connection problem on 1 of 2 PC's on LAN

127.0.0.1 counter10.sextracker.com
127.0.0.1 counter11.sextracker.com
127.0.0.1 counter12.sextracker.com
127.0.0.1 counter13.sextracker.com
127.0.0.1 counter14.sextracker.com
127.0.0.1 counter15.sextracker.com
127.0.0.1 counter16.sextracker.com
127.0.0.1 counter2.sextracker.com
127.0.0.1 counter3.sextracker.com
127.0.0.1 counter4.sextracker.com
127.0.0.1 counter5.sextracker.com
127.0.0.1 counter6.sextracker.com
127.0.0.1 counter7.sextracker.com
127.0.0.1 counter8.sextracker.com
127.0.0.1 counter9.sextracker.com
127.0.0.1 crs.akamai.com
127.0.0.1 crux.songline.com
127.0.0.1 ct.iac-online.de
127.0.0.1 ctc.amateurpages.com
127.0.0.1 de.netstatpro.net
127.0.0.1 desktop.grokster.com
127.0.0.1 dialer.offshoreclicks.com
127.0.0.1 doubleclick.net
127.0.0.1 download1.libereco.net
127.0.0.1 download2.0190-dialer.com
127.0.0.1 ehg.hitbox.com
127.0.0.1 ehg-commjun.hitbox.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 everyone.net
127.0.0.1 exchange-it.com
127.0.0.1 exitfuel.com
127.0.0.1 exitmoney.com
127.0.0.1 fast.mediacharger.com
127.0.0.1 focalink.com
127.0.0.1 fp.valueclick.com
127.0.0.1 fragmentserv.iac-online.de
127.0.0.1 free.****-portal.com
127.0.0.1 freebieclub.com
127.0.0.1 freeezinebucks.com
127.0.0.1 freepass.elitecities.com
127.0.0.1 fs.dai.net
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 global.msads.net
127.0.0.1 gm.preferences.com
127.0.0.1 go.ezgreen.com
127.0.0.1 got2goshop.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hacker-spider.de
127.0.0.1 hc2.humanclick.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 hit.hotlog.ru
127.0.0.1 hitbox.com
127.0.0.1 hitmatic.com
127.0.0.1 hitsfrom.popuprush.com
127.0.0.1 hypercount.com
127.0.0.1 ifcol.exitfuel.com
127.0.0.1 image.click2net.com
127.0.0.1 image.com.com
127.0.0.1 image.eimg.com
127.0.0.1 images.sexlist.com
127.0.0.1 images2.nytimes.com
127.0.0.1 img.mediaplex.com
127.0.0.1 impnl.tradedoubler.com
127.0.0.1 internetfuel.com
127.0.0.1 itn.adbureau.net
127.0.0.1 jcms.cydoor.com
127.0.0.1 jeeves.flycast.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 linkbuddies.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 liveadvert.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 looksmartclicks.com
127.0.0.1 lsads.looksmart.com.au
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 marketing-internet.com
127.0.0.1 maximumcash.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.carpediem.fr
127.0.0.1 media.expedia.com
127.0.0.1 media.fastclick.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 media.preferences.com
127.0.0.1 media20.fastclick.net
127.0.0.1 mediacharger.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 mediaplex.com
127.0.0.1 megacash.de
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 millenium-hitz.com
127.0.0.1 mjxads.internet.com
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 monitor.looksmart.com
127.0.0.1 monsterhitz.to
127.0.0.1 musiccity.streamcastnetwork.com
127.0.0.1 n24.de
127.0.0.1 nbc.adbureau.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 newsticker.shortnews.de
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nitrous.exitfuel.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 oad.realmedia.com
127.0.0.1 oas.benchmark.fr
127.0.0.1 onresponse.com
127.0.0.1 onresponse.com
127.0.0.1 p.wtlive.com
127.0.0.1 paycounter.com
127.0.0.1 ph-ad04.focalink.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 php.offshoreclicks.com
127.0.0.1 pluto.beseen.com
127.0.0.1 proxy.ladot.com
127.0.0.1 pub.epiknet.org
127.0.0.1 pub.infiniland.com
127.0.0.1 pub.ketix.com
127.0.0.1 pub.telmedia.fr
127.0.0.1 pub.weborama.fr
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 redirect.iac-online.de
127.0.0.1 regio.adlink.de
127.0.0.1 ResponseMedia-ad.flycast.com
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 rs.webmasterplan.com
127.0.0.1 s0.bluestreak.com
127.0.0.1 s1.bluestreak.com
127.0.0.1 s10.sitemeter.com
127.0.0.1 s11.sitemeter.com
127.0.0.1 s12.sitemeter.com
127.0.0.1 s2.bluestreak.com
127.0.0.1 s2.focalink.com
127.0.0.1 s3.bluestreak.com
127.0.0.1 s4.bluestreak.com
127.0.0.1 s5.bluestreak.com
127.0.0.1 s6.bluestreak.com
127.0.0.1 s7.bluestreak.com
127.0.0.1 s8.bluestreak.com
127.0.0.1 script.weborama.fr
127.0.0.1 secserv.imgis.com
127.0.0.1 servedby.advertising.com
127.0.0.1 servedby.advertwizard.com
127.0.0.1 server.hamster.com
127.0.0.1 server-uk.imrworldwide.com
127.0.0.1 servlets.kliks.nl
127.0.0.1 sextracker.com
127.0.0.1 sh4banner.de
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 shop.freepush.com
127.0.0.1 shortwin.de
127.0.0.1 specialoffers.aol.com
127.0.0.1 spezialreporte.de
127.0.0.1 spin.spinbox.net
127.0.0.1 sprinks-clicks.about.com
127.0.0.1 spylog.com
127.0.0.1 srv1.bannercommunity.de
127.0.0.1 srv2.bannercommunity.de
127.0.0.1 srv3.bannercommunity.de
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 stats3.porntrack.com
127.0.0.1 statse.webtrendslive.com
127.0.0.1 Suissa-ad.flycast.com
127.0.0.1 survey.proactive.nl
127.0.0.1 sview.avenuea.com
127.0.0.1 t0.extreme-dm.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tpl1.realtracker.com

