Computer Help forum

General discussion

Windows XP Professional will not connect to secure sites

by austriangal / November 16, 2004 12:11 AM PST

I am having a horrific time figuring this one out. I am not, by any means, a computer expert, but after scouring forums, I think I've covered a lot of the recommended bases for my problem, still with no success. So, here it is.

I'm running on a DELL 8200 with Windows XP Professional and IE 6.0. Up until July 2004 I had no problems connecting to secure sites, but then I got a virus or adware or something that really jacked everything up PLUS my IE got hijacked. I thought I got everything out. However, since then, when I try to sign on to secure sites (my bank, frequent flier accounts, etc.) I have no success. I receive a "the page cannot be displayed," but no other error message. I tried to switch over to Opera, but it will not acknowledge that I am connected to the Net.

Since August I have reinstalled Windows XP Professional two times. I changed Internet providers (moved and went from a cable modem to a ADSL Ethernet connection), and have also upgraded to IE 6.

When I try to register Windows online, it will not connect. This is also true when I try to log on to MSN Messenger or Yahoo messenger.

Here's what I HAVE done, but still no success:
- Reinstalled Windows XP twice (didn't wipe drive clean beforehand though)
- Created new user profiles
- Checked for 128-bit encription
- Added the requested .dll authorizations (on Windows forums)
- Deleted cookies, files, and history.
- Checked all of the SSL boxes in the Tools/Internet options area.
- Ran CWshredder, antivirus checkers, and numerous adware programs (some of which are gone because of the reinstall.)

I'm in desperate mode now. I live in a rather rural area of Austria and the computer technicions do not generally work on computers with English OS, so they won't be much help.

If anyone is able to point me in the right direction, I would be most appreciative!

Thanks in advance.

Discussion is locked
You are posting a reply to: Windows XP Professional will not connect to secure sites
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Windows XP Professional will not connect to secure sites
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Windows XP Professional will connect to secure sites
by R. Proffitt Forum moderator / November 16, 2004 12:23 AM PST

Just not yours. I think your subject title is inaccurate, but let's try to fix YOUR MACHINE.

"my IE got hijacked."

That's the big clue. Such hijackings can do untold damage to the OS so let's get some items straight and then try the usual fixes.

1. XP Pro does connect to secure sites.

2. Hijacked IE occurences will continue since IE is not hardened against such attacks.

3. Item 2 will continue since not only is IE not patched enough yet, but people have put off Service Pack 2 for many reasons.

-- Some ideas to recover.

A. IEFIX (Use google.com)

This tool re-registers many DLLs and sets many settings back to where they should be. Also runs SFC so have your XP PRO CD handy.

In short, with one tool, corrects many issues.

B. SPYWARE. You can't allow it on the machine or you can't complain. It's that simple. Here's the usual tools. Adaware, Spybot, Stinger and Housecall. ALL FREE and currently listed at http://forums.majorgeeks.com/showthread.php?t=35407

In closing, two things. One, I only sound harsh. I don't like SPYWARE and the issues it raises. Two, you can mitigate your hijacking risks by using FIREFOX or MOZILLA for most of your web access. If you don't I can assure you the pain will continue for now.

Bob

Collapse -
Re: Windows XP Professional will connect to secure sites
by austriangal / November 16, 2004 2:17 AM PST

Bob,

Thank you SO MUCH for your speedy reply. I have spent the last 2 hours trying to get the IEFIX to do what it needs to. Warning, run-on sentence ahead: IEFIX accessed my Windows reboot disk, and I got it to ask me to restart and once it restarted I got a message that said I had removed IE 6, but when I restarted and connected to the Internet via my provider's prompt, IE6 came up again (thus, it was never deleted?).

I've run IEFIX three times, still, no connection can be made to secure servers.

Here are other things I did:
Ran windows script 5.6 for windows 2000 & xp
installed spyware blaster and spybot (already had stinger) - and will continue to install the recommended programs - thanks!

I installed Firefox, as you recommended, and when it went to connect, I got an error, just like I'm getting with my microsoft registry tries: "The connection was refused when attempting to contact start.mozilla.org"

Could this be a network setting issue since I'm accessing Firefox outside of IE? Even though I JUST set up my ADSL settings last night (using the server's installation disk, in German, of course) after reinstalling Windows XP Pro two times, I'm wondering if there are residual issues from my previous installation on Windows? If so, should I run something to completely clean off my harddrive and start ALL over? At this point, I'm SO ready to do it!

Thanks again for all of the input I've received so far. It is truly appreciated.

Collapse -
Read...
by R. Proffitt Forum moderator / November 16, 2004 2:28 AM PST
http://weblog.wlkr.net/archives/000216.html

"If you're seeing this message:
The connection was refused when attempting to contact start.mozilla.org...
Change your homepage to http://www.google.com/firefox, which is the same page.
It would also help reduce the load on mozilla.org
Update: Ben Goodger clarified that the redirect is done in CNAME, so the default start page does not cause a hit on mozilla.org servers. Posted by vfwlkr at November 11, 2004 10:45 PM | TrackBack "

And more...

Bob
Collapse -
Re: Read...
by austriangal / November 16, 2004 2:46 AM PST
In reply to: Read...

Thanks Bob. I had actually done that before, but it won't allow me to connect to anything on Firefox.

I also tried to run the MS Baseline Security Analyzer, and while I can download the utility, I cannot get the "security updates," thus making the program unusable. This goes for any of the automated security programs that analyze from an Internet connection. At this point, I'm at a loss. I appreciate your help, but not sure if my problem is fixable without a Bob/expert in front of my computer(anyone coming to Austria soon?). I'm certainly not feeling as though I can fix this nightmare.

Thanks again.

Collapse -
Find your HOSTS file.
by R. Proffitt Forum moderator / November 16, 2004 2:56 AM PST
In reply to: Re: Read...

There are two more items to plaster.

1. Copy your HOSTS file to this forum for a looksee.

(Hint google about HOSTS if you need to)

2. Look up WINSOCKFIX on google and use it.

Bob

Collapse -
Re: Find your HOSTS file.
by austriangal / November 16, 2004 3:12 AM PST
In reply to: Find your HOSTS file.

Okay. I ran Winsockfix, and didn't notice anything magical happen. It did make a nice beep and restart my computer. I was feeling hopeful. Alas, nada.

The only host in my host file is: 127.0.0.1 localhost

Collapse -
Services then.
by R. Proffitt Forum moderator / November 16, 2004 6:53 AM PST

No, not the burial kind.

Open a command window and type...

NET START

Mine lists:

C:\Cnet>NET START
These Windows services are started:

Automatic Updates
AVG6 Service
COM+ Event System
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
DNS Client
Event Log
Help and Support
IPSEC Services
Kodak Camera Connection Software
Logical Disk Manager
Network Connections
NVIDIA Display Driver Service
Plug and Play
Print Spooler
Protected Storage
Remote Procedure Call (RPC)
ScsiAccess
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Time
Workstation

The command completed successfully.


I wonder if the crypto or other services are not running.

Bob

Collapse -
Re: Services then.
by austriangal / November 16, 2004 5:01 PM PST
In reply to: Services then.

Hi Bob.
Restless night last night. I live down the road from a cemetery, and did contemplate putting the thing down. Your posting today gives me a new hope. My harddrive is crossing its fingers too.

Now this is where your expertise comes in. I have NO idea what to look for. Here's mine:

These Windows services are started:
Application Layer Gateway Service
Automatic Updates
COM+ Event System
Computer Browser
Creative Service for CDROM Access
Cryptographic Services
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Help and Support
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
IPSEC Services
Logical Disk Manager
Machine Debug Manager
Messenger
Network Connections
Network Location Awareness (NLA)
Norton AntiVirus Auto Protect Service
Plug and Play
Portable Media Serial Number
Print Spooler
Protected Storage
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
SSDP Discovery Service
Symantec Core LC
Symantec Event Manager
Symantec Network Drivers Service
Symantec Settings Manager
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
TrueVector Internet Monitor
Upload Manager
WebClient
Windows Audio
Windows Management Instrumentation
Windows Time
Wireless Zero Configuration
WMDM PMSP Service
Workstation

The command completed successfully.

Collapse -
A "whoops". Looks like multiple firewalls.
by R. Proffitt Forum moderator / November 16, 2004 9:15 PM PST
In reply to: Re: Services then.

I see ICF and ICS as well as " TrueVector Internet Monitor ".

Since your machine has all these firewalls, you have to decide which to keep and which to eject.

Let me be blunt that when I find a non-Internet capable machine with ZoneAlarm, I uninstall ZoneAlarm until I can get it working. I do not offer ANY ZoneAlarm support since they deserve all the phone calls.

Bob

Collapse -
Re: A "whoops". Looks like multiple firewalls.
by austriangal / November 17, 2004 12:28 AM PST

Here's my new NET START. Am I missing anything? If not, and you don't think I have much of a chance recovering from this point (still cannot connect to secure sites), I'm wondering if you have any good references to clean my harddrive off as best possible BEFORE a clean reinstall?

