0

I've run a number of spyware, virus, and malware software, but I still can't seem to load certain web pages (innocuous ones like slick-deals.net, lowermerion.org, phuturephillies.com).

Any help is appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:37 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\RSDP\blackd.exe
C:\Program Files\Cisco systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SiI4726\SiI 4726 Manager\SiI4726.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\RightFax\Client\FaxCtrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ZoneTick\zonetick.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.58.205.61:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\Client\FaxCtrl.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sametime Connect] "C:\Program Files\Lotus\Sametime Client\Connect.exe"
O4 - HKCU\..\Run: [ZoneTick] C:\Program Files\ZoneTick\zonetick.exe
O4 - Startup: taskmgr.exe.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {226906C8-B911-11D5-82A3-0000F81A655B} (DreamFactory Control) - https://www.dreamfactory.com/codebase/dfacactx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190637885083
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190640876376
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://synygy.webex.com/client/v_mywebex-t20/training/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = synygy.net
O17 - HKLM\Software\..\Telephony: DomainName = synygy.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = synygy.net
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\RSDP\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\RSDP\RapApp.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SiI 4726 Manager - Unknown owner - C:\Program Files\SiI4726\SiI 4726 Manager\SiI4726.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9101 bytes

2
Contributors
15
Replies
18
Views
9 Years
Discussion Span
Last Post by scrapple
0

Seems to me that the sites are blocked by the Proxy Server.

Does that seem possible to you?

I don't think I'm using a proxy server, but I could be wrong. If I check the connection settings on Firefox and IE, they're both "direct connection", and this happens to me at both work and home (it's a laptop). The other odd thing is that the sites that I have a hard time with, I can sometimes get to the top level page, but can only access them once a day. As soon as I click a link on the page, I'm locked out of the domain for a day or more.

I was trying to access www.lowermerion.org today to get the number for the public works department. The home page loaded, but as soon as I clicked on "Departments" I got unable to load page messages. Now I can't even get to the home page, while any other machine can access.

0

It was this HJT entry on quick examination that led to my suggestion:
---------------------------------------------------------
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.58.205.61:80
---------------------------------------------------------
On thinking further about this, that IP address would be your service provider, set into your router. But HJT does report this as an IE setting.

So that leads me to two other thoughts especially since you can get through to the sites in question:
1/
If this is not a cable link, then your line could be suffering a high S/N ratio or other quality issue and is simply dropping out.

2/
Are there any firewall or blocker settings in your router? Unlikely but worth asking?

0

hmmm ...

That Proxy 80.58.205.61 is www.ripe.net.

Thought you'd want to know. I don't know what to make of it.

Ok, that makes some sense. The IP address does show up in my LAN settings for internet explorer, but the box that activates the proxy server is unchecked. To be safe, I blanked out the proxy ip address and saved.

0

So your problem's gone away? If so, please mark this tjread as SOLVED.

No, unfortunately. Wiping out the proxy server in that field hasn't changed the issue (the check box saying the use the proxy server wasn't checked). I still can't get to certain sites on either IE or firefox. Thanks for the suggestion though!

0

Is it an ADSL link or a cable link?

Can your router display the S/N ration and the Loop Attenuation so we can see whether or not there is an ADSL line problem?

My ADSL line is 1Mb (the cable link is 20Mb) - ADSL sometimes displays this symptom and eventually the router can re-establish a meaningful data path.

0

Is it an ADSL link or a cable link?

Can your router display the S/N ration and the Loop Attenuation so we can see whether or not there is an ADSL line problem?

My ADSL line is 1Mb (the cable link is 20Mb) - ADSL sometimes displays this symptom and eventually the router can re-establish a meaningful data path.

T1 at work and cable modem at home, same symptoms at both locations.

0

T1 at work and cable modem at home, same symptoms at both locations.

Bit by bit we're winkling important stuff out of you that we should have known up front.

So this is the deduced situation and some associated questions:

1 You have a laptop that moves between two locations (work & home).

2 The problem occurs at both locations

3 Are these wireless or wired connexions?

4 You've scanned for malware - what was the result?

WHAT CAN WE CONCLUDE SO FAR?

