1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Possible XP block of network

Discussion in 'Virus & Other Malware Removal' started by aw56001, Jan 5, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. aw56001

    aw56001 Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    26
    Hello all
    I have been referred to this forum by Terrynet (Moderator?)
    I am running XP with SP2 on one computer and this is networked to a computer running ME facilitated by ethernet cards in both computer, a crossover cable and a broadband Speedtouch 330 modem. There is Norton AV and firewall on the XP computer and the ME computer is configured to run via the Norton Firewall (Windows Firewall is disabled). There is no AV software on the ME computer as it is used for internet only (but I will install some if I get this problem fixed.

    When I boot up the XP computerthe network is fine:

    Windows IP Configuration
    Host Name . . . . . . . . . . . . : D6700
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Mixed
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : No


    Howeverafter about 10 minutes the network fails, the ME computer won't access anything on the internet although the XP computer remains able to access the internet/mail, and the "IP Routing Enabled" part of the is changed to "No" after a further ipconfig /all scan.
    If I reboot the XP computer the network is OK again for 10 minutes, after which it fails again.
    Terrynet suggested that I do a hijackthis scan which is underneath and post it to this forum to try and determine what is switching the IP Routing Enabled to NO.
    I wondered if someone with knowledge of this please examine the hijackthis script and see if there is something there that shouldn't be there.
    Many thanks
    Andrew Wilson:( :(
    Logfile of HijackThis v1.99.1
    Scan saved at 14:34:18, on 05/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\UMonit.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\MultiRes\MultiRes.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\TWINTO~1\MouseElf.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\NetMeter\NetMeter.exe
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wupdates.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\UMonit.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O5 "LPT1:" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "EPSON Stylus Photo RX420 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Update] msupdate.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\RunServices: [Microsoft Update] msupdate.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Corel Family and Friends Reminders.LNK = C:\Program Files\Corel\Print House Magic\cffrem.exe
    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAccess/ie/bridge-c5.cab
    O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120267388078
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4DCA9504-52C3-4A89-BF68-8EE1579A7109}: NameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{52E2B685-A695-4C94-9AD8-A9B4D34CAFA6}: NameServer = 195.92.195.94 195.92.195.95
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Microsoft Windows Update Components (Windows Update Component) - Unknown owner - C:\WINDOWS\wupdates.exe
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,660
  3. aw56001

    aw56001 Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    26
    Eddie
    Thanks for replying.
    Apologies I forgot to post back.
    I discovered that I had some viruses/worms that Norton 2004 had picked up. I deleted these but didn't realise that they were still in Windows Start up until I did another Hijackthis log. After a severe scrutinity of the system using downloadable tools I managed to delete these entirely (msupdate.exe, wupdates.exe and another which I can't remember).
    I set up the network again and it worked perfectly!! I never realised that viruses/worms could block a network.
    Thanks again
    Andrew Wilson
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,660
    That's okay, Andrew, just like to hit the thraeds that have no replies from a week ago, as some may still be having problems :)

    Glad to hear its all working again for you :)

    eddie
     
  5. aw56001

    aw56001 Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    26
    Eddie
    Are you really from Bradford? Well what a coincidence - so am I!! I live in Tyersal and have done so for all of my life. Which part are you from?
    Regards
    Andrew:) :)
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,660
    Yep, up in Undercliffe. Haven't seen much of tyersal, but I have passed it a few times :)

    Not from Bradford, only lived here about 16 years.

    eddie
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/431342

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice