a proxy, the problem might not be on your end at all.
Also, when you say: " My internet connection is getting blocked", what exactly do you mean by "blocked"? Does your connection just get dropped, or do you really mean that something is blocking it? Do you get any error messages about this? Give us more specific information about that if you can.
Thanks for your reply.
The proxy was set up today by my ISP due to my ongoing connections issues.
What I mean by blocking is that for about a minute every other minute I get an error 'can't coonect to www.bbc.co.uk'. I click it again a minute later and it finds it. Only to lose it again a minute later. It's the same with my outlook. My isp says because I can get an ISP address it's working ok at there end.
DMR 152 Wombat At Large Team Colleague
1. Give us more information and history on the problem: when it started happening, whether or not you made any adds/removes/changes to the system at around that time (think carefully about that one), what kind of Internet connection you use, whether or not you have a router in the equation, etc.
2. Have you disabled Zone Alarm entirely or perhaps tried uninstalling it? Having a firewall active while troubleshooting connection issues only adds another layer of possible complications. To make sure that you've entirely disabled ZA, go into the program's options/preferences, turn off the option to automatically start the program when Windows starts, and reboot. Simply choosing to disable the firewall once it has started often does not shut it down completely.
richt71 0 Newbie Poster
1. Give us more information and history on the problem: when it started happening, whether or not you made any adds/removes/changes to the system at around that time (think carefully about that one), what kind of Internet connection you use, whether or not you have a router in the equation, etc.
2. Have you disabled Zone Alarm entirely or perhaps tried uninstalling it? Having a firewall active while troubleshooting connection issues only adds another layer of possible complications. To make sure that you've entirely disabled ZA, go into the program's options/preferences, turn off the option to automatically start the program when Windows starts, and reboot. Simply choosing to disable the firewall once it has started often does not shut it down completely.
Thanks for the reply
1. The problem has existed for about 2 months now. The only applications I have changed since I formatted windows in March are bet angel - .net application, coolstreaming and eraser. It has occassionally dropped the connection but appears to have got worse laterally. Over the weekend I couldn't connect without shutting both the cable modem and computer down and re-starting them. It appears to be slightly better now after I did a scan with web sweeper and removed toploader download trojan.
I have a 3 meg broadband connection. It goes straight from the NTL cable modem to my computer via a usb 1 socket and cable.
2. I've now disabled zone alarm. It hasn't made any difference to the problem unfortuantely.
richt71 0 Newbie Poster
I've just noticed that on many website I visit it says in the bottom left 'transfering data from awrz.net' 'waxy.org' or 'amch.questionmarket.com'. These were on many sites like bbc.co.uk.
richt71 0 Newbie Poster
Last night my connection came back! All I did was remove data files as I was thinking I might need to format. So I can only presume it was my ISP NTL and not my computer.
By the way I do have the virus java/byteVerify on my system and my anti-virus AVG can't seem to remove it. Any idea's?
Many thanks for all youtr help.
dlh6213 27 Posting Maven Team Colleague
Glad you got that first problem worked out :)
Download, install, and update Ewido –-
http://www.download.com/Ewido-Security-Suite/3000-8022_4-10326287.html?tag=lst-0-1, but don't scan yet.
Reboot into Safe Mode and do a full system scan with Ewido, allowing it to fix whatever it finds (note: you will be posting the log from this scan with your next reply).
Reboot normally, close any open browser windows, scan with HJT, and post a new log along with the Ewido log.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.