Solved [Unable to connect to internet, use messenger or AVG, etc]

Hi
Sorry for the delay, was kind of busy yesterday.

OK Please try this on the XP and let me know what you get.

Try each of the following commands from a command window one at a time..

ping www.google.com
ping 64.233.187.99
tracert www.google.com
tracert 64.233.187.99

If using the IP addy for google results in a reply, open a browser and paste the IP address into the address window and click the go arrow.

64.233.187.99

Thanks
Geri

 

Ping'ed google, no luck.

Ping'ed 64.233.187.99, here's the result:
Pinging 64.233.187.99 with 32 bytes of data:

Reply from 64.233.187.99: bytes=32 time=51ms TTL=241
Reply from 64.233.187.99: bytes=32 time=53ms TTL=241
Reply from 64.233.187.99: bytes=32 time=50ms TTL=241
Reply from 64.233.187.99: bytes=32 time=51ms TTL=241

Ping statistics for 64.233.187.99:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:
Minimum = 50ms, Maximum = 53ms, Average = 51ms

Tracert www.google.com, no luck.
Tracert 64.233.187.99, results:

Tracing route to 64.233.187.99 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 192.168.254.1
2 1 ms 1 ms 1 ms 192.168.254.254
3 28 ms 35 ms 28 ms 151.213.32.23
4 27 ms 27 ms 33 ms 151.213.30.28
5 28 ms 28 ms 30 ms 75.90.222.16
6 29 ms 28 ms 28 ms 151.213.254.38
7 38 ms 38 ms 37 ms 4.71.242.5
8 37 ms 38 ms 37 ms 4.68.101.161
9 53 ms 51 ms 51 ms 64.159.1.45
10 50 ms 50 ms * 4.68.103.34
11 50 ms 51 ms 50 ms 4.78.208.114
12 50 ms 50 ms 49 ms 72.14.236.15
13 52 ms 64 ms 52 ms 216.239.49.222
14 50 ms 50 ms 51 ms 64.233.187.99

Trace complete.

Typed in 64.233.187.99 into Mozilla Firefox, got google english search page.

 

Hi

OK go to google and see if you can then navigate normally.
If so, put this in the search box,
combofix

It should take you to a results page where this will be one of the listings.
A guide and tutorial on using ComboFix

with this below it.
.bleepingcomputer.com/combofix/how-to-use-combofix

Go to that web site. Download combofix from this location, BleepingComputer.com

Save it to your Desktop and run CF. and post the log here. (ComboFix Icon has changed so don't let that alarm you)
Do not mouse click on combofix while CF is running.

Thanks
Geri

 

Could not download combofix with the XP machine. Transferred it from the Vista machine. Here is the logfile.