Automatic Updates
COM+ Event System
Computer Browser
Creative Service for CDROM Access
Cryptographic Services
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Help and Support
IPSEC Services
Logical Disk Manager
Machine Debug Manager
Messenger
Network Connections
Network Location Awareness (NLA)
Norton AntiVirus Auto Protect Service
Plug and Play
Portable Media Serial Number
Print Spooler
Protected Storage
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
SSDP Discovery Service
Symantec Core LC
Symantec Event Manager
Symantec Network Drivers Service
Symantec Settings Manager
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
Upload Manager
WebClient
Windows Audio
Windows Management Instrumentation
Windows Time
Wireless Zero Configuration
WMDM PMSP Service
Workstation

Collapse -
I see some extra, but nothing missing. lets' try HIJACKTHIS
by R. Proffitt Forum moderator / November 17, 2004 12:31 AM PST
Collapse -
hijack log
by austriangal / November 17, 2004 5:21 AM PST

Hi Bob, Here's your log, as requested. Hope all is well. Best - austriangal.

Logfile of HijackThis v1.98.2
Scan saved at 10:13:01 PM, on 11/17/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Fam\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9650740F-89DB-4BCF-8B41-DB1D39BD5B71}: NameServer = 195.3.96.67 195.3.96.68

Collapse -
Austrangal, Please Post The Log At....
by Grif Thomas Forum moderator / November 17, 2004 5:34 AM PST
In reply to: hijack log
Collapse -
Multiple blockers in use.
by R. Proffitt Forum moderator / November 17, 2004 5:56 AM PST
In reply to: hijack log

I see ZoneAlarm, a popup blocker, winpatrol and something else. It's your choice to "load up" but when it fails its time to cut down to just what it takes.

In my mind, that's one overloaded machine.

Time to clean up.

Bob

Collapse -
Hijackthis log
by Kees Bakker / November 17, 2004 5:33 AM PST

Nothing really wrong in the hijackthis log, in my humble opinion.
But try it without a proxy server (IE>Tools>Settings>Connection; depending on how you are connected it's either the settings of the dial-up you use or the LAN settings).
Simple to do, worth a try.


Kees

Collapse -
"(didn't wipe drive clean beforehand though)"
by Kees Bakker / November 16, 2004 12:36 AM PST

Some of your installed programs were gone because of the reinstall. So obviously you wiped something, but not enough or the wrong thing.
I'm sure this error will disappear if you use the Dell supplied recovery CD (they do have one, I suppose) or do good clean install of Windows XP. But, of course, first try the things Bob advises.

Kees

Collapse -
Re: "(didn't wipe drive clean beforehand though)"
by austriangal / November 16, 2004 2:19 AM PST

Hi Kees! Thanks for your reply. I have done 2 clean installs of XP in the last month. Still, no avail. Maybe throwing the hard drive out onto the street might help? My town has quite a bit of fast traffic, which may do the trick.

Collapse -
Re:
by Kees Bakker / November 16, 2004 10:53 PM PST

Austriangel,

Then, in line with Bob's suggestion above, try an out of the box install of Windows XP first. No firewalls, no antivirus, nothing at all added, just Windows XP as it installs on a clean hard disk. That surely is supposed to work, isn't it.
Then gradually, add things until you find what the problem is. The Windows XP firewall might be a good first thing to activate. Then install SP2, maybe?

Note that without any protection you're likely to get contaminated with the most awful stuff. So - once you know the cause - prepare for a fourth clean install.

And, by the way, how does Mozilla or Firefox handle secured sites on your current system?

Hope this helps,


Kees

Collapse -
Austriangal, This Should Help oo
by Grif Thomas Forum moderator / November 16, 2004 12:55 AM PST

austriangal,

In addition to the other good suggestions, please try installing the newest XP script engine from the link below. Your previous version may have become damaged and updating it should help:

Windows Script 5.6 for Windows 2000 and XP

Hope this helps.

Grif

Collapse -
Re: Austriangal, This Should Help oo
by austriangal / November 16, 2004 2:20 AM PST

Thanks Grif. I ran the script. Didn't notice any improvements off the bat, but appreciate the recommendation! Anything helps. Best, Austriangal.

Collapse -
Re: Windows XP Professional will not connect to secure sites
by Cursorcowboy / November 16, 2004 2:28 AM PST

1. The article [Q320454] discusses and contains information about the "Microsoft Baseline Security Analyzer" tool (MBSA) (Image) that centrally scans Windows-based computers for common security misconfigurations and generates a "report" (Image).

2. "ShieldsUP" is the Internet's quickest, most popular, reliable, most powerful, complete and trusted free online Internet security checkup and information service where at this site you can check your system for vulnerability and begin learning about using the Internet safely.

3. Supplemental reading:

a. "Setting Up Security Zones."

b. "Chapter 27 - Security Zones."

c. "Changes to Functionality in Microsoft Windows XP Service Pack 2."

4. The article [Q316894] describes and offers troubleshooting tips in the following areas, of which there are three other parts covering other important items:

a. I get a message saying "The page cannot be displayed".

b. Web pages don't show pictures or play sound.

c. My browser doesn't start at the page I want.

d. Web sites don't remember me.

e. Internet Explorer crashes.

f. I get a message saying "You are not authorized to view this page".

g. I need to view a Web page when I can't go on line.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!