(Solved) Internet Connection Works Selectively?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

CyBerAliEn

Thread Starter
Joined
Nov 25, 2001
Messages
1,209
Alright...

My internet connection is a cable internet connection. It connects into an external cable modem. This modem then connects into a router. From the router are connected 4 computers (the family computer, a spare computer, my desktop computer, and my laptop).

I am able to do EVERYTHING perfectly fine on the spare computer, my desktop, and my laptop. I can access email, instant messengers, internet (websites), network drives, etc.

To also add, the family computer (and all my other computers) are all running Windows XP.

So saying the above, and hoping people actually read this before replying, obviously there is not a problem with the network connections or internet connections themselves.


*******************************


Now this is my problem and it has me rather baffled...

On the family computer (the one with the problem, and the only one with the problem), I am unable to access ANY site through Internet Explorer. It keeps coming up with Page Cannot be Displayed after attempting to load it.

If I try to connect to MSN, and it is unable to connect.

If I try to connect to AIM, and it is unable to connect.

However, it is able to perfectly fine connect into Kazaa, as well as download through Kazaa.

If go to the command prompt, I am able to ping my other computers on the network. I am also able to access network drives that are on other computers in the network from this computer.

From any other computer on the network, I can also ping the family computer and access its network drive.

I went into my router configuration thing and it showed of course that the family computer was connected to it.

I've disabled and enable the connection and it has had no effect.

I have "repaired" the connection, with no effect.

I have gone into the command prompt and entered "ipconfig" and it pulls up the correct information.

The computer was working completely fine about three days ago and nothing has been changed on the computer and suddenly something changed.




What exactly is going on with the computer? I find it completely baffling what is going on with it. How do I get this fixed ASAP?


Thanks in advance to those who respond and help out! :D
 
Joined
Feb 28, 2001
Messages
11,584
CyBerAliEn
I will assume you have done the routine items like cleaning Temp Internet files but another consideration is you are using Kazaa. With that app comes risks such as Viruses, Spyware, Hijackjacking BHO's and the like.
Have you Run the security drill like housecalls, Spybot S&D and HiJackThis?
You may want to consider doing that if nothing else turns up as a problem. Kazaa will turn up as spyware using Spybot S&D and I would suggest using an alternative like WinMX to replace Kazaa.
That is all I can suggest at this time.
Here is the drill link if you wish to explore it.
http://forums.techguy.org/t157045/s.html

Dave
 

CyBerAliEn

Thread Starter
Joined
Nov 25, 2001
Messages
1,209
I went through Spybot S&D and cleared out everything.

Of course, it still isn't working.

Any idea why Kazaa is able to get onto the internet (and download from Kazaa), but instant messengers, internet explorer, etc don't work?

It's possible there might be another program that can get through the internet on the family computer, but I obviously haven't found it yet (if it even exists ;)).
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
Do this on the family computer, I suspect the latest hosts file hijack

go to http://www.spywareinfo.com/~merijn/files/hijackthis.zip , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 
Joined
Feb 28, 2001
Messages
11,584
Kazaa has protocol and port settings in it I believe. I helped my Step Daughter set up WinMX and one of the steps was that.
You may look inside Kazaa to see if there is some problem there. I am not familiar with Kazaa's inner workings since I refused anyone here to use it.
Have you looked to see if you have anything listed in your hosts file? If not do a search\find typing in hosts only. There may be several files displayed but the one you wish to explore is named just Hosts. Open it in notepad and see if there is a string of items listed there.

Dave

PS: I see DVK is going down the same path I am!:D :D :cool:
 

CyBerAliEn

Thread Starter
Joined
Nov 25, 2001
Messages
1,209
OK.

I will be getting to that in about an hour or so after I finish up some things. So when I am able to, I will do the HijackThis and put the log in here and do the search regarding the "hosts" thing.

What exactly is a "hosts" file or what does it do?

Thanks for the advice so far!


Andrew
 

CyBerAliEn

Thread Starter
Joined
Nov 25, 2001
Messages
1,209
OK, below is the log from Hijack This.

I scanned through it myself, and the only thing that really pops out at me is:

Startup: haha.exe

Doesn't look to be a normal program to me.


Logfile of HijackThis v1.97.2
Scan saved at 4:27:25 PM, on 10/3/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\lexpps.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Mikey\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
O1 - Hosts: 66.230.146.42 gator.com #cooklop
O1 - Hosts: 66.230.146.42 tripod.com #cooklop
O1 - Hosts: 66.230.146.42 www.tripod.com #cooklop
O1 - Hosts: 66.230.146.42 geocities.com #cooklop
O1 - Hosts: 66.230.146.42 www.geocities.com #cooklop
O1 - Hosts: 66.230.146.42 adultfriendfinder.com #cooklop
O1 - Hosts: 66.230.146.42 www.adultfriendfinder.com #cooklop
O1 - Hosts: 66.230.146.42 cj.com #cooklop
O1 - Hosts: 66.230.146.42 www.cj.com #cooklop
O1 - Hosts: 66.230.146.42 paypopup.com #cooklop
O1 - Hosts: 66.230.146.42 www.paypopup.com #cooklop
O1 - Hosts: 66.230.146.42 worldsex.com #cooklop
O1 - Hosts: 66.230.146.42 www.worldsex.com #cooklop
O1 - Hosts: 66.230.146.42 free6.com #cooklop
O1 - Hosts: 66.230.146.42 www.free6.com #cooklop
O1 - Hosts: 66.230.146.42 trafficmp.com #cooklop
O1 - Hosts: 66.230.146.42 www.trafficmp.com #cooklop
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Lwinst Run Profiler] .\Lwtest.exe /detect /quiet /launch ".\Lwpevntm.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MOD] d:\program files\microangelo\muamgr.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [win32app] C:\WINDOWS\System32\winpup32.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\RunOnce: [BullguardoptIn] C:\WINDOWS\Temp\BullGuard\bulldownload.exe
O4 - Startup: haha.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqvalet.com/plugin/axversion/1000/printQuick.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37576.3657291667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\windows: NameServer = 69.57.146.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{03C20CA5-188A-4556-AA53-7497D0924D07}: NameServer = 69.57.146.14
O17 - HKLM\System\CS1\Services\VxD\MSCTP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.57.146.14
O17 - HKLM\System\CS1\Services\Tcpip\..\windows: NameServer = 69.57.146.14
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14
 
