1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet disconnects every few seconds

Discussion in 'Networking' started by bop240, Dec 19, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. bop240

    bop240 Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    17
    Hi all, today my internet started turning on/off every 5 mins or so. Hasn't happened before, started today. Turned off firewall, but no result. Also, when I try to play WC3, I get disconnected and internet goes down for a few seconds. Heres my HijackThis log. Thanks :D.

    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Warcraft III\Custom Hero Footies Stats PRO.exe
    C:\Program Files\Clicky Gone\ClickyGone.exe
    C:\WINDOWS\system32\conime.exe
    c:\documents and settings\boyang.dmx\桌面\warcraft iii\war3.exe
    C:\Documents and Settings\Boyang.DMX\My Documents\Downloads\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Google Pinyin 2 Autoupdater] "C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe"
    O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" /md I
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [cacaoweb] "C:\Program Files\cacaoweb\cacaoweb.exe" -noplayer
    O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [quick] C:\WINDOWS\System32\quick.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [page] C:\WINDOWS\System32\page.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [favme] C:\WINDOWS\System32\favme.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Browseui ?¤?ó??3ìDò - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: ×é?tàà±e?o′?3ìDò - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

    --
    End of file - 7493 bytes
     
  2. WebKing27

    WebKing27

    Joined:
    Dec 16, 2006
    Messages:
    78
    This should go into virus/ malware removal forum.
     
  3. bop240

    bop240 Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    17
    Really? I wasn't sure. I thought internet would be the right place :/.
     
  4. shannon08

    shannon08

    Joined:
    Jul 30, 2008
    Messages:
    355
    Hey, it happens me to its problem with net connections, go to settings and check with net connections.
     
  5. bop240

    bop240 Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    17
    What do you mean? I don't understand, my ISP? :S
     
  6. geek117

    geek117

    Joined:
    Nov 12, 2010
    Messages:
    256
    As WebKing27 said, this belongs in the malware forum. The attached Hijackthis log appears to reveal several malware infections. This is not simply a networking issue.
     
  7. bop240

    bop240 Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    17
    Oh, can you tell me what they are?
     
  8. geek117

    geek117

    Joined:
    Nov 12, 2010
    Messages:
    256
    No sir, I do not have approval to assist in any matters of malware removal. That is reserved for a limited number of users that have approval from the Moderators. Doing so would be a violation of forum rules. However, your log file shows what looks to be a Backdoor Trojan infection that can cause DDoS attacks.

    http://en.wikipedia.org/wiki/Ddos#Distributed_attack

    Once someone does help you clean up your system, I would recommend visiting the following pages in order to help protect your computer in the future as it would appear that you do not keep Windows up to date or have any sort of Anti-virus protection installed on your computer.

    http://forums.techguy.org/general-security/603629-security-help-tools.html
    http://forums.techguy.org/general-security/603635-general-security-information-how-tighten.html
     
  9. bop240

    bop240 Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    17
    Darn, well thanks for what help you could give.
    Anyone who is approved help? :).

    Also, does this mean my PC is being used as part of a DDOS?
     
  10. bop240

    bop240 Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    17
    Damn, its gotten real slow now. Can't access Google at all.
     
  11. geek117

    geek117

    Joined:
    Nov 12, 2010
    Messages:
    256
  12. bop240

    bop240 Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    17
    Oh, I suppose "Damn" breaches the rules? :S
     
  13. geek117

    geek117

    Joined:
    Nov 12, 2010
    Messages:
    256
    That's not for me to decide, i'm just giving you a heads up.
     
  14. bop240

    bop240 Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    17
    It has been a while now, the problem still persists. Anyone help please?
     
  15. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,886
    First Name:
    Terry
    Read Everyone MUST read this BEFORE posting for help in this forum, post the requested information here, and then click on Report at the bottom of your post and request this thread be moved to the Virus & Other Malware Removal forum.

    I don't read HJT logs as well as geek117 does but I'm pretty sure he is correct about the malware.

    Bump your thread there once a day--no more often--until you get a reply. They're kinda busy over there.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/969487

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice