Network fine, IE fine, FF not working

[Moreta]

Right, Miz sent me here since she thinks whatever this place solves may be what is causing my problem

My Problem
This computer is about a month and a half old, so its not had much time to accumulate too much junk (though saying that, its not clutter free either). I've had Windows Live Messenger on here since I first got it and it worked quite happily up until about three days ago when it suddenly stopped signing in. The little green men just spin round and round forever and ever. However, bizarrely, if I log onto a different profile on Windows, Messenger logs in quite happily. To my knowlege there is no fix for this problem. Apparently its some weird bug with WLM (this is according to my brother, he had the same problem and researched it far more thoroughly than I have).

So rather than worry about trying to fix WLM on my original profile, I just created a new profile, intending to use that from now on. To my dismay I discovered on this new profile that WLM worked happily but my internet didn't. Neither IE nor FF could load anything. I started up Myth War and its open news page doesnt work but it logs on to the game quite happily. I posted up a request for help and Miz directed me to the Winsock XP Fix. After downloading this, running it and rebooting IE started working on my new profile. However FF still is unable to load anything and the start up news page on Myth War shows nothing as well.

I checked Windows Firewall to make sure that wasn't causing issues and its all set up fine. My university network apparently provided me with a spyware program when I installed stuff for the network but I haven't seen hide nor hair of it, unless its actually incorporated in McAfee which they also provide, and I dont think it is. For that reason, I thought I should try Ad-Aware and Spybot before I came in here. Having downloaded both I've now discovered I cant update their file things, so Ad-Aware is running on a database for May 2005 and SpyBot won't even let me run it because it has nothing at all. Ad-Aware did find a few things and I dutifully deleted them, restarted my computer and ran it again. It found two more things which I've deleted. Each time Ad-Aware has run, McAfee has found two trojans.

That is as far as I can get by myself, so I've done this Hijack thing.



HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 01:57:44, on 17/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1158194414\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Daemon Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://wwwcache.bris.ac.uk/autoconfig
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http://wwwcache.bris.ac.uk:8080
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158194414\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-GB ee://aol/imApp
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE




Thanks in advance for your help, I can already tell from looking around this forum that what you are doing here is an extremely time consuming job. I can tell you in advance that I truely appreciate all your hard work and time


~Morry

[AnnMarie]

Hi Morry, there is no evidence of any malware in your log. Try uninstalling all the programs you are having problems with. Reboot, obtain a fresh download and reinstall them, reboot again.

Do you still have problems?

[Moreta]

Right, Iv just uninstalled FF, rebooted and reinstalled it and all that stuff. It still works on my original user, but not on this new one.

However, I did notice something today, since FF is set as my default browser, when I click on links from my email program it opens in FF and loads the page quite happily. If you follow links from that page it will work quite happily. However, the moment you try to use a favourite or type in a new address it will sit as a white background and then eventually time out.

Do you want this to remain here, or do you want me to copy this post over to my original thread in the XP board?

~Morry

[AnnMarie]

Hi Morry. I am not really sure what the problem is but it bothers me a bit that you cannot update Ad-Aware and Spybot.

Download the trial version of AVG Anti-Spyware from here to your Desktop and doubleclick on the executable to install it.

Launch AVG Anti-Spyware (there should be an icon on your desktop doubleclick it). The program will now go to the main screen. You will need to update AVG Anti-Spyware to the latest definition files.

On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. Do not run a scan yet.

When you have done this, boot into Safe Mode (see here for help if you need it).

Run AVG Anti-Spyware now. Click Scanner, then click on the Scan tab. Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine. Then click Apply all actions. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close AVG Anti-Spyware.

Reboot and post your AVG Anti-Spyware report.

I would also like to see another type of log please. Go here and download Silent Runners.vbs to a new folder on your Desktop (Clicking the the download link works if you use IE. If you use FireFox, rightclick on the link and choose "Save Link As") and run it. It generates a log too. It takes a minute or two and it will notify you with a popup when your log is ready (make sure you wait for the popups please) Please post the information back in this thread too (you may need to make a couple of posts). If your antivirus program queries the script, allow it to run. It's not malicious.

[Moreta]

I cant download the updates for AVG either. It cant connect to the server, just like Spy-Bot and Ad-Aware. Do you want me to do the rest of the stuff in your post or....?

~Morry

[Moreta]

Wow I feel like a fool, I believe I've just located the problem. Our university has some proxy thing (whatever that is) got an email about it today on how to set up FF to work (helpful they've waited this long to tell us).

Only thing now is to work out how to set up the proxy connection on AVG so that I can download the updates.

Sorry to have wasted your time like that and thanks for all the help you've given me

[AnnMarie]

Heh, no problem Moreta and I'm glad that you have sorted things out. I did see the proxy in your logs and was going to ask about that if AVG AS didnt update but you figured it out first.