 

there was a bit more...

i checked for anything else installed and there is nothing i found that is unknown to me.

 

Yes but you have the idea!

Your looks ok!

You need to add all the badies in your dns to which ever you use!

Remember these things are blocked from access so add your badies ADSERVER etc to the one you chose.


But remember this if the host file gets to large it will really slow down the computer.

Keep me posted, I am interested!

Mike

 

k, i added all servers to my host file, (most were already there)
i still get a list of adservers when i "ipconfig /displaydns" but there is a 5 second pause that wasn't there before

i still can't access some sites at all (i can access fine on other machine)

and very slow still

any more suggestions?

 

No. That is the slow down I mentioned!

Delete yours and put (paste) the below in:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
#
# HOSTS file portion generated by Zeroclick begins below:
#
# You may add other sites to this list that you wish to block by placing the
# 127.0.0.1 as below and then entering the offending server's name after it. Be
# careful though - if you block a server you may end up not being able to get
# to the site at all. If so, remove the offending line from this file.
#
# If you are STILL able to get to www.doubleclick.net and do not receive a failed
# page error, then please visit www.nsclean.com/0click.html for instructions on
# how to circumvent the windows bug responsible for the failure.
#


127.0.0.1 localhost
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 phase2media.doubleclick.net
127.0.0.1 ln.doubleclick.net
127.0.0.1 ad.au.doubleclick.net

64.246.42.33 windowsbbs.com
64.246.42.33 www.windowsbbs.com


-
Do the above
Time to drop back and punt will post a new message different tactic 10 minutes

Mike

 

O, one more important thing i discovered

in addition to the slowness & dns errors
I also can't transfer files over msn (I've tested with multiple people including the other machine)
i get a blocked port error

(firewalls off for this test)

hope this helps

 

k there is no delay anymore, i cannot access www.doubleclick.net i get a "cannot find server or DNS error "

i flushed, renewed, registered
and i still get list of all adservers "displaydns "

 

Ok Gasolene.

Time to do something different.

1. On good machine run ipconfig /all and print

2. Take to bad machine go to network lan properties
tcip/ip and hard code all of the good settings.
But make the ip 192.168.1.10

Put in the gateway dns all manually. Turn off DHCP.

BTW what is the IP of the good machine!

This better do it!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Mike

 

You don't want to and are not suposed to be able to access doubleclick it is blocked so that is good.

Do the manual config and try msn.com or something you want, not an ad server!

Mike

 

good machine:
-----------------------------------------------------------------
C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : COMPUTER2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : XX.XXXX.telus.net
Description . . . . . . . . . . . : Fast
Ethernet NIC #2
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : XXX.XXX.252.212
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . : XXX.XXX.240.1
DHCP Server . . . . . . . . . . . : 209.115.152.149
DNS Servers . . . . . . . . . . . : 209.115.131.51
209.115.152.150
216.123.198.243
209.115.152.130
Lease Obtained. . . . . . . . . . : Sunday, December 08, 2002 5:29:42 PM

Lease Expires . . . . . . . . . . : Thursday, December 12, 2002 5:29:42
PM
-----------------------------------------------------------------
i made my IP address 192.168.1.10
subnet 255.255.240.0
gateway XXX.XXX.240.1

then i set my DNS servers to 209.115.131.51
and alternate 209.115.152.150

dhcp is disabled
------------------------
i lost all connection to net
so i selected "obtain IP address automatically "
but left the manual DNS servers

and i can now access sites that i couldn't before but i still can't transfer files over msn

and i still have list of adervers when "displaydns "

 

Damm!

