Help
boopme has been helping me in the "I Think I'm Infected With MalWare" category. He asked me to post here thinking I now have a physical network issue. He said that someone could run a few tests to see if that's true. Also we cleaned this PC.
Thank you
Page 1 of 1
Physical network issue?
#1
- New Member
-
- Group: Members
- Posts: 12
- Joined: 01-March 11
- Gender:Male
Posted 03 March 2011 - 04:58 PM
Back to top
#2
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,165
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 03 March 2011 - 08:07 PM
Well, we need to know what the issues are.
Also, please post a link to your other topic.
Also, please post a link to your other topic.
#3
- New Member
-
- Group: Members
- Posts: 12
- Joined: 01-March 11
- Gender:Male
Posted 04 March 2011 - 12:43 PM
Here is the link to my other topic:
http://www.bleepingcomputer.com/forums/topic382478.html
I had what I think was the Security Tool malware. Before I got rid of Security Tool, it somehow blocked me from going to the internet, but I could still get to email. I am using comcast.net.
I can access the internet in Safe Mode with Networking, which is how I am writing this.
Thanks for your help.
http://www.bleepingcomputer.com/forums/topic382478.html
I had what I think was the Security Tool malware. Before I got rid of Security Tool, it somehow blocked me from going to the internet, but I could still get to email. I am using comcast.net.
I can access the internet in Safe Mode with Networking, which is how I am writing this.
Thanks for your help.
#4
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,165
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 04 March 2011 - 04:38 PM
I suspect you may still be infected.
Sometimes, some more sophisticated tool than those used in "Am I Infected?" forum must be used.
Since you can connect in Safe Mode with Networking, but not in normal mode, something is probably blocking your connection.
Let's check something....
Do this in normal mode (you can download tool listed below in Safe Mode with Networking)....
Please download MiniToolBox and run it.
Checkmark following boxes:
Click Go and post the result.
Sometimes, some more sophisticated tool than those used in "Am I Infected?" forum must be used.
Since you can connect in Safe Mode with Networking, but not in normal mode, something is probably blocking your connection.
Let's check something....
Do this in normal mode (you can download tool listed below in Safe Mode with Networking)....
Please download MiniToolBox and run it.
Checkmark following boxes:
- Report IE Proxy Settings
- List content of Hosts
- List IP configuration
Click Go and post the result.
#5
- New Member
-
- Group: Members
- Posts: 12
- Joined: 01-March 11
- Gender:Male
Posted 04 March 2011 - 06:03 PM
Here is the result of running MiniToolBox per your instructions.
Thank you.
MiniToolBox by Farbar
Ran by User at 2011-03-04 16:54:21
Microsoft Windows XP Service Pack 3 (X86)
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is enabled.
ProxyServer: http=127.0.0.1:33440
========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
=============== End of Hosts ==============================================
================= IP Configuration: =======================================
# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip
# Interface IP Configuration for "Local Area Connection"
set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
popd
# End of interface IP configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : pc41995
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.tx.comcast.net.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : hsd1.tx.comcast.net.
Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection
Physical Address. . . . . . . . . : 00-15-F2-5D-46-22
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 68.87.85.102
68.87.69.150
Lease Obtained. . . . . . . . . . : Friday, March 04, 2011 4:49:23 PM
Lease Expires . . . . . . . . . . : Saturday, March 05, 2011 4:49:23 PM
Server: cns.cmc.co.denver.comcast.net
Address: 68.87.85.102
Name: google.com
Addresses: 74.125.227.16, 74.125.227.18, 74.125.227.19, 74.125.227.20
74.125.227.17
Pinging google.com [74.125.227.50] with 32 bytes of data:
Reply from 74.125.227.50: bytes=32 time=19ms TTL=54
Reply from 74.125.227.50: bytes=32 time=18ms TTL=54
Ping statistics for 74.125.227.50:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 19ms, Average = 18ms
Server: cns.cmc.co.denver.comcast.net
Address: 68.87.85.102
Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65
Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=64ms TTL=51
Reply from 72.30.2.43: bytes=32 time=72ms TTL=51
Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 64ms, Maximum = 72ms, Average = 68ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 f2 5d 46 22 ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
================= End of IP Configuration =================================
Thank you.
MiniToolBox by Farbar
Ran by User at 2011-03-04 16:54:21
Microsoft Windows XP Service Pack 3 (X86)
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is enabled.
ProxyServer: http=127.0.0.1:33440
========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
=============== End of Hosts ==============================================
================= IP Configuration: =======================================
# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip
# Interface IP Configuration for "Local Area Connection"
set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
popd
# End of interface IP configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : pc41995
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.tx.comcast.net.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : hsd1.tx.comcast.net.
Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection
Physical Address. . . . . . . . . : 00-15-F2-5D-46-22
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 68.87.85.102
68.87.69.150
Lease Obtained. . . . . . . . . . : Friday, March 04, 2011 4:49:23 PM
Lease Expires . . . . . . . . . . : Saturday, March 05, 2011 4:49:23 PM
Server: cns.cmc.co.denver.comcast.net
Address: 68.87.85.102
Name: google.com
Addresses: 74.125.227.16, 74.125.227.18, 74.125.227.19, 74.125.227.20
74.125.227.17
Pinging google.com [74.125.227.50] with 32 bytes of data:
Reply from 74.125.227.50: bytes=32 time=19ms TTL=54
Reply from 74.125.227.50: bytes=32 time=18ms TTL=54
Ping statistics for 74.125.227.50:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 19ms, Average = 18ms
Server: cns.cmc.co.denver.comcast.net
Address: 68.87.85.102
Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65
Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=64ms TTL=51
Reply from 72.30.2.43: bytes=32 time=72ms TTL=51
Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 64ms, Maximum = 72ms, Average = 68ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 f2 5d 46 22 ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
================= End of IP Configuration =================================
#6
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,165
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 04 March 2011 - 06:13 PM
Your network settings are correct and your connection is perfectly fine (ping command goes through.
However, something (possible infection) added proxy settings:
We can try to fix it, but you may need to ask for help from malware removal people.
Let's see....
Re-run MiniToolbox and this time...
Checkmark following boxes:
Click Go and post the result.
However, something (possible infection) added proxy settings:
Quote
========================= IE Proxy Settings: ==============================
Proxy is enabled.
ProxyServer: http=127.0.0.1:33440
Proxy is enabled.
ProxyServer: http=127.0.0.1:33440
We can try to fix it, but you may need to ask for help from malware removal people.
Let's see....
Re-run MiniToolbox and this time...
Checkmark following boxes:
- Flush DNS
- Reset IE Proxy Settings
Click Go and post the result.
#7
- New Member
-
- Group: Members
- Posts: 12
- Joined: 01-March 11
- Gender:Male
Posted 04 March 2011 - 08:05 PM
Here is the log file from MiniToolBox:
MiniToolBox by Farbar
Ran by User at 2011-03-04 18:56:54
Microsoft Windows XP Service Pack 3 (X86)
***************************************************************************
================= Flush DNS: ==============================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
================= End of Flush DNS ========================================
"Reset IE Proxy Settings": Proxy Settings were reset.
My internet is now working!!!!
Thank you.
MiniToolBox by Farbar
Ran by User at 2011-03-04 18:56:54
Microsoft Windows XP Service Pack 3 (X86)
***************************************************************************
================= Flush DNS: ==============================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
================= End of Flush DNS ========================================
"Reset IE Proxy Settings": Proxy Settings were reset.
My internet is now working!!!!
Thank you.
#8
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,165
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 04 March 2011 - 08:18 PM
Wonderful 
Share this topic:
Page 1 of 1