Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Programs accessing online connection terminate abruptly


  • Please log in to reply

#1
Temujinjr

Temujinjr

    Member

  • Member
  • PipPip
  • 18 posts
I attempted to solve this problem, which I deemed to be a virus or such, though the maleware forum and I have been referred to this forum. See -
Maleware Link

Problem Description: I am unable to utilize any program that attempts to access the internet: I.E., Firefox, WoW, all programs utilizing an updater, network ping, etc. Norton Anti-V programs will not re-install. Anti-V programs launching during start-up are being terminated.

Error Messages: The most common is the werfault.exe errors followed by another error stating the program is being shutdown.

Desired Solution: Anything short of a complete system restore

Additional Information: All other programs and utilities are working properly

I hope someone can assist me in resolving this conflict.

Edited by Temujinjr, 30 December 2008 - 10:50 AM.

  • 0

Advertisements


#2
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
First of all, I can see, you're running Avast, but you still have Norton's leftovers.
Run Norton Removal Tool: http://service1.syma...005033108162039
Restart computer.
  • 0

#3
Temujinjr

Temujinjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Norton uninstall utility - I downloaded and ran the installer for Norton - it failed immediately with the same errors. Renaming it did not work either. I was able to remove two of the three components using add remove programs.

I noticed on the security tab of Firefox that there was an unknown user, list as a bunch of numbers, with special permissions. It had inherited permissions which I was not able to remove directly. I eventually just unistalled Firefox.

System is working the same as before. All applications run without error except those seeking to use the network adapter to gain access to the internet.

Please advise.
  • 0

#4
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
Did you try to reinstall network adapter driver (any errors in Device Manager?)?
Also, your network card may be failing. New one - $15.
  • 0

#5
Temujinjr

Temujinjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Did you try to reinstall network adapter driver (any errors in Device Manager?)?
Also, your network card may be failing. New one - $15.



Yes, I removed the driver on the network adapter and windows updated it with a new one when it rebooted. I seem to have an established network connection from my adapter to my router; one that windows recognizes as an established network connection at least. When the adapter is not enabled the problem still exists.

I swapped out my wireless network card in case that was the cause; still same result. I also connected directly to the modem bypassing the router, same result. I have four other computers sharing the same connection and they are all fine.

This seems to be a problem with the OS itself, either a config or sys file is corrupted or something I have never seen before.
  • 0

#6
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
First of all, I wouldn't rely on Windows update to reinstall your card driver. I'd rather go to the manufacturer site, or your computer maker site, if the card came with the computer. So, you may want to re-try.
If that fails, try some basic troubleshooting:

Turn off computer. Disconnect router, and modem from power source for 30 seconds.
Power them back on.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK.

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew


Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK.

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.


If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia...inSockFix.shtml
Restart computer, and check again.
  • 0

#7
Temujinjr

Temujinjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
All the above failed to solve the problem, which seems to be centered around the windows applications themselves and not the connection, I've always had a network connection. I am connected to my LAN and then to the Internet. I cannot ping the other LAN systems or utilize any application that attempts to do so using either the Ethernet adapter or the wireless adapter. All attempts to use the established network connection fails closing abruptly with werfault.exe and windows closing application system errors.

If my connection was the issue wouldn't the applications launch and then show an error saying they were unable to retrieve update or show the browser opened with a page not found error? What would cause all the applicatons from executing once they attempt to connect? Why can't this be an easy fix... sigh

Running the Winsock program resulted in the following errors:
Registry import information not found
werfault.exe
Run-time error '53: File not found

It said that it had finished the repairs, my connection was reset, I rebooted and same issues. Hope you can still help me.
  • 0

#8
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
Did you check Event Viewer for more details?

Also...
1. Go Start>Run ("Start Search" in Vista), type in:
sfc /scannow
Click OK (hit Enter in Vista).
Have Windows CD/DVD handy.
If System File Checker (sfc) will find any errors, it may ask you for the CD/DVD.
If sfc won't find any errors in Windows XP, it'll simply quit, without any message.
In Vista you will receive the following message: "Windows resource protection did not find any integrity violations".

Navigate to C:\Windows\Logs\CBS folder. You'll see CBS.log file.
Usually, it's pretty big file, so upload it here: http://www.uploadbigfiles.net/, and post download link.

2. Download, and install WhoCrashed: http://www.resplende...rashedSetup.exe
Open it, click Analyze button.
The program will create report
Copy, and paste it into your next reply.

3. In Windows Explorer, navigate to C:\Windows\Minidump folder.
Do you have any .dmp files there?
  • 0

#9
Temujinjr

Temujinjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Event Viewer

Windows Logs/Applications

Faulting application iexplore.exe, version 7.0.6001.18000, time stamp 0x47918f11, faulting module CPAdvisor.dll, version 2.6.1.15, time stamp 0x47bea109, exception code 0xc0000409, fault offset 0x0004ef89, process id 0x978, application start time 0x01c96c2be63ece98.

Faulting application iexplore.exe, version 7.0.6001.18000, time stamp 0x47918f11, faulting module CPAdvisor.dll, version 2.6.1.15, time stamp 0x47bea109, exception code 0xc0000409, fault offset 0x0004ef89, process id 0x3f4, application start time 0x01c96c2be13bc978.