ComboFix 08-07-31.06 - Brian 2008-08-02 0:43:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.533 [GMT -4:00]
Running from: F:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brian.BULLSHIT\Application Data\macromedia\Flash Player\#SharedObjects\U7PEDHKE\interclick.com
C:\Documents and Settings\Brian.BULLSHIT\Application Data\macromedia\Flash Player\#SharedObjects\U7PEDHKE\interclick.com\ud.sol
C:\Documents and Settings\Brian.BULLSHIT\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Brian.BULLSHIT\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Brian\Application Data\Install.dat
C:\Program Files\Altnet
C:\Program Files\Altnet\DBBackup(2)\Sigfiles.db
C:\Program Files\Altnet\Download Manager\dminfo3.cab
C:\Program Files\Altnet\Download Manager\dmsetup.bmp
C:\Program Files\Altnet\Download Manager\dmsetupbig.bmp
C:\Program Files\Altnet\Download Manager\jsinstall.cab
C:\Program Files\Altnet\Download Manager\jslegals.txt
C:\Program Files\Altnet\Download Manager\selectdir.txt
C:\Program Files\Altnet\Download Manager\selectdir1st.txt
C:\Program Files\Altnet\Points Manager\LocalPages\altnet.css
C:\Program Files\Altnet\Points Manager\LocalPages\gradient.gif
C:\Program Files\Altnet\Points Manager\LocalPages\local_firstuse.html
C:\Program Files\Altnet\Points Manager\LocalPages\local_points.html
C:\Program Files\Altnet\Points Manager\LocalPages\local_redeem.html
C:\Program Files\Altnet\Points Manager\LocalPages\local_start.html
C:\Program Files\Altnet\Points Manager\LocalPages\local_wallet.html
C:\Program Files\Altnet\Points Manager\LocalPages\notconnected.gif
C:\Program Files\Altnet\Points Manager\LocalPages\offline.gif
C:\Program Files\Altnet\Points Manager\LocalPages\pixel.gif
C:\Program Files\Altnet\Points Manager\Points Manager.exe.Manifest
C:\Program Files\Altnet\Points Manager\Skin\back-over.bmp
C:\Program Files\Altnet\Points Manager\Skin\back.bmp
C:\Program Files\Altnet\Points Manager\Skin\bottom.bmp
C:\Program Files\Altnet\Points Manager\Skin\bottomleft.bmp
C:\Program Files\Altnet\Points Manager\Skin\bottomright.bmp
C:\Program Files\Altnet\Points Manager\Skin\close-over.bmp
C:\Program Files\Altnet\Points Manager\Skin\close.bmp
C:\Program Files\Altnet\Points Manager\Skin\forward-over.bmp
C:\Program Files\Altnet\Points Manager\Skin\forward.bmp
C:\Program Files\Altnet\Points Manager\Skin\help-bottom.bmp
C:\Program Files\Altnet\Points Manager\Skin\help-over.bmp
C:\Program Files\Altnet\Points Manager\Skin\help-sel.bmp
C:\Program Files\Altnet\Points Manager\Skin\help-top.bmp
C:\Program Files\Altnet\Points Manager\Skin\help-topleft.bmp
C:\Program Files\Altnet\Points Manager\Skin\help-topright.bmp
C:\Program Files\Altnet\Points Manager\Skin\help.bmp
C:\Program Files\Altnet\Points Manager\Skin\Help.xml
C:\Program Files\Altnet\Points Manager\Skin\left.bmp
C:\Program Files\Altnet\Points Manager\Skin\maximise-over.bmp
C:\Program Files\Altnet\Points Manager\Skin\maximise.bmp
C:\Program Files\Altnet\Points Manager\Skin\mb_bottom.bmp
C:\Program Files\Altnet\Points Manager\Skin\mb_bottomleft.bmp
C:\Program Files\Altnet\Points Manager\Skin\mb_bottomright.bmp
C:\Program Files\Altnet\Points Manager\Skin\mb_left.bmp
C:\Program Files\Altnet\Points Manager\Skin\mb_right.bmp
C:\Program Files\Altnet\Points Manager\Skin\mb_top.bmp
C:\Program Files\Altnet\Points Manager\Skin\mb_topleft.bmp
C:\Program Files\Altnet\Points Manager\Skin\mb_topright.bmp
C:\Program Files\Altnet\Points Manager\Skin\message.xml
C:\Program Files\Altnet\Points Manager\Skin\minimise-over.bmp
C:\Program Files\Altnet\Points Manager\Skin\minimise.bmp
C:\Program Files\Altnet\Points Manager\Skin\points-disabled.bmp
C:\Program Files\Altnet\Points Manager\Skin\points-over.bmp
C:\Program Files\Altnet\Points Manager\Skin\points-sel.bmp
C:\Program Files\Altnet\Points Manager\Skin\points.bmp
C:\Program Files\Altnet\Points Manager\Skin\redeem-disabled.bmp
C:\Program Files\Altnet\Points Manager\Skin\redeem-over.bmp
C:\Program Files\Altnet\Points Manager\Skin\redeem-sel.bmp
C:\Program Files\Altnet\Points Manager\Skin\redeem.bmp
C:\Program Files\Altnet\Points Manager\Skin\refresh-over.bmp
C:\Program Files\Altnet\Points Manager\Skin\refresh.bmp
C:\Program Files\Altnet\Points Manager\Skin\right.bmp
C:\Program Files\Altnet\Points Manager\Skin\Sav3BD.tmp
C:\Program Files\Altnet\Points Manager\Skin\settings-disabled.bmp
C:\Program Files\Altnet\Points Manager\Skin\settings-over.bmp
C:\Program Files\Altnet\Points Manager\Skin\settings-sel.bmp
C:\Program Files\Altnet\Points Manager\Skin\settings.bmp
C:\Program Files\Altnet\Points Manager\Skin\Skin.xml
C:\Program Files\Altnet\Points Manager\Skin\start-disabled.bmp
C:\Program Files\Altnet\Points Manager\Skin\start-over.bmp
C:\Program Files\Altnet\Points Manager\Skin\start-sel.bmp
C:\Program Files\Altnet\Points Manager\Skin\start.bmp
C:\Program Files\Altnet\Points Manager\Skin\top.bmp
C:\Program Files\Altnet\Points Manager\Skin\topleft-pro.bmp
C:\Program Files\Altnet\Points Manager\Skin\topleft-reg.bmp
C:\Program Files\Altnet\Points Manager\Skin\topleft.bmp
C:\Program Files\Altnet\Points Manager\Skin\topright.bmp
C:\Program Files\Altnet\Points Manager\Skin\wallet-disabled.bmp
C:\Program Files\Altnet\Points Manager\Skin\wallet-over.bmp
C:\Program Files\Altnet\Points Manager\Skin\wallet-sel.bmp
C:\Program Files\Altnet\Points Manager\Skin\wallet.bmp
C:\WINXP\system32\_004980_.tmp.dll
C:\WINXP\system32\_004981_.tmp.dll
C:\WINXP\system32\_004982_.tmp.dll
C:\WINXP\system32\_004983_.tmp.dll
C:\WINXP\system32\_004990_.tmp.dll
C:\WINXP\system32\_004991_.tmp.dll
C:\WINXP\system32\_004992_.tmp.dll
C:\WINXP\system32\_004993_.tmp.dll
C:\WINXP\system32\_004995_.tmp.dll
C:\WINXP\system32\_004996_.tmp.dll
C:\WINXP\system32\_004999_.tmp.dll
C:\WINXP\system32\_005000_.tmp.dll
C:\WINXP\system32\_005002_.tmp.dll
C:\WINXP\system32\_005003_.tmp.dll
C:\WINXP\system32\_005004_.tmp.dll
C:\WINXP\system32\_005006_.tmp.dll
C:\WINXP\system32\_005009_.tmp.dll
C:\WINXP\system32\_005010_.tmp.dll
C:\WINXP\system32\_005014_.tmp.dll
C:\WINXP\system32\_005015_.tmp.dll
C:\WINXP\system32\_005017_.tmp.dll
C:\WINXP\system32\_005020_.tmp.dll
C:\WINXP\system32\_005022_.tmp.dll
C:\WINXP\system32\_005023_.tmp.dll
C:\WINXP\system32\_005024_.tmp.dll
C:\WINXP\system32\_005025_.tmp.dll
C:\WINXP\system32\_005026_.tmp.dll
C:\WINXP\system32\_005029_.tmp.dll
C:\WINXP\system32\_005030_.tmp.dll
C:\WINXP\system32\_005031_.tmp.dll
C:\WINXP\system32\_005032_.tmp.dll
C:\WINXP\system32\_005033_.tmp.dll
C:\WINXP\system32\_005038_.tmp.dll
C:\WINXP\system32\_005040_.tmp.dll
C:\WINXP\system32\_005041_.tmp.dll
C:\WINXP\system32\cache329
C:\WINXP\system32\cache329\B_329_0_0_105300.htm
C:\WINXP\system32\cache329\B_329_0_0_106800.htm
C:\WINXP\system32\cache329\B_329_0_0_107400.htm
C:\WINXP\system32\cache329\B_329_1_0_449200.gif
C:\WINXP\system32\cache329\B_329_1_0_449600.gif
C:\WINXP\system32\cache329\B_329_1_0_454300.gif
C:\WINXP\system32\cache329\B_329_2_0_105300.htm
C:\WINXP\system32\cache329\B_329_2_0_106800.htm
C:\WINXP\system32\cache329\B_329_2_0_107400.htm
C:\WINXP\system32\cache329\B_329_3_0_105300.htm
C:\WINXP\system32\cache329\B_329_3_0_106800.htm
C:\WINXP\system32\cache329\B_329_3_0_107400.htm
C:\WINXP\system32\cache329\B_329_4_0_111600.htm
C:\WINXP\system32\cache329\B_329_4_0_152400.htm
C:\WINXP\system32\cache329\B_329_4_0_155300.htm
C:\WINXP\system32\cache329\B_329_4_0_164100.htm
C:\WINXP\system32\cache329\t_B_329_0_0_105300.htm
C:\WINXP\system32\cache329\t_B_329_0_0_106800.htm
C:\WINXP\system32\cache329\t_B_329_0_0_107400.htm
C:\WINXP\system32\cache329\t_B_329_2_0_105300.htm
C:\WINXP\system32\cache329\t_B_329_2_0_106800.htm
C:\WINXP\system32\cache329\t_B_329_2_0_107400.htm
C:\WINXP\system32\cache329\t_B_329_3_0_105300.htm
C:\WINXP\system32\cache329\t_B_329_3_0_106800.htm
C:\WINXP\system32\cache329\t_B_329_3_0_107400.htm
C:\WINXP\system32\cache329\t_B_329_4_0_111600.htm
C:\WINXP\system32\cache329\t_B_329_4_0_152400.htm
C:\WINXP\system32\cache329\t_B_329_4_0_155300.htm
C:\WINXP\system32\cache329\t_B_329_4_0_164100.htm

.
((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-07-28 12:58 . 2007-09-06 00:22 289,144 --a------ C:\WINXP\system32\VCCLSID.exe
2008-07-28 12:58 . 2006-04-27 17:49 288,417 --a------ C:\WINXP\system32\SrchSTS.exe
2008-07-28 12:58 . 2008-05-29 09:35 86,528 --a------ C:\WINXP\system32\VACFix.exe
2008-07-28 12:58 . 2008-05-18 21:40 82,944 --a------ C:\WINXP\system32\IEDFix.exe
2008-07-28 12:58 . 2008-07-02 13:33 82,432 --a------ C:\WINXP\system32\IEDFix.C.exe
2008-07-28 12:58 . 2008-05-23 18:21 81,920 --a------ C:\WINXP\system32\404Fix.exe
2008-07-28 12:58 . 2003-06-05 21:13 53,248 --a------ C:\WINXP\system32\Process.exe
2008-07-28 12:58 . 2004-07-31 18:50 51,200 --a------ C:\WINXP\system32\dumphive.exe
2008-07-28 12:58 . 2007-10-04 00:36 25,600 --a------ C:\WINXP\system32\WS2Fix.exe
2008-07-28 12:58 . 2008-07-28 13:00 1,244 --a------ C:\WINXP\system32\tmp.reg
2008-07-26 12:12 . 2008-07-26 12:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-26 12:12 . 2008-07-26 12:12 <DIR> d-------- C:\Deckard
2008-07-18 22:31 . 2008-07-18 22:31 <DIR> d-------- C:\WINXP\system32\scripting
2008-07-18 22:31 . 2008-07-18 22:31 <DIR> d-------- C:\WINXP\system32\en
2008-07-18 22:31 . 2008-07-18 22:31 <DIR> d-------- C:\WINXP\system32\bits
2008-07-18 22:31 . 2008-07-18 22:31 <DIR> d-------- C:\WINXP\l2schemas
2008-07-18 22:25 . 2008-07-18 22:32 <DIR> d-------- C:\WINXP\ServicePackFiles
2008-07-18 21:23 . 2008-07-18 21:23 <DIR> d-------- C:\Program Files\Belarc
2008-07-18 21:23 . 2008-02-27 13:49 3,840 --a------ C:\WINXP\system32\drivers\BANTExt.sys
2008-07-18 00:14 . 2008-07-26 04:45 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-17 20:37 . 2008-07-17 20:37 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-17 20:36 . 2008-07-17 20:36 <DIR> d-------- C:\Program Files\MSBuild
2008-07-17 20:24 . 2008-07-17 20:24 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-17 20:11 . 2008-07-17 20:30 <DIR> d-------- C:\WINXP\SHELLNEW
2008-07-10 12:40 . 2008-07-10 12:44 <DIR> d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Lavasoft
2008-07-10 11:26 . 2008-07-10 11:26 <DIR> d-------- C:\Program Files\The Weather Channel FW
2008-07-10 11:23 . 2008-07-18 16:30 <DIR> d-------- C:\WINXP\system32\drivers\Avg
2008-07-10 11:23 . 2008-07-10 11:23 <DIR> d-------- C:\Program Files\AVG
2008-07-10 11:23 . 2008-07-10 11:23 <DIR> d-------- C:\Documents and Settings\All Users.WINXP\Application Data\avg8
2008-07-10 11:23 . 2008-07-10 11:23 96,520 --a------ C:\WINXP\system32\drivers\avgldx86.sys
2008-07-10 11:23 . 2008-07-10 11:23 10,520 --a------ C:\WINXP\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 01:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-19 14:44 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft Help
2008-07-18 05:00 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-17 23:26 --------- d-----w C:\Program Files\Finale 2007
2008-07-12 10:39 --------- d-----w C:\Program Files\Java
2008-06-20 17:41 245,248 ------w C:\WINXP\system32\mswsock.dll
2008-06-16 20:29 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Maxtor
2008-06-16 14:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 14:09 --------- d-----w C:\Program Files\Maxtor
2008-05-16 15:58 12,632 ----a-w C:\WINXP\system32\lsdelete.exe
2008-05-07 04:55 1,288,192 ------w C:\WINXP\system32\quartz.dll
2006-03-15 18:19 212,992 ----a-w C:\WINXP\inf\WG311v3\CopyWHQLDriver.exe
2006-01-26 21:55 280,576 ----a-w C:\WINXP\inf\WG311v3\WG311v3.sys
2005-10-06 19:17 280,576 ----a-w C:\WINXP\inf\WG311v3\WG311v3XP.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe "= "C:\WINXP\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"DW6 "= "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 16:18 785520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint "= "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 20:39 461584]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-19 09:02 185896]
"MaxtorOneTouch "= "C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 08:45 712704]
"mxomssmenu "= "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 11:15 81920]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-10 11:23 1232152]

