Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet stops working even though it's connected


  • This topic is locked This topic is locked
2 replies to this topic

#1 Bazzah

Bazzah

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 29 October 2012 - 09:46 AM

Hello!

Story behind it all. You can skip it because i doubt it'll be useful but i decided to post it anyway.

Everything started when i tried installing Microsoft Office because i needed it for my college project. But every single time I tried it stopped in the middle of installation showing up something like: "Error was found during installation of the product Microsoft Office. Windows setup can't update one or more protected Windows files." [translation might not be exact but the point is still made]. So i started googling the problem, tried deleting rgstrtn.lck file and all other crap i could find on internet but nothing worked. On one forum i found a guy who had the same problem, he said he runned ComboFix and that helped. [Turned out it didn't work for me in the end btw]

So i downloaded and runned ComboFix without reading any manual whatsoever. That's when my problems started: Internet worked for about 10 minutes, after that time I couldn't load any site even though i was connected. So i restarted my connection and again it worked for couple of minutes. It was hella annoying but at least it worked. But recently times between, let's call it "timeouts", got even shorter (1-3 mins) so i went to ComboFix site (read there that it is not advised to use by not advanced users, oh well...) and runned it again doing everything by the manual this time, thinking: "Could it be any worse?". Turns out it can :D. Now i can't use internet at all even though i'm connected to it. I tried restarting computer and repairing internet connection but it didn't work. I'm using wireless web that my neighbours share with me. I tried using my mobile modem device but it also doesn't work as it should.
I mean it works, but very slow, it shows up and works at 236,8 kb/s speed when the signal is full and it should be at least 20mb/s.

I'm using Asus netbook:
Intel Atom
CPU N455
1.66GHz, 1.67GHz
0.99 GB RAM
Windows XP professional 2002 SP3

ComboFix log:
ComboFix 12-10-29.01 - ADMIN 12-10-29 13:48:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1014.674 [GMT 1:00]
Uruchomiony z: c:\documents and settings\ADMIN\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-09-28 do 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-28 11:27 . 2012-10-28 11:30 -------- d-----w- c:\documents and settings\ADMIN\Ustawienia lokalne\Dane aplikacji\Google
2012-10-28 11:27 . 2012-10-28 11:29 -------- d-----w- c:\program files\Google
2012-10-23 18:51 . 2012-10-29 12:46 -------- d-----w- c:\documents and settings\ADMIN\Dane aplikacji\OpenOffice.org2
2012-10-23 18:49 . 2012-10-23 18:49 -------- d-----w- c:\program files\OpenOffice.org 2.4
2012-10-23 18:25 . 2012-10-23 18:25 -------- d-----w- c:\documents and settings\ADMIN\Ustawienia lokalne\Dane aplikacji\Microsoft Help
2012-10-23 18:24 . 2012-10-24 17:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2012-10-17 20:31 . 2012-10-17 20:31 18944 ----a-r- c:\documents and settings\ADMIN\Dane aplikacji\Microsoft\Installer\{08E9C35A-A0AE-43FA-AEA1-E4F58A87FBD1}\Icon7BD916931.exe
2012-10-17 20:31 . 2012-10-17 20:31 11264 ----a-r- c:\documents and settings\ADMIN\Dane aplikacji\Microsoft\Installer\{08E9C35A-A0AE-43FA-AEA1-E4F58A87FBD1}\Icon7BD91693.exe
2012-10-17 13:54 . 2012-10-17 13:54 -------- d-----w- c:\documents and settings\ADMIN\Dane aplikacji\MathWorks
2012-10-17 13:46 . 2004-07-29 22:35 1077344 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-10-17 13:46 . 2004-03-01 22:05 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2012-10-17 13:46 . 2004-02-11 14:37 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2012-10-10 15:57 . 2012-10-10 15:57 -------- d-----w- c:\documents and settings\ADMIN\.gstreamer-0.10
2012-10-10 15:57 . 2012-10-10 15:57 -------- d-----w- c:\documents and settings\ADMIN\.config
2012-10-09 22:29 . 2012-10-10 00:02 -------- d-----w- c:\documents and settings\ADMIN\AbiSuite
2012-10-09 22:28 . 2012-10-09 22:29 -------- d-----w- c:\program files\AbiWord
2012-10-01 13:25 . 2012-10-01 13:25 -------- d-----w- C:\PROG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 21:44 . 2012-08-10 10:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 21:44 . 2012-08-10 10:37 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-04 17:50 . 2012-09-04 17:50 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-10 01:46 . 2012-08-10 02:17 1571840 ----a-w- c:\windows\system32\sfcfiles.dll
2012-08-10 01:46 . 2012-08-10 02:23 46632 ----a-w- c:\windows\system32\drivers\l1e51x86.sys
2012-08-10 01:45 . 2012-08-10 02:23 1992864 ----a-w- c:\windows\system32\drivers\athw.sys
2012-10-27 19:38 . 2012-10-27 19:38 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-08-10 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_blueconnect"="c:\program files\blueconnect\UpdateDog\ouc.exe" [2011-03-26 116064]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-25 134656]
"RTHDCPL"="RTHDCPL.EXE" [2012-03-14 20065896]
"DataCardMonitor"="c:\program files\blueconnect\DataCardMonitor.exe" [2012-08-28 259424]
.
c:\documents and settings\ADMIN\Menu Start\Programy\Autostart\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\Gry\\Twierdza\\Stronghold.exe"=
"e:\\Gry\\Twierdza Krzyzowiec\\Stronghold Crusader.exe"=
"e:\\Gry\\Starcraft\\StarCraft.exe"=
.
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [12-08-10 03:17 69248]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [12-08-10 03:17 212520]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [12-08-10 03:18 125952]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [12-09-04 18:50 242240]
R3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys [12-08-28 15:25 13024]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [12-08-28 15:25 90368]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [12-08-28 15:25 73216]
R3 L1c;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [11-12-23 16:56 82032]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12-10-28 12:27 116648]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [11-03-14 16:27 271712]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12-08-10 11:37 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [09-11-18 06:16 1691480]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [12-08-28 15:25 102784]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12-10-28 12:27 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [12-08-10 10:58 115168]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 21:44]
.
2012-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-28 11:27]
.
2012-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-28 11:27]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com
FF - ProfilePath - c:\documents and settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\aww1lofv.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.pl/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-29 13:54
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\blueconnect\DataCardMonitor.exe?SOR_ARCHITECTURE=x86?PR?? ??????y??????????????????????!???????????@???g 10, GenuineIntel?PROCESSOR_LEVEL=6?PROCESSOR_REVISION=1c0a?ProgramFiles=C:\Program Files?SESSIONNAME=Console?SystemDrive=C:?SystemRoot
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-1644491937-1614895754-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,c4,79,07,67,3e,19,40,bf,ba,87,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,c4,79,07,67,3e,19,40,bf,ba,87,\
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(1924)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Czas ukończenia: 2012-10-29 13:55:33
ComboFix-quarantined-files.txt 2012-10-29 12:55
ComboFix2.txt 2012-10-24 16:55
.
Przed: 28 908 142 592 bajtów wolnych
Po: 28 902 203 392 bajtów wolnych
.
- - End Of File - - 9B767E696200DEC2E9205674A2D6CE87

Oh and i don't use any antivirus programs... yeah i know.
Out of programs worth mentioning I only use CCleaner to scan my registers from time to time.

Edited by hamluis, 29 October 2012 - 10:15 AM.
Moved from XP to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:38 PM

Posted 31 October 2012 - 01:06 AM

Hello Bazzah :)

  • I will be helping with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

Let's begin:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

__

Posted Image Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the options are checked
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool was run.
  • Post the contents of FSS.txt into your next message.

Edited by thisisu, 31 October 2012 - 01:07 AM.


#3 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:38 PM

Posted 03 November 2012 - 06:43 PM

Due to the lack of feedback, this topic will be closed.

If you need the topic re-opened, private message me or any moderator to re-open the thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users