Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't log onto internet after running combofix


  • This topic is locked This topic is locked
11 replies to this topic

#1 graffii

graffii

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 25 December 2011 - 04:44 PM

First - Merry Christmas, Happy Holidays and thank you for your help. It is very much appreciated.
I was being helped and the advisor said I needed more advanced help and told me what to do. Here is the history:
I had something called ping.exe in my computer plus I got something called Microsoft Internet Security 2011 (unregistred (yes - that is how it was spelled) popping up saying my computer was infected. I did have AVG free (which ran every night) and Spybot Search and Destroy on the computer which I ran about once per week. The ping.exe was slowing the computer to a crawl and my browser started going to sites other than what I selected. I ran the AVG and Spybot, then rebooted in safe mode and ran them both again. The ping was still there and AVG told me that I had something called a trojan horse hider.OOW and that it was whitelisted and could not be removed. I took both those programs off the machine and downloaded Microsoft Security Essentials, ran a full scan with it and it found nothing. I called a friend who knows more about computers and he suggested bleepingcomputer.com and run Combofix. I removed Microsoft Security Essentials and ran Combofix and it removed some programs, but after rebooting, I could not get onto the internet and got a DISCover Socket Initialization Failed message. Using my laptop to follow directions, download stuff, put it on a thumbdrive and transfer the info to the infected computer and logs back to the laptop for posting, I ran iExplore, TDSS Rootkit Removing Tool, WinsockFix, FSS, MiniToolBox, SystemLook and SEcurity Check. I also got Malwarebytes' Free onto the infected machine, ran it and it removed a bunch of stuff on the quick scan, and a bunch more on the deep scan. I then followed the directions given to escalate the help. Here are the logs I was told to post. Again - I do appreciate the help. All of the documents, music and picture files are backed up on a WD external drive. I called HP for a system restore disc, they described my computer as a 'legacy' computer and suggested I buy a new one. I know my machine is old, so am I! (61) but I am unemployed, trying to write a novel and need the machine. I do a ton of research on line for my writing. Also, FYI, I have ordered Kaspersky Internet Suite. Should have it next week some time. Here are the logs:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:50 on 25/12/2011 (HP_Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 11:00:00 on 2011-12-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.307 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
svchost.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: trymedia.com
DPF: CM_AdvancedCAB - hxxps://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB
DPF: PrintTemplateViewerCab - hxxps://www.gs.reyrey.com/clientdll/printtemplateviewer.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1311438757281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.0.1 205.171.3.25
TCP: Interfaces\{2922263D-FDEB-4BFD-845B-C183045580AD} : DhcpNameServer = 192.168.2.1 192.168.0.1 205.171.3.25
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-10 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-10 136176]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2011-4-26 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-5-26 11520]
.
=============== Created Last 30 ================
.
2011-12-24 01:54:11 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
2011-12-24 01:53:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-24 01:38:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-24 01:38:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-23 23:36:25 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-22 01:17:47 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-22 01:17:47 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-22 01:17:31 -------- d-----w- c:\windows\system32\ActionDump
2011-12-21 23:30:52 -------- d-sha-r- C:\cmdcons
2011-12-21 23:27:05 98816 ----a-w- c:\windows\sed.exe
2011-12-21 23:27:05 518144 ----a-w- c:\windows\SWREG.exe
2011-12-21 23:27:05 256000 ----a-w- c:\windows\PEV.exe
2011-12-21 23:27:05 208896 ----a-w- c:\windows\MBR.exe
2011-12-21 19:08:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-12-19 17:34:25 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-19 16:49:54 -------- d-----w- C:\69974efde5bee42b5855
2011-12-16 17:51:42 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-12-16 17:51:42 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
.
==================== Find3M ====================
.
2011-12-12 07:29:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-15 01:38:00 456192 ------w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 11:00:24.34 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-25 13:08:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7 WDC_WD2000JS-60NCB1 rev.10.02E02
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kflcapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6877360, 0x20574D, 0xE8000020]
? C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

---- EOF - GMER 1.0.15 ----

I do not know how to "zip" the file called "attach"

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 AM

Posted 31 December 2011 - 11:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Lets try to get you internet connection back.

Download this file from a good computer to a CD or Flash drive, copy the file to the desktop of the infected computer.
Run ts as suggested below.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Wait for further instructions.

#3 graffii

graffii
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 31 December 2011 - 02:17 PM

Thank you for your help!

Farbar Service Scanner
Ran by HP_Administrator (administrator) on 31-12-2011 at 11:10:21
Microsoft Windows XP Professional Service Pack 3 (X86)
********************************************************

Internet Services:
=================

Connection Status:
=================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
================

Firewall Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
==============

System Restore Disabled Policy:
==============================


File Check:
==========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

**** End of log ****

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 AM

Posted 31 December 2011 - 02:39 PM

No restrictions found.

Download this tool the same way you did the oher.

Download LSPfix
Unzip the file to a folder on the desktop of the infected computer.
Double-click to run
Select: (Advanced) "I know what I'm doing"
Then click the FINISH button. Restart your computer.

Restart the computer normally.

How is it now?

#5 graffii

graffii
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 31 December 2011 - 03:19 PM

Still no go. I ran the diagnostic and here is what I got:
Last diagnostic run time: 12/31/11 12:14:48
WinSock Diagnostic
WinSock status

info Error attmpting to validate the Winsock base providers: 2
error Not all base service provider entries could be found in the winsock catalog. A reset is needed.
info Redirecting user to support call

Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394
info Network connection: Name=Local Area Connection, Device=NVIDIA nForce Networking Controller, MediaType=LAN, SubMediaType=LAN
info Ethernet connection selected
Network adapter status

info Network connection status: Connected

HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 AM

Posted 01 January 2012 - 08:56 AM

Download winsockxpfix from this site to your desktop.
Run the file fist make a Backup of the Registry.
Then hit the fix button.

WinsockXPFix
When you run the program, it will create ReG-Backup onto desktop then click fix. That way, if you lose Internet Connectivity you can restore from that backup to get back online and we can try a different approach.

How is it now?

#7 graffii

graffii
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 01 January 2012 - 11:17 AM

it would not save the files saying error saving files
still no go on internet

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 AM

Posted 01 January 2012 - 03:46 PM

Click Start > Run then type cmd and click OK

At the command prompt, copy and paste the following commands (one at a tine) and then press ENTER:

netsh winsock reset catalog

netsh int ip reset c:\resetlog.txt

ipconfig /flushdns

exit

Reboot your computer. Then, please post the contents of the C:\Resetlog.txt and let me know if you can connect to the internet.

#9 graffii

graffii
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 01 January 2012 - 04:37 PM

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2922263D-FDEB-4BFD-845B-C183045580AD}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2922263D-FDEB-4BFD-845B-C183045580AD}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2922263D-FDEB-4BFD-845B-C183045580AD}\IpAutoconfigurationSeed
<completed>

nope - still says it cannot display the webpage

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 AM

Posted 01 January 2012 - 04:52 PM

Go Posted Image > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit Enter.

How is it now?

#11 graffii

graffii
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 01 January 2012 - 08:02 PM

still no go

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 AM

Posted 02 January 2012 - 09:14 AM

I have used all of my knowledge on how to restore the Internet.

Start a new topic in the Networking Forum where an expert will have a look at it.
http://www.bleepingcomputer.com/forums/forum21.html

Feel free to give them a link to this topic so that they know what we have tried.

From my end:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

This topic will be open for 5 days. Should you have any question please ask.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users