-
WinXP- ICS probs + more
Hi Guy's
Normaly solve most of my problems with a little reading and head bashing.. But I have problems that have left me baffeled.
Helping a friend fix on going problems after a tech installed a Wirless lan and a p4-2.4 Server (Winxp pro). He has had various ongoing problems from printers not working or accessable from network, clients not found, software failing.. the server is connected to isp via a DLink usb ADSL modem..
about 10 days ago all clients (3 xp and 1 win me) lost internet connection. The server has full and normal access.. Initially all I could find was the usual cydoor/gator crud on the Server.., ran Spybot s&d and Adaware (fully updated), as well as CWShredder, and studdied the HJT list backwards..
ReInstalled ICS, checked the setting, especially the other users controle of connection and made sure (while testing) the firewall was off. no change
re-configured the Network settings - ie ran the network config wizard on each machine.. now that caused problems..
while now we have internet connection from the WinMe machine ..good.. but now we had to reinstall the printers, AND Reset ALL file sharing on the Server.. some shared folders were accessable and some were locked to clients as well 2 of the wirless clients dropped off the network.. they would communicate with each other but not the server or other clients.. Hard wiring these via a Hub fixed that problem.
HAve checked various things even the MTU value, even lowered it to 1200 on the clients..
Oh yeh.. I can Ping a external IP from the clients..
emptied the cache and temp internet..
Any ideas.. please.. oh yes AV definitions uptodate.. server is running PC-Cillen, clients NAV 2003.. defs upto date .. clients manually updated ..and a NAV online scan run on the server..
I suspect either of the following:
Virus/parasite program that I have missed.
A setting in the server from the other tech.. he did have remote access..not now..
I will post the HJT log from the server and client later if that may help..
I gotta get to work
cheers
Server HJT Log
Logfile of HijackThis v1.97.7
Scan saved at 6:31:37 PM, on 29/02/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCCLIENT.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCGUIDE.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\POP3TRAP.EXE
C:\Program Files\Console\Gateway\Gateway.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
E:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bobwadedalby.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken 2004\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken 2004\QWDLLS.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EED82A8E-AFBA-446E-ACF6-5532671A05E2}: NameServer = 203.194.27.57 203.194.56.150
Client HJT LOG:
Logfile of HijackThis v1.97.7
Scan saved at 6:29:58 PM, on 29/02/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CNet Wireless Monitor\WLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CNet Wireless Monitor\WLanCfgG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
E:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xxxdeletedxxx.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
-
sry for the delay.. long day at work.. added the logs to the original post..
cheers
-
?? have I posted in the wrong forum ?? should I put this question under the XP forum?
Other than a corrupted file involved with ICS I am at a loss..
have checked that the firewall isnt blocking the clients..
have considered in stalling a third part proxy, and failing that reinstalling OS..
has no one else encountered probs with ICS?
cheers
-
ICS
Yes lots of folks have problems with it. And why I never tried it either.
I'd sure double check the server settings as the lan ip range could have been changed.
-
Thanks Train,
Yep.. Double checked the IP's as well as the default DNS and Gateway for each of the clients.. the Win ME machine working is the trick .. normally I have the 9x machines not wanting to talk..
I quickly tried Analog X Proxy to see what would happen.. failed..
(made sure ICS was off ) .. didn't test the Me machine though..
Lets see..
Disabled ICS: Restarted machine: Enabled ICS: restarted
checked that "Clients" could controle the connection..
Checked the Clients were on the same Subnet Mask and checked that the Default Gateway was the IP of the server.
Note: I have only tested the system with set IP's I havent tested with DHCP assigned
Tested with Firewalls off and on.. checked firewall logs for signs of trouble..
checked System logs for suspicious errors.. nada
Here is the joke..
been using ICS in my home office now for over 2 years without a problem.. well other than the odd win98 machine complaining.. have had various linux workstations work happily through the setup.. threw a Smoothwall box into the fray (as gateway) at onetime and the 98 machines complained bitterly.. but all others happy..
I get the feeling my friend needs to stay away from technology!
his cars EFI computer is replaced atleast once per year. And the only microwave oven he now owns is a "Ding'er" (clock work timer)
In the meantime I will keep plug'n untill I find a solution..
cheers Glenn