C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe [2006-01-26 17:55:04 1486848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "= C:\WINXP\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "= C:\WINXP\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Brian.BULLSHIT^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Brian.BULLSHIT\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINXP\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2005-11-02 23:01 50792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 18:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 14:43 57344 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 13:56 64512 C:\WINXP\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-11-02 23:01 50792 C:\Program Files\Common Files\AOL\1137307829\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 18:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 05:00 90112 C:\WINXP\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2004-06-10 12:51 60928 C:\WINXP\system32\P17.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\Common Files\\AOL\\1137307829\\ee\\AOLServiceHost.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\Common Files\\AOL\\1137307829\\ee\\aolsoftware.exe "=
"C:\\Program Files\\Common Files\\AOL\\1137307829\\ee\\aim6.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\\Program Files\\AIM6\\aim6.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP "= 1723:TCPxpsp2res.dll,-22015
"1701:UDP "= 1701:UDPxpsp2res.dll,-22016
"500:UDP "= 500:UDPxpsp2res.dll,-22017

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINXP\system32\Drivers\avgldx86.sys [2008-07-10 11:23]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-10 11:23]
R3 MAC607;MAC607 Filter;C:\WINXP\system32\DRIVERS\MAC607.sys [2007-06-25 02:35]
S0 Spssys;Toshiba SPS Service;C:\WINXP\system32\drivers\spssys.sys []
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINXP\system32\DRIVERS\A3AB.sys [2005-03-22 20:17]
S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\BRIAN~1.BUL\LOCALS~1\Temp\iMSPCLOj.sys []
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINXP\system32\Drivers\xbreader.sys [2001-01-02 23:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-GrooveMonitor - E:\Office12\GrooveMonitor.exe
Notify-NavLogon - (no file)
MSConfigStartUp-AIM - C:\Program Files\AIM\aim.exe
MSConfigStartUp-ANIWZCS2Service - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
MSConfigStartUp-D-Link AirPlus G - C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
MSConfigStartUp-KAZAA - C:\Program Files\Kazaa\kazaa.exe
MSConfigStartUp-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-PopUpStopperFreeEdition - C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
MSConfigStartUp-tbon - C:\Program Files\TBONBin\tbon.exe
MSConfigStartUp-ViewMgr - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
MSConfigStartUp-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Brian.BULLSHIT\Application Data\Mozilla\Firefox\Profiles\xs70nloq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 00:46:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-02 0:48:56
ComboFix-quarantined-files.txt 2008-08-02 04:48:26

Pre-Run: 46,714,028,032 bytes free
Post-Run: 46,688,985,088 bytes free

322 --- E O F --- 2008-07-19 14:44:57

 

Excuse my intrusion please....

Did you ever login to the router control panel and check the dns settings? The results of the ping and tracert commands show us that dns is not being resolved properly, and the ipconfig /all command confirms that dns is not being provided/translated properly through the router. Instead of your ISP's dns addresses, your connections are being given the router's address for dns (dns is Domain Name System ..... this is what translates normal text, such as google.com, into an IP address ... required for displaying webpages), and routers are not designed to be name servers.

Here's another test. Go back to the wireless connection properties, Internet Protocol (TCP/IP) properties, and select the Use the following DNS Server Addresses option, then input the following numbers.