A The common factor is your laptop. You've obviously come to that conclusion too.

B Because the WANs are different, this is out of the equation

C Network & Internet Settings are a possible problem

D The Networking hardware is not functioning optimally

E If it's a wired network connexion and you're using the same cable, it could be dodgy (unlikely)

F You didn't mention the scan results. If something was found, I'll bet it is still there having corrupted a Windows process because the HJT looks clean.

We await your answers.

0

Bit by bit we're winkling important stuff out of you that we should have known up front.

So this is the deduced situation and some associated questions:

1 You have a laptop that moves between two locations (work & home).

2 The problem occurs at both locations

3 Are these wireless or wired connexions?

4 You've scanned for malware - what was the result?

WHAT CAN WE CONCLUDE SO FAR?

A The common factor is your laptop. You've obviously come to that conclusion too.

B Because the WANs are different, this is out of the equation

C Network & Internet Settings are a possible problem

D The Networking hardware is not functioning optimally

E If it's a wired network connexion and you're using the same cable, it could be dodgy (unlikely)

F You didn't mention the scan results. If something was found, I'll bet it is still there having corrupted a Windows process because the HJT looks clean.

We await your answers.

Thanks for continuing to help me with this. I definitely think it's something with my laptop. At home I use primarily wireless connection and at work I use mixture of wired and wireless, with no change in behavior switching back and forth.

The scan results show nothing out of the ordinary, only medium level warnings about tracking cookies and such, though I must be honest I don't really know much about what's on those reports.

What you mention about networking hardware or configuration may be it. Right this second, I am connected via a Sprint cellular card from work and I can get to all the sites I'm usually locked out of, just fine. So it seems like it must be a problem with my networking, but I'm not sure what steps to take now.

0

.....What you mention about networking hardware or configuration may be it. Right this second, I am connected via a Sprint cellular card from work and I can get to all the sites I'm usually locked out of, just fine. So it seems like it must be a problem with my networking, but I'm not sure what steps to take now.

If the cellular card works, then we can rule out IE settings. Wouldn't you agree?

Because you're experiencing the problem with both wireless and wired connexions, I'd have thought that your network settings on each card aren't the problem either unless they have a common setting in error. You have got the network devices configured to obyain IP addresses automaticlly, yes? And TCP/IP filtyering is either no enabled or set to Permit All?

Are we looking at a firewall problem? What happens when you turn the Firewall off?

Could there be something wrong with your TCP/IP settings or driver? You could try uninstalling (prolly won't let you) and re-installing the TCP/IP functions in Local Area Connection Properties or Wireless Properties, Advanced tab.

Hmmm....

0

If the cellular card works, then we can rule out IE settings. Wouldn't you agree?

Because you're experiencing the problem with both wireless and wired connexions, I'd have thought that your network settings on each card aren't the problem either unless they have a common setting in error. You have got the network devices configured to obyain IP addresses automaticlly, yes? And TCP/IP filtyering is either no enabled or set to Permit All?

Are we looking at a firewall problem? What happens when you turn the Firewall off?

Could there be something wrong with your TCP/IP settings or driver? You could try uninstalling (prolly won't let you) and re-installing the TCP/IP functions in Local Area Connection Properties or Wireless Properties, Advanced tab.

Hmmm....

Yes, it is set up to obtain IP dynamically and TCP/IP filtering is turned off.

I'm not aware of any firewall that is running on the computer is there one running?

0

.....I'm not aware of any firewall that is running on the computer is there one running?

O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\RSDP\blackd.exe

This is a firewall, isn't it?

Any chance you could temporarily disable this and see what happens?

If it doesn't help things, try stopping its sister application RAPAPP.EXE. They should both be prevented at startup.

0

O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\RSDP\blackd.exe

This is a firewall, isn't it?

Any chance you could temporarily disable this and see what happens?

If it doesn't help things, try stopping its sister application RAPAPP.EXE. They should both be prevented at startup.

So there is a firewall running (I had no idea) in the background for when I VPN into my company network. When I turn the service off I can get to the websites. When I turn it back on, I can't get to the websites.

I'll try to have someone reinstall the firewall software. Thanks for your help!

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.