Can someone help with my connection problems?

manveruppd · 8 Aug 2011 at 11:02

Last night my desktop lost the ability to log in to certain websites: Gmail and Facebook result in redirect loops, and MSN doesn't connect at all. I tried Chrome, IE, FF and Opera, and I can't connect with any of them. My notebook, otoh, on the same network can connect to everything just fine.

Remedies I tried include clearing all cookies and cache (several times), uninstalling and reinstalling Chrome, rebooting, switching my modem on and off, but nothing worked. Ran scans with Avira and Spybot and they say I've got nothing dodgy on my computer at all. I'm completely stumped!

3dcandy · 8 Aug 2011 at 11:49

something has put a proxy on your computer? Check IE settings for a proxy server...

manveruppd · 8 Aug 2011 at 12:24

Nope, the "Use a proxy server for your LAN" box is definitely unchecked! :confused:

steven_belfast · 8 Aug 2011 at 12:30

Sounds more like a browser hijack,
Try scanning with HiJackThis

See how you get on with this.

manveruppd · 8 Aug 2011 at 12:59

Yeah, I did suspect it was some kind of malware, that's why I ran both Spybot S&D and AntiVir, neither of which found anything. Currently running an Ad-Aware scan too just to be sure.

How would Hijackthis help me find it? It just outputs a massive list of things. I looked through it carefully but nothing seems suspicious, all the running processses I see on there I recognise. There MIGHT be something dodgy on that list, but a lot of malware name themselves after common system processes so how would I recognise them?

UPDATE: nothing came up on AdAware's scan either! :confused:

edscdk · 8 Aug 2011 at 13:15

boot safe mode and run

tdskiller or it might be tdkiller from kaspersky

then from bleeping computers run combofix.exe

if they dont run you definatly have a virus, but they should run and clean it... if one fails to run the other porbably will run and fix the issue...

manveruppd · 8 Aug 2011 at 13:41

TDSSKILLER listed a driver called SPDT.SYS as "suspicious". Various websites have confirmed that this is a valid system file though, so I'm guessing it's a false positive right?

It didn't find anything else, so should I run combofix anyway?

Thing is you see, I'm not convinced it's malware because it doesn't ACT like malware - the redirect loops on gmail and facebook lead straight back to the gmail and facebook login screens, not to somewhere else!

ChrisD. · 8 Aug 2011 at 13:42

Can you connect via IP?

manveruppd · 8 Aug 2011 at 13:46

Not sure I understand what you mean, but if it's what I think then the problem isn't actually connecting, I can reach GMail's servers just fine, it just won't get past the login screen! Logging in results in an error page saying "the page caused too many redirects".

I am certain I can actually reach Gmail's servers because the Gmail notifier on the same machine still pops up a notification when I get a new email.

EDIT: logging into Facebook doesn't result in an error screen, it just sends me back to fb's login screen. Yet strangely, other pages don't create that problem - I can log into these forums just fine!

Wonder if it's only an issue with HTTPS pages... I thought about trying to log into Paypal to check, but if I DO have a keylogger or something on here I really dodn't want it to nick my Paypal password!

UKDTweak · 8 Aug 2011 at 13:55

Have you checked your Host file to see if there are any abnormal entries...?

ChrisD. · 8 Aug 2011 at 13:59

Oh ignore the IP question, I misread the OP.

manveruppd · 8 Aug 2011 at 14:04

Nothing in my HOSTS file. This is its sole contents:

127.0.0.1 localhost

Is it meant to have anything more in it?

