So I've been assigned the task of trying to figure out wtf is wrong with one of our office computers. Basically, it can't connect to the internet. I have tested the ethernet cable with another computer and it connects fine. I ran AVG and it turned up nothing. However, when I restart the computer in Safe Mode, I am able to get onto the internet just fine. Any suggestions?

7/16/2009 1:58:33 PM

did you stick your dick in the computer? that can help

7/16/2009 2:05:59 PM

Quote :

"AVG"

Weak sauce...




My recommendations:

CCleaner - Download and clean off all files/cookies/temp stuff
Malwarebytes - Download and run full scan
Spybot - Download includes as well, Run full scan.
Hijackthis - Create a log and use analyze with http://www.hijackthis.de or similar website

7/16/2009 2:06:54 PM

Quote :

"Hijackthis - Create a log and use analyze with http://www.hijackthis.de or similar website"

recommendation seconded

7/16/2009 2:24:38 PM

I find that backing up important data and reformatting almost always requires less effort than troubleshooting and fixing malware issues.

7/16/2009 6:14:22 PM

well, like I said, it's a work computer so I really don't care too much about it. My boss just gave me a project so i decided to see what I could work out. I left before the spybot scan finished, so I will update tomorrow.

7/16/2009 7:12:39 PM

copy all the shit you need keep to a server somewhere

format the damn thing

reinstall windows

copy the shit back over

..

enjoy a machine in much better order than it would have been no matter what else you did within reason

7/16/2009 11:43:42 PM

like i said, it's a work computer.

and these motherfuckers don't pay me enough to be an IT guy.

7/17/2009 5:51:06 PM

Here is the log file from hijackthis if anyone wants to give me a suggestion:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:51 PM, on 7/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 1.28.356
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: rncsys32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clearwire.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9606f175b1010) (gupdate1c9606f175b1010) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: websrvx - Unknown owner - C:\Program Files\websrvx\websrvx.exe

--
End of file - 4563 bytes

7/17/2009 6:48:21 PM

Looks like your problem is the last file of that log, C:\Program Files\websrvx\websrvx.exe, 86 that shit.

7/17/2009 6:51:42 PM

^ tried to, but hijackthis won't delete it. I am currently in Safe Mode without networking

7/17/2009 7:09:07 PM

http://www.bleepingcomputer.com/tutorials/tutorial101.html#remove

7/17/2009 7:57:15 PM

If you want to fix it, just do what ScHpEnXeL said.

7/17/2009 9:36:14 PM

and you could have already completed what i said to do. i said to do that since you aren't an IT guy.. it's easy, quick and effective.

7/17/2009 10:37:11 PM

I agree and don't agree. Starting from scratch can take just as long depending on the software, settings, and critical updates that need reinstalling. It's especially full of headaches when the person/business realizes they don't keep good records of software and/or their licenses. The reality is that it'll be a big hassle either way. Pick your poison.

But, that's just me. I'm patient. I like to exhaust all my resources before I format. Not to say that I've never 86'd a system.



BTTT... In terms of practical advice, TURN OFF SYSTEM RESTORE, then do all your scans again (malwarebytes,spybot,ccleaner, & hijackthis).

[Edited on July 17, 2009 at 11:16 PM. Reason : added a tip]

7/17/2009 11:11:15 PM

depending on the system it's sometimes possible to do a restore in about 10 minutes on machines with the built in restoration partitions. even if it takes hours most of the time is spent just looking at the screen while it's copying shit around so he could be doing something else more productive.

7/18/2009 12:02:32 AM

Well it's a common computer so there aren't any important files on it. I think I will just do a full restore on Monday. The only thing we really use it for is Google Earth, since it's hooked up to a 27" HD TV in our lobby.

7/18/2009 8:20:32 AM

rncsys32.exe = virus.

7/18/2009 10:32:39 AM

^ i got rid of that one with no problems

7/18/2009 6:57:14 PM