moshy
2008-06-09, 10:38
intermitent internet:isp?nic?router?cat 5?software?maleware?greyware?zonealarm?virus?
hello i am new to using HJT and do not have a copy of my os disk as this system was bought used from a pc store .with a fresh install of xp sp3
i would rathere have guidance then folly and 20/20 hindsight ,10/10 foresight is much prefered.
(dedicated user of spybot S&D since 1998/99 or ver 1.2)
i have approxmiatly 8 yrs of personal network and computer metinence experince of several different systems and operating systems 95,98,me,xp ;compaq,gateway,dell,hp,personal builds
i have done a preboot scan with advanced detections using spybot and cleared all things i know to be bad or melishious and googeled those that i didnt. ran a full booted os scan cleared all cookies ~ java aplets, bho's
cleared all offline content ,uninstalled all old unused unwanted softwares
i am curently running free zone alarm version 7.0.473.000 behind a linksis router set up as a gateway with a cloned mac id dhcp over mediacom isp 10 down 1.5 up testeted 8 Mbyte/s down 900kbyte/s up .
i have released and renewed my router,my surfboard,my comp ;repair conection dose not fix the problem however logging of the defualt admin profile and back on corects my isue with lack of internet conection, conection tested thru several games and IE. "no conection"<<it is an intermitent problem and has only started since i started using my router again witch had been in the garage for 3+ years due to not needing it [havnt checked for updated firmware since 2002] yes it is password secured from a fresh reset before internet accses was applied to the wan
now the funny part of all this is even with out the router in line i still have the intermitent conection (note i have internet phone on the same ip account with a seperate box defualted into my internet surfboard) in explination the phone is still working! and goes thru the same node on the same channel as dose the internet."still fighting with mediacom about that one"
right about now your probly thinking i am having colisions on my router right ?
i am the only one pluged into it so there shouldnt be many colisions unless it is a deliberate outsider attack.
something of note is that both my router and surfboard are considerably hoter then thy have ever been in the past .
especialy since thy are not inclosed but are sitting in a well ventilated area
i replaced both of my cat 5 cabels with new out the package ones as the old ones where well old and tatered starting to turn green and oxidise inside the clips.
i have heard rumors of heat related problems on thease network boxes in the past but letting them cool off with no power dose not restore inernet as definded in those articels
in summary iv done what i know to do and still have internet conectivity problem. heres my HJT logs for your review as i dont know much about the registry its a taboo for me . if i even open the regestry editor i plan on reformating the next day since bad things have always happened when i have done so in the past.
i have not applyed any HJT fixes "limited knowledge"
i have not virus scaned "checking out HJT first"
please review HJT log and send any suspisous entries to my email address regestered with this account
"xpnetdiag.exe" AKA :network diagnostic
Last diagnostic run time: 06/09/08 03:06:47 HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity
info HTTP: Successfully connected to www.microsoft.com.
info HTTPS: Successfully connected to www.microsoft.com.
info FTP (Passive): Successfully connected to ftp.microsoft.com.
last time i had conectivity isues i ran this from the default no conection page and had all kinds of errors. it also took a very long time to run ended up killing the test thinking it was hung afte 30 minets and still wasnt done testing
it was the previous boot/logon logoff.
:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:00 AM, on 6/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212096181203
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 3227 bytes
thank you very much for taking the time to review my HJT log
could you refresh my memory what is the ms-dos command for checking the status of open closed inuse ports? i keep thinking netbios but its been so long or was it netstat ~shrugs~ & ~waves~ thank yah
hello i am new to using HJT and do not have a copy of my os disk as this system was bought used from a pc store .with a fresh install of xp sp3
i would rathere have guidance then folly and 20/20 hindsight ,10/10 foresight is much prefered.
(dedicated user of spybot S&D since 1998/99 or ver 1.2)
i have approxmiatly 8 yrs of personal network and computer metinence experince of several different systems and operating systems 95,98,me,xp ;compaq,gateway,dell,hp,personal builds
i have done a preboot scan with advanced detections using spybot and cleared all things i know to be bad or melishious and googeled those that i didnt. ran a full booted os scan cleared all cookies ~ java aplets, bho's
cleared all offline content ,uninstalled all old unused unwanted softwares
i am curently running free zone alarm version 7.0.473.000 behind a linksis router set up as a gateway with a cloned mac id dhcp over mediacom isp 10 down 1.5 up testeted 8 Mbyte/s down 900kbyte/s up .
i have released and renewed my router,my surfboard,my comp ;repair conection dose not fix the problem however logging of the defualt admin profile and back on corects my isue with lack of internet conection, conection tested thru several games and IE. "no conection"<<it is an intermitent problem and has only started since i started using my router again witch had been in the garage for 3+ years due to not needing it [havnt checked for updated firmware since 2002] yes it is password secured from a fresh reset before internet accses was applied to the wan
now the funny part of all this is even with out the router in line i still have the intermitent conection (note i have internet phone on the same ip account with a seperate box defualted into my internet surfboard) in explination the phone is still working! and goes thru the same node on the same channel as dose the internet."still fighting with mediacom about that one"
right about now your probly thinking i am having colisions on my router right ?
i am the only one pluged into it so there shouldnt be many colisions unless it is a deliberate outsider attack.
something of note is that both my router and surfboard are considerably hoter then thy have ever been in the past .
especialy since thy are not inclosed but are sitting in a well ventilated area
i replaced both of my cat 5 cabels with new out the package ones as the old ones where well old and tatered starting to turn green and oxidise inside the clips.
i have heard rumors of heat related problems on thease network boxes in the past but letting them cool off with no power dose not restore inernet as definded in those articels
in summary iv done what i know to do and still have internet conectivity problem. heres my HJT logs for your review as i dont know much about the registry its a taboo for me . if i even open the regestry editor i plan on reformating the next day since bad things have always happened when i have done so in the past.
i have not applyed any HJT fixes "limited knowledge"
i have not virus scaned "checking out HJT first"
please review HJT log and send any suspisous entries to my email address regestered with this account
"xpnetdiag.exe" AKA :network diagnostic
Last diagnostic run time: 06/09/08 03:06:47 HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity
info HTTP: Successfully connected to www.microsoft.com.
info HTTPS: Successfully connected to www.microsoft.com.
info FTP (Passive): Successfully connected to ftp.microsoft.com.
last time i had conectivity isues i ran this from the default no conection page and had all kinds of errors. it also took a very long time to run ended up killing the test thinking it was hung afte 30 minets and still wasnt done testing
it was the previous boot/logon logoff.
:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:00 AM, on 6/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212096181203
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 3227 bytes
thank you very much for taking the time to review my HJT log
could you refresh my memory what is the ms-dos command for checking the status of open closed inuse ports? i keep thinking netbios but its been so long or was it netstat ~shrugs~ & ~waves~ thank yah