Joined
Feb 28, 2001
Messages
11,584
CyBerAliEn
Here are the results of the review of your log. As you can see there is allot of spyware, hijacked items, and malware involved.
I strongly suggest you get rid of Kazaa and if the kids need a P2P app then use WinMX. Much safer currently.

Rerun Hijack This and place checkmarks in front of of items listed below and have HiJack This remove them. If you decide to remove Kazaa uninstall first and run an updated Spybot S&D to remove the scraps and other found before running HiJack for cleaning.

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com...sm&sstring=
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
O1 - Hosts: 66.230.146.42 gator.com #cooklop
O1 - Hosts: 66.230.146.42 tripod.com #cooklop
O1 - Hosts: 66.230.146.42 www.tripod.com #cooklop
O1 - Hosts: 66.230.146.42 geocities.com #cooklop
O1 - Hosts: 66.230.146.42 www.geocities.com #cooklop
O1 - Hosts: 66.230.146.42 adultfriendfinder.com #cooklop
O1 - Hosts: 66.230.146.42 www.adultfriendfinder.com #cooklop
O1 - Hosts: 66.230.146.42 cj.com #cooklop
O1 - Hosts: 66.230.146.42 www.cj.com #cooklop
O1 - Hosts: 66.230.146.42 paypopup.com #cooklop
O1 - Hosts: 66.230.146.42 www.paypopup.com #cooklop
O1 - Hosts: 66.230.146.42 worldsex.com #cooklop
O1 - Hosts: 66.230.146.42 www.worldsex.com #cooklop
O1 - Hosts: 66.230.146.42 free6.com #cooklop
O1 - Hosts: 66.230.146.42 www.free6.com #cooklop
O1 - Hosts: 66.230.146.42 trafficmp.com #cooklop
O1 - Hosts: 66.230.146.42 www.trafficmp.com #cooklop
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [win32app] C:\WINDOWS\System32\winpup32.exe
...Note: After Rebooting locate and delete the Winpup.exe

... Below is Kazaa related items. I encourage you to uninstall Kazaa and use Spybot to clean the rest!
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
......
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\RunOnce: [BullguardoptIn] C:\WINDOWS\Temp\BullGuard\bulldownload.exe
O4 - Startup: haha.exe

O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\windows: NameServer = 69.57.146.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{03C20CA5-188A-4556-AA53-7497D0924D07}: NameServer = 69.57.146.14
O17 - HKLM\System\CS1\Services\VxD\MSCTP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.57.146.14
O17 - HKLM\System\CS1\Services\Tcpip\..\windows: NameServer = 69.57.146.14
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14

----------------------------------

After HiJack This does it trick then restart system, delete Winpup as instructed, rerun HiJack This and post new log back here for review.

Dave
 

CyBerAliEn

Thread Starter
Joined
Nov 25, 2001
Messages
1,209
OK, I will get the Hijack This removal stuff done.

How do I scan the computer for "haha"?

As noted, I am unable to access the internet on that computer. I do not have an anti-virus on that computer. The only computer that has one is my laptop (since I bring it to work and connect it into other networks outside of home) and I have never gotten a virus before or such before in the last 6 years. The only person who uses the "family" computer is my cousin who is staying with me again. So I guess he's gotten some viruses on it already, lol...

My laptop has Norton by the way.

I'll get going on that stuff though...

Thanks again!


Andrew
 

CyBerAliEn

Thread Starter
Joined
Nov 25, 2001
Messages
1,209
You can sratch the "how do I scan".

Went through the site and found I could also scan network drives.

So it is scanning it now. So far it has found and removed one malware.

What is "malware"? :confused:


Andrew
 
Joined
Feb 28, 2001
Messages
11,584
CyBerAliEn
Well were caught in a catch 22 then!
Remove all the items as specified and Kazaa to if your agree. After HiJack does its magic your Internet connection should work and then run to housecalls and remove the HaHa Trojan.

Dave
 
Joined
Feb 28, 2001
Messages
11,584
To my understanding.....
Malware = MaliciousWare very similiar to trojans but do not replicate as viruses do.

Dave
 

CyBerAliEn

Thread Starter
Joined
Nov 25, 2001
Messages
1,209
I have no problem removing Kazaa, I never used it.

If I remove it, is it going to remove all the stuff my cousin downloaded through it?

Also, is Kazaa the only cause of this? Or could something else had been it? I'd really like to have talk with my cousin about what to and not to install, lol

...Still scanning for viruses...
 
Joined
Feb 28, 2001
Messages
11,584
CyBerAliEn
Kazaa is a major source of the junk but I am sure without an active antivirus nowadays one will pick-up more than bargined for in other places.
You may want to consider using AVG Antivirus by Grisoft. They still have a free version and I here it is quite nice.
http://www.grisoft.com/us/us_dwnl7.php

As far as the music or whatever your cousin downloaded you may want to see what folder the stuff is located in and copy it to a "My Docs" folder to be safe.

Dave
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top