There is something simple I am missing here, or some proxy or program or service that that is running I don't know about!

Go to control panel services an set DHCP Client and also DNS Client both to manual.

Exactly what do you mean transfer files over msn. Do you mean download a file to you, upload a file to them,what?

Reboot! Retest.

Mike

 

the net seems to be running @ normal speeds and i can access all sites that i could not earlier.

i tried to transfer a text file from 1 machine to the other using msn
this is message

note: i can transfer files fine through ftp & LAN.

should "ipconfig/displaydns" still show list of adservers

 

k i set dhcp and dns to manual

also, i get msn error, sending or recieving

rebooting now

 

Ok if everything is working normally at normal speed we can take a break from this untill tomorrow. Let me think!

After you set the 2 services to manual did you do a final flushdns before the displaydns? And were these services on?

I don't think what we see in display dns is a problem now.

But please explain!
If you can xfer a file over the lan why xfer to msn then back. And if you xfer to msn do you have storage or upload space there. But what steps do you take to do this. Does it work on the other computer? I don't understand what you are doing.


Mike

 

sure, thnx for all help today by the way

after setting to manual, i rebooted then had to 'start' both services before i could flush/display
everytime i displaydns, i flush first

i meant transfer files using MSN messenger (from 1 PC to another)

 

k, I've sucessfully sent AND recieved a file over msn messenger so it looks like everything is fine now?

exept the list of adservers

 

OK man!

I understand about AOL instant messenger!

You did good!

last thing and we are completely thru

turn on services then flushdns

DO NOT RENEW OR REGISTER!

Immediately turn services off and confirm they are set to manual!

We are thru. Man this was a bear!

Mike

 

thnx for such detailed help,

2 more question?

why do i want services to manual, that would mean i hav o start them every time i login wont it?

and why do i still have open ports, i have zonealarm stealthing all ports. but anit-trojan says that there are 20 open ports
(however GRC.com says all stealth)

 

Good morning Gasolene

Sorry I didn't explain! Guess I was getting tired.

After the settings are correct, only!

By flushdns you are clearing the adserver sites in the cache.

By turning these off without a registerdns you keep them from loading up again.

In your configurarion you should not need these.

You would have to start them to flush register display etc but it would not stop a login. They are on manual and stoped on my own computer

I was not even thinking of that when I told you to flush again after turning them off in safe mode and rebooting.

If you would like a good place to learn more about "SERVICES" and how to trim unneeded services and therefore increase performamce. Go to Black viper:

http://blkviper.com/WinXP/servicecfg.htm

Do it carefully with a backup.

Also Gasolene since you had these problems you should read carefully and install all of these items.

http://keir.net/scriptrap.html
<http://nsclean.com/dsostop.html>
<http://nsclean.com/htastop.html>
<http://nsclean.com/0click.html>
<http://nsclean.com/socklock.html>
<http://nsclean.com/sclean.html>

Consider this too:
http://www.mailwasher.net/download.php

Mike

I am the Unknown lead by the Unknowing.
I have done so much with so little
for so long that they think I am now
qualified to do anything with nothing.

 

Forgot to answer your question!

Gasolene.

Your ports really are in stealth mode.

You see when you run this trojan scanner you are giving it permission to load and run from your computer.

Another way to say this is, these ports are seen from the inside out by the trojan scanner. But from the outside in they are closed.

So that leads to my favorite tip about firewalls and virus scanners:

Firewalls and Virus software will not always protect you from what you invite in.

As far as I can tell from here you are secure. I feel this by the depth of this cleaning process we just went thru. Virus scans online and local, trojan scans by 2 different scanners. And of course Adaware and SpyBot.

This leads me to comment on the host file incident. You can add the real baddies to the host file to block them. But you don't want it to get too big. Or add too many programs to stop them or you will have a performance loss here too.

My own practice is to regularly clean all temps and run SpyBot and Adaware to clean up.

When I run full virus scans I will run my Virus scanner this week but an online next time. I also have a triple boot (2 boots of win2k and one of win98) each boot on purpose has a different Virus scanner. Plus I have DOS based F-Prot also. If one of my boots become disabled by a virus then I still have a way to get back up, and several options to clean and repair the problem boot.

Mike