Lose access to Internet but i remain conected

[dafttemplar]

I have had a read of the alot of forums including this one and noticed a few people having similar issues however no solid solutions have been offered.
Many claim the problem relates to malware but i see no evidence of that.

The Situation.
I have recently moved into a new place and have connected to a freedom plus cable internet account with Optus in Australia, They have supplied me with a wireless netgear cable modem (CG814Wg v3) and a Netgear Wireless USB adapter (WG111 v2) However I am currently connected to the modem with an Ethernet cable. To try and Diagnose my problem.

The Issue
Upon starting the computer all software has access to the internet without hitch however after a short period of time (Between 5mins and 30mins) All software will lose access to the internet. MSN messenger will say it cannot establish a conection, Mozilla FF will show a blank page with "Done" in the loading progress bar displayed, IE will say it can not access the webpage and games will stay at the connecting phase indefinetly. Windows will claim the connection is still active and pinging google via command prompt returns positive results with no loss. Repairing the connection does nothing, the only thing that allows me access again is to restart the computer. The same issue occurs regardless of weather I am connected via wireless or ethernet.
My flatmate has no problems with his wireless connection except when i reef the cable from the modem in desperation.

I originally thought spyware was to blame however I have an up to date version of spyware blaster with all protection enabled, Scanning with the most up to date version of Spybot Search and destroy shows tracking cookies and an up to date version of Adaware shows no threats. I have tried scanning in both safe mode and and standard boot modes. Both provide the same results.

I do not use constant Anti virus protection. However i do fairly frequent online virus scans and they produce very little results. Only Windows firewall is active.
(This is not a debate on weather anti virus software is effective or not, lets just say that in close to 24, 7 internet access over the past 6 year I am yet to receive any damage to my machine that was not able to be repaired in less then 10 minutes, Unless you are 100% certain that a particular viral strain produces these sort of symptoms then lets just pretend I use all the "Virus Protection" available)

Below Is a Highjackthis log that was generated while in safe mode (with networking) If anyone knows what the cause could be I would love to find a solution.

Thanks in Advance.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:30 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Microsoft Help] C:\RECYCLER\svchost.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EVEMon] "C:\Games\EVE\extras\EveMon\EVEMon.exe" -startMinimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Administrator.MEGATHRON\My Documents\My Pictures\Widescreen Pack\April_Scott_January_2007_WidesM447.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrator.MEGATHRON\My Documents\My Pictures\Widescreen Pack\not_thinking_straight_by_MichaelFaber.jpg

--
End of file - 3910 bytes




UPDATE: After sitting in safe mode for a while I have noticed my net speed is drastically increased close to double i would say and I have also maintained a stable connection for close to an hour now. I will reboot and run Hijackthis in standard boot mode and upload the results.

Thanks for your help



BOOT MODE NORMAL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:31 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\PnkBstrA.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\RECYCLER\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Games\EVE\extras\EveMon\EVEMon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Teamspeak2_RC2\G15_TeamSpeak\G15_TeamSpeak.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Microsoft Help] C:\RECYCLER\svchost.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EVEMon] "C:\Games\EVE\extras\EveMon\EVEMon.exe" -startMinimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Administrator.MEGATHRON\My Documents\My Pictures\Widescreen Pack\April_Scott_January_2007_WidesM447.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrator.MEGATHRON\My Documents\My Pictures\Widescreen Pack\not_thinking_straight_by_MichaelFaber.jpg

--
End of file - 4765 bytes





Ipconfig /all ------While Browsers are active


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator.MEGATHRON>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : megathron
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit E
thernet NIC
Physical Address. . . . . . . . . : 00-17-31-85-17-D9
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 203.2.75.132
198.142.0.51
Lease Obtained. . . . . . . . . . : Saturday, March 29, 2008 5:41:24 PM
Lease Expires . . . . . . . . . . : Saturday, March 29, 2008 6:41:24 PM

C:\Documents and Settings\Administrator.MEGATHRON>

[johnwill]

You appear to have either ASTEF or RESPAN virus, I suggest the following. For sure, svchost.exe should NOT be running from the RECYCLER folder!

Please follow the instructions here (5 pages) and then post all the requested logs in a new thread here for the security analysts to look at. If you have any trouble running any of the scans, leave them and move onto the next.

The security forum is always busy, so please be patient and you will receive a reply as soon as possible. If you go to Thread Tools > Subscribe at the top of your new thread you will receive an email as soon as a reply is posted.

[dafttemplar]

Thanks johnwill. I will follow those steps and see if I can find the problems.