I'm having trouble while on the internet on my computer. After about a half hour to an hour of being on the internet, my task bar changes gray...to the old Windows, or Windows 98, and my internet disconnects. When I double click on the little internet icon at the right of my task bar, nothing comes up. My computer itself is running smoothly, so I'm not sure whether it's a problem with the internet or my computer itself.

Here's a copy of my HijackThis Report:

Logfile of HijackThis v1.99.1
Scan saved at 5:23:26 PM, on 1/14/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\System\MSIWA32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\My Received Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Integrated Windows Authentication - Unknown owner - C:\Program Files\Common Files\System\MSIWA32.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

-- If this isn't the complete log, please let me know. I'd like to get this problem resolved as soon as possible. And if there isn't enough information, please let me know as well!

Thanks!

Hello, this may help.
We need to remove this service:
O23 - Service: Integrated Windows Authentication - Unknown owner - C:\Program Files\Common Files\System\MSIWA32.exe
==Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the specific service [Integrated Windows Authentication], rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now....


And then delete this file:
C:\Program Files\Common Files\System\MSIWA32.exe

If things are now back to normal update to SP2.

First of all: thanks so much for helping me!

I typed in...

sc delete "Integrated Windows Authentication" - which is the exact Service Name - but when I hit enter, a black screen popped up and then disappeared. I'm sure I have the correct Service Name. Is there anything else I can do?

Edit: Also, when I was on the maximized window of services.msc, I was not allowed to hit "Stop," even when I set it to disabled. The Service Name itself was not highlighted, but the Display Name was. I currently have the Startup Type as Disabled while the Service Type is Started. I cannot change the Service Type from Started to anything else.

Run another scan with Hijack This, place a check by both of those, and click "Fix Checked".

Here is some information on your infection: http://spywarefiles.prevx.com/RRHDDH...IWA32.EXE.html

I suggest, after fixing what you find, fully updating your virus and malware protection (it doesn't seem like you have any virus protection according to your hijack this log?) and running full scans. If you don't have any, I highly recommend Avira AntiVir www.free-av.com)(If you don't mind the advertisement that seems to pop up once a day) as it seems to be very robust. Short of that, Avast! (www.avast.com) (If you like a hands-on approach, as Avast! requires manual updates and scans, though it can schedule scans on boot) or AVG (http://free.grisoft.com/doc/5390/us/frt/0) (Good protection- not the best, in my opinion, but it be more than adequate-, automated scans and updates, some neat features).

Also, I suggest Comodo BOClean and SpywareBlaster for active protection against malware. They work pretty good hand-in-hand, BOClean prevents it from getting on, SpywareBlaster seals off the likely hideouts and critical areas. www.comodo.com, http://www.javacoolsoftware.com/spywareblaster.html respectively.

And A-squared free (http://www.emsisoft.com/en/software/download/) I find to be a very thorough program for on-demand scanning. It works well with Spybot.

Ok, so once you have that sorted out, run fully updated, full scans. You might also want some free online scans:


CA Virus Scan: http://www.ca.com/us/securityadvisor...info/scan.aspx

CA Malware Scan: http://www.ca.com/us/securityadvisor/pestscan/

Trend Micro HouseCall http://housecall.trendmicro.com/

Microsoft Live OneCare Safety Scanner http://onecare.live.com/site/en-us/default.htm

BitDefender Free Online Scanner http://www.bitdefender.com/scan8/ie.html

McAfee FreeScan http://us.mcafee.com/root/mfs/default.asp?affid=294

Windows Malicious Software Removal Tool http://www.microsoft.com/security/ma...e/default.mspx

Symantec Security Check http://security.symantec.com/sscv6/d...d=ie&venid=sym

Panda ActiveScan http://www.pandasecurity.com/usa/

---Under this line does not remove, only finds, threats---

Webroot Antispyware Scan: http://www.webroot.com/En_US/land-sp...-freescan.html

Kaspersky Free Virus Scan http://www.kaspersky.com/virusscanner (Seems to be too sensitive)

Prevex free scan: http://info.prevx.com/downloadcsi.asp

You might want to try Prevex, as it is the site that had the information on your malware! Just as another check.



Once you're confident you're clean, run windows update and/or go to support.microsoft.com and update your copy of windows.

You should be good now!

Post back with results!

Good luck,

--The Comodore

Hi, dt, that black command window will just flash. To actually see what happens you could modify that command business as follows:
Go Start, run cmd.
Then into the black command window that opens paste in:
sc delete "Integrated Windows Authentication"
That way the window will stay open so you can see the result. You close it with exit or the white cross.
So can you still see that service displayed in Services.msc? If so, in that command window [run cmd...] paste:
sc stop "Integrated Windows Authentication"
then...
sc delete "Integrated Windows Authentication"
Post a fresh HT log. Or if it does still exist try this before you make and post that log:

==Download SDFix from here: http://downloads.andymanchesta.com/R...ools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\

==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
=You must restart your computer in Safe Mode:
- press F8 several times while POST is running and before IDE detection completes.
- On the Windows Advanced Options Menu, select Safe Mode and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using the Administrator account and password. NOTE: The password is blank by default unless you set a password.
=Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode. Post the contents of the file Report.txt here, along with the log of a fresh hijackthis scan run in normal mode.

And for my two bob's worth, I like AVG AV, clean and functional, and after an initial full sys scan you should not have to scan again, cos its active component automatically checks everything that runs, is run, or tries to run.
Spywareblaster is neat, you just gotta have it. It uses the registry and CLSID values of nasty ActiveX's to block them... if they were already on when you loaded SWB they cannot run, and if any of those listed try to get on they are blocked. It's neat, and almost no load. That registry is going to be checked anyway.. SWB just puts entries in it.
A bit more, fixing an O23 entry with Hijackthis does not delete it; it should disable and stop it. But you can use the HT feature under Misc Tools- Delete an NT service.
So many ways to do things.. such choices to make.

All right. I think that 023 whatever thing is gone now. (Yay!) I'll see if my computer is still acting up and will reply and change the status of this thread accordingly. Thanks to everyone who helped! You guys rock. <3

Here's an update of my HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:28:59 PM, on 1/15/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\svchost.exe
C:\Documents and Settings\Owner\My Documents\My Received Files\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F732A02F-5674-43C2-AEEA-583194263FFC}: NameServer = 66.81.1.251 66.81.1.252
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

No word on your current protection status then?

Your log looks clean to me, but get something to keep it that way!

All the best,

--The Comodore

Yes, dt, do as comodore recommends, you must, simply must use an AV.
Choose one of these:
AVG FRE, Avast, Avira....

AVG Free 7.5 at http://free.grisoft.com/doc/5390/lng/us/tpl/v5
Avira personal free at http://www.free-av.com/
Avast home edition at http://www.avast.com/eng/avast_4_home.html

Get this:
Spywareblaster
and one of these:
ZoneAlarm Free, Kerio, Comodo

PS... this is the latest HT version:http://www.majorgeeks.com/download5554.html
And now that your sys is clean... GET SP2 !! [skip SP1...]

Thanks for all the suggestions! But which one out of the ZoneAlarm Free, Kerio, or Comodo do you recommend the most? And how could this problem have started anyway?