208.67.222.222
208.67.220.220

OK your way out and restart the computer if prompted.

See if you can now establish a connection that allows normal internet access.

If that works, login to your router CP and set dns to static, then use those IP addresses. Set the computer's connection properties back to automatic.

 

I still don't have a connection. I added both of those IP addresses, and rebooted. Yes, I have logged into the router, but before I didn't know exactly what I was looking for.

 

If unable to find dns options in router cp, what brand and model is the router?
I'd like you to set the router's dns to those IPs and the computer's back to automatic.

 

Dave, I changed the router settings, and still no luck.

 

Please apply those dns addresses in the router cp, then after verifying they stuck, power down the router. Then power down the modem. Disable all connected computer's connections or power them down as well. Now, power up the modem. Once it's fully back online, power up the router. Once it's fully online, start booting up or enabling computers. Allow each one to aquire connectivity before moving to the next. If still no normal connection to IE after that, run the ipconfig /all command Geri posted previously on each of the computers and post all logs here. You need only identify the one with the problem.

 

Hi
OK because this is now not a malware problem, lets clean up the tools you downloaded.

Please do this.

Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.

Then delete Smitfraud.exe.

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

Empty your recycle bin.

Dave will help you out through the connrction problem.

Thanks
Geri

 

(Problem computer) XP

Windows IP Configuration
Host Name . . . . . . . . . . . . : TINY
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes



Ethernet adapter Wireless Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR WG311v3 802.11g Wireless PCI Adapter
Physical Address. . . . . . . . . : 00-1B-2F-C6-D7-35
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
Lease Obtained. . . . . . . . . . : Sunday, August 03, 2008 21:24:59
Lease Expires . . . . . . . . . . : Monday, August 04, 2008 21:24:59



Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/100+ Management Adapter
Physical Address. . . . . . . . . : 00-90-27-59-A8-68


Vista
Windows IP Configuration

Host Name . . . . . . . . . . . . : *******
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1E-90-14-4A-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.9(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 03, 2008 9:13:45 PM
Lease Expires . . . . . . . . . . : Monday, August 04, 2008 9:13:45 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled


Windows IP Configuration XP
Host Name . . . . . . . . . . . . : DORIES
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B)
Physical Address. . . . . . . . . : 00-11-95-C2-7E-4D
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . .208.67.222.222
208.67.220.220
Lease Obtained. . . . . . . . . . : Sunday, August 03, 2008 8:04:29 PM
Lease Expires . . . . . . . . . . : Monday, August 04, 2008 8:04:29 PM

Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-18-F3-DE-86-57

 

Click Start>Run and type the following command then hit Enter.

sc delete iMSPCLOj

Please run WinsockXPFix again and reboot.

Are you now still unable to reach google.com via normal means?

 

No, I still can't.

 

Hmmm ........ Open a command window and type the following command, then hit Enter.

sc query dnscache

Let me know the results for State

 

State: 4 RUNNING
<STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN>

That's the exact thing it says.

 

Type the following in a command window, hit enter and let me know the result.

nslookup


Since you mentioned the connection shows as Firewalled, let get that ruled out. Click Start>Run and type firewall.cpl then hit enter. Select the Off option and click OK. Restart.

 

DNS Request timed out.
Timeout after 2 seconds. Cant find server request for the IP I set on the router.
Default Server: UnKnown

Firewall is off, but still no internet. This problem really has me scratching my head wondering what's wrong.

 

Please run the nslookup command on your other computer as well. I'd like to know if the result is the same.

Can you verify there are no IP address conflicts with the connected machines? Obviously, if the xboxes are off and it's just the 2 computers connected, and ipconfig /all shows a different address for each, conflict is ruled out as well.

 

Default server: resolver1.opendns.com
Address: 208.67.222.222

That's from the Vista computer. I can't run ipconfig /all on the xboxes, but they haven't had any problems connecting either. At the moment, there is one xbox connected, one computer fully connected, and the problem one that is only connected to the router right now.

Can't be an IP address conflict since they both have their own.
Vista machine is 192.168.1.9
XP machine is 192.168.1.2

 

The Vista nslookup results are what I was hoping for on the XP machine.

Let's see what we get with this. Run each of the commands in the order given.

ipconfig /release
ipconfig /flushdns
ipconfig /renew
ipconfig /displaydns>dns.txt
start notepad dns.txt

Just a summary of dns.txt will suffice.