By the way, I did run Combofix in the end, and it rebooted while I wasn't looking (I was spinning my powerball

) and it booted into normal mode rather than safe mode... I hope that didn't screw up its scan! Currently waiting for it to finish its log.

manveruppd · 8 Aug 2011 at 14:24

Right, Combofix doesn't seem to have done anything. I'm still experiencing connection problems. I quote the first few lines of Combofix's log here, see if anyone sees something suspicious, though to me there doesn't seem to be anything that grabs attention:

ComboFix 11-08-07.03 - M. Papadopoulos 08/11/2011 13:47:30.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3326.2775 [GMT 0:00]
Running from: c:\documents and settings\M. Papadopoulos\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\M. Papadopoulos\Application Data\.#
c:\documents and settings\M. Papadopoulos\Application Data\.#\MBX@FE0@3841A8.###
c:\documents and settings\M. Papadopoulos\Application Data\.#\MBX@FE0@3841D8.###
c:\documents and settings\M. Papadopoulos\Application Data\.#\MBX@FE0@384208.###
c:\documents and settings\M. Papadopoulos\Application Data\AD ON Multimedia
c:\documents and settings\M. Papadopoulos\Application Data\AD ON Multimedia\eBay Shortcuts\config.ini
c:\documents and settings\M. Papadopoulos\WINDOWS
C:\install.exe
c:\program files\INSTALL.LOG
c:\program files\update.exe
c:\windows\system32\pthreadVC.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 12:59 . 2011-11-08 12:59 388096 ----a-r- c:\documents and settings\M. Papadopoulos\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 14:23 . 2008-02-14 14:23 231944 ----a-w- c:\program files\gwflash.exe
2007-09-21 19:42 . 2007-09-21 19:42 19008 ----a-w- c:\program files\markfun.a64
2007-08-21 19:49 . 2007-08-21 19:49 125504 ----a-w- c:\program files\MarkFunDrv.dll
2007-08-21 19:49 . 2007-08-21 19:49 17912 ----a-w- c:\program files\markfun.w32
2007-03-02 04:48 . 2007-03-02 04:48 240448 ----a-w- c:\program files\gwf32.exe
2006-11-23 23:47 . 2006-11-23 23:47 207680 ----a-w- c:\program files\BIOS_Run.exe
2006-11-23 23:40 . 2006-11-23 23:40 60224 ----a-w- c:\program files\HUADRV.DLL
2005-04-27 19:40 . 2005-04-27 19:40 6800 ----a-w- c:\program files\W95_HUA.vxd
2009-04-29 14:13 . 2009-04-29 14:13 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 11:36 . 2010-04-08 11:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2009-04-29 14:13 . 2009-04-29 14:13 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll
2010-04-08 11:36 . 2010-04-08 11:36 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll
2011-03-22 16:06 . 2011-03-22 16:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-01-20 17:03 . 2008-01-25 12:52 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(Ignore where it says AdAware and Avira were active, I did disable their live protection right before the scan, but Combofix insisted they were still running)

ALSO, I followed the instructions here based on the error code MSN was spitting out when I try to connect, but they didn't help either.

3dcandy · 8 Aug 2011 at 14:44

could have course be an isp problem...virgin is having problems last couple of days

manveruppd · 8 Aug 2011 at 15:00

That was my first thought, but the laptop is working fine! :confused:

OK, small update, achieved a bit of progress:

1. Googling for the exact error code I got on the redirect error page when trying to load Gmail (error 310), I discovered that the error is commonly caused by having the wrong system date on your PC. I checked, and indeed my PC thought it was November! (No idea why, it was fine last night) I set it to the correct date, and tried to load Gmail again - it still caused a redirect error! :mad:

2. HOWEVER, Windows Live Messenger DID start working again after I did that! So I figured I was on the right track. I followed more suggestions in the Error 310 thread (most of which was stuff I had already done, like clearing cache and cookies etc, but I did them again anyway for good measure) but none of them worked.

3. One of the suggestions was to use an HTTPS link to access Gmail. I followed it, but still got a redirect loop. I scoured through Chrome's settings and noticed that the "Check for server certificate revocation" box was checked - I hadn't unchecked this earlier, cause I thought you handled CHrome's security through IE's Internet Settings menu (same as you handle proxy connections). I unchecked it and try again: Gmail loads! Via https only, and facebook still doesn't. Additionally, now I get a redirect error when trying to load the Overclockers forums!!

I google the exact error code and follow the suggestion to turn off browser prediction. I do that, and OCUK loaded again, at which point I proceeded to post this update!

What the **** is going on here???