Faulting application wermgr.exe, version 6.0.6001.18000, time stamp 0x47918ca1, faulting module CPAdvisor.dll, version 2.6.1.15, time stamp 0x47bea109, exception code 0xc0000409, fault offset 0x0004ef89, process id 0x4a8, application start time 0x01c96c2bb08af178.

Faulting application wermgr.exe, version 6.0.6001.18000, time stamp 0x47918ca1, faulting module CPAdvisor.dll, version 2.6.1.15, time stamp 0x47bea109, exception code 0xc0000409, fault offset 0x0004ef89, process id 0xb48, application start time 0x01c96c2b9c1d4498

Faulting application wmpnetwk.exe, version 11.0.6001.7000, time stamp 0x47919370, faulting module CPAdvisor.dll, version 2.6.1.15, time stamp 0x47bea109, exception code 0xc0000409, fault offset 0x0004ef89, process id 0xe20, application start time 0x01c96c2b994c03f8.

Faulting application wermgr.exe, version 6.0.6001.18000, time stamp 0x47918ca1, faulting module CPAdvisor.dll, version 2.6.1.15, time stamp 0x47bea109, exception code 0xc0000409, fault offset 0x0004ef89, process id 0xf2c, application start time 0x01c96c2b786d28d8.

Windows Logs/System

BROWSER EVENT - The browser has forced an election on network \Device\NetBT_Tcpip_{2962E22E-4173-4155-9FF0-7C0E7153EE14} because a master browser was stopped.

HTTP EVENT - Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

SCF SCANNOW

No results found

CBS FILE

Download
http://www.uploadbig...file=978CBS.log

Remove
http://www.uploadbig...p...234&ignore=

WHOCRASHED

Had to download winDbg file. Installed program and ran analyzer. Results:

On Tue 2008-12-23 03:22:35 your computer crashed
This was likely caused by the following module: catchme.sys
Bugcheck code: 0x50 (0xE900009C, 0x0, 0x9E04C944, 0x2)
Error: PAGE_FAULT_IN_NONPAGED_AREA
This file could not be located on your computer, we suggest that you search on it with Google.
Click here to do a Google search on catchme.sys


Minidump

Yes. One file mini122208-01.dmp 137k


Next Steps??
  • 0

#10
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
Well, we have a lot to investigate.
1. CPAdvisor.dll comes with products from ContentWatch: http://www.contentwatch.com/, like Net Nanny, or ContentProtect Professional. Do you have any of those installed?
2. PAGE_FAULT_IN_NONPAGED_AREA error usually indicates bad RAM, but we have also catchme.sys here involved, which may be a keylogger, or a part of legit Combofix.
Search your computer for catchme.sys, and post its location.
I don't see, Combofix was run in your malware thread. Did you run it yourself? If so, was it ever removed from your computer?
3. Upload mini122208-01.dmp to http://www.uploadbigfiles.net/. Post download link.

You work on the above, and I'll check your CBS file.

Edited by Broni, 01 January 2009 - 04:27 PM.

  • 0

Advertisements


#11
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
Regarding CBS file...
1. Most errors come from SP1 (KB936330) installation. Was SP1 ever successfully installed?
There are also references to Vista ver. 6.0.6000.16386, which is RTM version, pre-final version (6.0.600.18000). Have you ever had RTM version installed?
2. There are also a few errors regarding iissetup.exe file. I'm not sure, if it matters, so we can leave it alone, for now.
  • 0

#12
Temujinjr

Temujinjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
CPAdvisor.dll

Yes I have Netnanny installed on all but this machine. I removed it from the PC having the issue and the applications attempting to access the connection to the internet was instantly restored. Netnanny prevents any user from utilizing the internet connection unless he/she enters in a username/password first. A pop-up normally launches requesting the information. (During a Norton update it normally requires entering a password for each update step). However the pop-up was being suppressed and the application seemed to be working correctly.

This could very well be the entire resolution, I am doing further testing to validate all program installs, like Norton 2009 Internet Suite, are responding normally. I will need to reinstall Netnanny, however a newer version is out which might assist in ensuring this doesnt happen again.

Catchme.sys

Yes, I removed it as part of the cleanup process prior to posting this log. The file cannot be found on the system.

Mini.dmp

Your download link

http://www.uploadbig...ni122208-01.dmp


Your delete link

http://www.uploadbig...p...482&ignore=


Please remember the above links..

Thanks for your continually assistance, I will keep you 'posted' :)

Edited by Temujinjr, 01 January 2009 - 05:30 PM.

  • 0

#13
Temujinjr

Temujinjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Regarding CBS file...
1. Most errors come from SP1 (KB936330) installation. Was SP1 ever successfully installed?
There are also references to Vista ver. 6.0.6000.16386, which is RTM version, pre-final version (6.0.600.18000). Have you ever had RTM version installed?
2. There are also a few errors regarding iissetup.exe file. I'm not sure, if it matters, so we can leave it alone, for now.


SP1 - It looks like it was installed on 7/06/08.

The HP computer came from Best Buy. It was purchased in the early phases of Vista release probably early 07. Vista is the OEM version. I do not know what RTM means.
  • 0

#14
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
Before I comment on other things....stay away from Norton, or you'll be asking for more problems.
  • 0

#15
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
First of all, I'm glad, your programs are operable again :)

Minidump reports same problem - catchme.sys file. The report is from 12/22/08, however, so the file is most likely gone, as you said.

Edited by Broni, 01 January 2009 - 05:53 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP