Lost internet (via IE) / localhost access / ftp ability

By john97
Dec 3, 2009
Topic Status:
Not open for further replies.
  1. I recently lost complete access to the internet, localhost via my browsers and the ability to connect out via ftp. I've been able to "fix" the internet access with firefox, but not IE. I can ping 127.0.0.1, but not local host. In firefox and IE, when I attempt to access localhost page (I'm using IIS) I receive:
    HTTP Error 503. The service is unavailable.
    When I attempt to use ftp, I receive:
    Status: Connection attempt failed with "EAI_FAIL - Nonrecoverable failure in name resolution".
    Error: Could not connect to server
    I've used netsh, but seems to no avail as I can not even locate the log file any place on my pc.
    I've updated IE (7 to 8), my ftp client, but still no fix.
    I'm not very familiar with this, your help would really be appreciated.
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  3. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    Hi Kimsland,
    I've followed your steps, and although the CCleaner did a fabulous job in clearing nearly a Gb of useless files, the process had no apparent effect on my problem, other than now I receive the message with IE8 ... "Internet Explorer cannot display the webpage" and when I use the "diagnose connection problems" button I receive "cannot connect to the web server 'localhost'. The host may be down. Windows found a problem that cannot be repaired automatically. Similiar situation with any other web page with IE.
    I can not ftp. I can still ping 127.0.0.1 but have no response when I ping localhost. Localhost still is not reachable via neither IE nor Firefox. I am able to browse the internet successfully though with Firefox.
    I realize that I keep asking, but any further advice would most certainly be appreciated.
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Hi john97

    Generally we ask all members to go through this guide: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
    As there is really no use trying to repair something when Virus or Malware (that can easily be removed) is present (or not)

    Although I state you really must follow the guide, try this anyhow ;)

    If you have AVG installed, uninstall it, then run the AVG Remover Tool
    Then Restart
    An Antivirus that I recommend is Free Avira Antivirus (but test Internet first)

    Also, try updating your Hosts file: http://mvps.org/winhelp2002/hosts2.htm
    Download; Unzip, run: mvps.bat > then Restart

    One of those may fix the issue too (with any luck ;)
  5. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    Hi Kimsland,
    I've followed your steps, now I'm starting the 8 step process. Regarding step 1 - I've installed Avira - do you recommend I also install one of the firewalls? I'm currently running the windows firewall in vista.
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    No I don't

    Removal of Malware does not require installing a 3rd party firewall
  7. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    I'm working through the 8 steps. At this point I've installed the superantispyware and am attempting to update. I'm receiving this message even though the windows firewall is off :

    "There was an error trying to retreive definitions. Make sure your firewall is not blocking superantispyware.exe from accessing the internet."

    Do you want me to scan without updating, or do you have another way to update?
  8. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  9. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    I've completed the 8 steps. I've attached two malwarebyres files (one before the manual update - the other after). The auto updates still will not function.

    Attached Files:

  10. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    Hi Kimsland,
    Just to update ... the original problems persist.
  11. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Combofix:
    • Download [​IMG]Combofix to your desktop.
    • Disable your Antivirus (as Combofix will remove any found malwares)
    • Double click ComboFix & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here
    Also restart and provide a fresh HJT Scan log
     
  12. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    log files

    I've attached the combofix log file. I can't seem to attached the hjt log and it's too long for this message, so I've included the 1st part here with the 2nd part to follow immediately.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:39:54 PM, on 04/12/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\PDFCreator\PDFCreator.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Fingerprint Reader Suite\psqltray.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\sdclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=3080104
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
  13. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 10149 bytes
  14. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Thanks for that part log :confused:

    Do remember to attach[​IMG] logs though

    Oh and if Ad-Aware is the free version you can uninstall that too
    Along with SUPERAntispyware
  15. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    I sent apost reply with the combofix log attached. ai attempted to attach the hjt log, but kept receiving a message that I had already submitted the file to this thread, even when I renamed the file. I copied and paste the log in the message, but had to do that in two parts as the log file was too large. I sumitted the post with the combofix file attached just seconds before I sent the post with the 2nd part of the hjt log - I don't see that post on my list though. Can you tell me how to attach the hjt file, and I send it immediately.
    Please excuse me for the confusion.
  16. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    Ad-Aware & SAS removed
  17. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Oh I had that issue once

    Just rename the logs to something totally different like "here-it-is.log" or even Zip it up
  18. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    The logs files

    I've zipped the hjt and the combofix log files.
     
  19. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    You stated that Ad-aware and SUPERAntispyware are removed, but they are still in your logs
    You possibly did not restart before creating the HJT log :confused:

    Also you seem to have run Combofix a few times in the past
    The problem is Combofix keeps updating all the time, so can we just make absolutely positive that you are using the right version:

    Un-install Combofix
    • Click START then RUN
    • Now type Combofix /uninstall in the runbox and click OK
    • Any popup errors about Antivirus just ok or close
    Note: 1 space after ComboFix in that uninstall command

    Download Combofix
    • Download [​IMG]Combofix to your desktop.
    • Disable your Antivirus (as Combofix will remove any found malwares)
    • Double click ComboFix & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here
    Also restart and provide a fresh HJT Scan log

    ----------------------

    Also these folders in Bold can be removed:
    C:\found.000
    c:\program files\AVG
    c:\program files\Ad-Aware
    c:\program files\Spyware Doctor (I think this one is uninstalled, anyway I don't like Spyware Doctor that much)
  20. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    I'm feeling real stupid here, but when I select start I don't seem to have a run option. Is there another choice?
  21. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Sorry, I generally refer to "Start > Run" as meaning [​IMG] > Search

    I'm still back in the XP days :D
  22. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    The files

    I've attached new combofix and the hjt logs
  23. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    We are so close now :)

    One more scan, and then uninstall all these tools (not Malwarebytes though ;))
    And clean up, and we're done.

    Please run a GMER Rootkit scan:

    Download GMER's application from here:
    http://www.gmer.net/gmer.zip

    Unzip it and start the GMER.exe
    Click the Rootkit tab and click the Scan button.

    Once done, click the Copy button.
    This will copy the results to your clipboard.
    Paste the results in your next reply.

    Warning ! Please, do not select the "Show all" checkbox during the scan. (else the paste will be thousands of pages long ;))
  24. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    I've attempted to run the gmer multiple times. The most it reaches is just past the iat and begins devices. Then I get the blue screen ... that mentions pxldypog.sys, and my pc reboots.
  25. john97

    john97 Newcomer, in training Topic Starter Posts: 34

    If I run in safe mode, I can see where it stops .... /device/harddiskvolume1 ... and an alert appears that windows has encountered an error an is closing the program (at least not the blue screen - lol)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.