Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: No internet access (just through wifi)


(!)

juanlow's Avatar
juanlow juanlow is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
17-Apr-2012, 03:00 AM #1
Unhappy No internet access (just through wifi)
I have a modem/router that let's me access internet in a laptop or cellphone through wifi but in PC connected directly to network there seems to be a DNS issue or something that loads a page 1 out of 100 times and getting worse every day until no page will load for hours or take a huge time to load. Tried a lot of methods but none made a difference. flushdns and other commands, winsockspfix, edited and changed registry keys winsock and winsock2 with ''correct" ones. Rebooted modem but issue is on PC only and perfect on wifi as a matter of fact i'm on the Wifi connection at this time. Im new at techguy so sorry if there is any mistake with this post.
etaf's Avatar
etaf   (Wayne) etaf is offline
Computer Specs
Moderator with 52,298 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
17-Apr-2012, 09:12 AM #2
have you tried the laptop connected by cable to the router and see if that works perfectly

do you have an upto date virus/malware scanner ?

what security suite / firewall do you have on the PC or ever had a trial version in the past ?

lets see an ipconfig /all from the desktop and the following ping tests

------------------------------------------------------------------------
ipconfig /all
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here

We would like to see the results from ipconfig /all post back the results in a reply here

Hold the Windows key and press R, then type CMD then press Enter to open a command prompt box (A new dialogue box - black with white font, will appear on screen ):

In the command prompt window that opens, type the following command:

Note that there is a space before the /ALL, but there is NOT a space after the / in the following command.

ipconfig /all > network.txt & network.txt

It will export the results to notepad and then automatically open notepad.

Now all you need to do is copy and paste those results to a reply here
to do that:
From the notepad menu - choose Edit - Select all
all the text will be highlighted
Next
From the notepad menu - choose Edit - Copy
Now go back to the forum - reply and then right click in the reply box and paste
------------------------------------------------------------------------

------------------------------------------------------------------------
Ping Tests
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here
Save the file to a USB flash drive or other removable media. Plug it into the working computer with internet access and copy the file and paste here.

Start> Run {search bar in Vista/W7}> CMD to open a DOS window and type:

Type the following command
Ping {plus the number thats shown against the default gateway shown in above ipconfig /all}
Post back the results
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and
control key + V to paste

Type the following command
Ping google.com
Post back the results
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and
control key + V to paste

Type the following command
Ping 209.183.226.152
post back results
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and
control key + V to paste
Quote:
For your information only
these tests will check various stages of the connection, the first ping test, ping default gateway checks to see if you still have a connection to the router the next two
Ping google.com & Ping 209.183.226.152 tests the connection to internet , one by name and one by number which checks that the dns is working

------------------------------------------------------------------------
__________________
Wayne
Please let us know what the final solution was to any problem posted
juanlow's Avatar
juanlow juanlow is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
17-Apr-2012, 02:35 PM #3
Ok i had not tried laptop cable connected but i did know and it worked with no problem.
I currently have Microsoft Security Essentials up to date and use spybot and malwarebytes also up to date verifying that there is no virus, malware or spyware in PC.

Ipconfig>all

Configuración IP de Windows

Nombre del host . . . . . . . . . : johnny-b3efa694
Sufijo DNS principal . . . . . . :
Tipo de nodo . . . . . . . . . . : desconocido
Enrutamiento habilitado. . . . . .: No
Proxy WINS habilitado. . . . . : No

Adaptador Ethernet Conexión de área local :

Sufijo de conexión específica DNS :
Descripción. . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Dirección física. . . . . . . . . : 00-18-8B-1D-E8-B4
DHCP habilitado. . . . . . . . . : No
Autoconfiguración habilitada. . . : Sí
Dirección IP. . . . . . . . . . . : 192.168.0.4
Máscara de subred . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada : 192.168.0.1
Servidor DHCP . . . . . . . . . . : 192.168.0.1
Servidores DNS . . . . . . . . . .: 205.211.192.35
205.211.192.36
Concesión obtenida . . . . . . . : Martes, 17 de Abril de 2012 12:07:30 p.m.
Concesión expira . . . . . . . . .: Martes, 17 de Abril de 2012 01:07:30 p.m.

Ping Results

Haciendo ping a 192.168.0.1 con 32 bytes de datos:
Respuesta desde 192.168.0.1: bytes=32 tiempo<1m TTL=64
Respuesta desde 192.168.0.1: bytes=32 tiempo<1m TTL=64
Respuesta desde 192.168.0.1: bytes=32 tiempo<1m TTL=64
Respuesta desde 192.168.0.1: bytes=32 tiempo<1m TTL=64

Estad¡sticas de ping para 192.168.0.1:
Paquetes: enviados = 4, recibidos = 4, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 0ms, M ximo = 0ms, Media = 0msr


Haciendo ping a google.com [74.125.229.231] con 32 bytes de datos:
Respuesta desde 74.125.229.231: bytes=32 tiempo=60ms TTL=53
Respuesta desde 74.125.229.231: bytes=32 tiempo=58ms TTL=53
Respuesta desde 74.125.229.231: bytes=32 tiempo=59ms TTL=53
Respuesta desde 74.125.229.231: bytes=32 tiempo=67ms TTL=53

Estad¡sticas de ping para 74.125.229.231:
Paquetes: enviados = 4, recibidos = 4, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 58ms, M ximo = 67ms, Media = 61ms


Haciendo ping a 209.183.226.152 con 32 bytes de datos:
Respuesta desde 209.183.226.152: bytes=32 tiempo=90ms TTL=44
Respuesta desde 209.183.226.152: bytes=32 tiempo=89ms TTL=44
Respuesta desde 209.183.226.152: bytes=32 tiempo=89ms TTL=44
Respuesta desde 209.183.226.152: bytes=32 tiempo=552ms TTL=44

Estad¡sticas de ping para 209.183.226.152:
Paquetes: enviados = 4, recibidos = 4, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 89ms, M ximo = 552ms, Media = 205ms

Thanks for the reply Etaf.
etaf's Avatar
etaf   (Wayne) etaf is offline
Computer Specs
Moderator with 52,298 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
17-Apr-2012, 03:11 PM #4
your using a fixed IP on the PC - also it has a good connection to the internet

lets see an ipconfig /all from the laptop - connected normally

Quote:
what security suite / firewall do you have on the PC or ever had a trial version in the past ?
like norton or mcafee - it could be blocking


- try safemode with networking
as the PC starts keep tapping F8 - a menu appears - choose
safemode with networking - see if that works
------------------------------------------------------------------------
juanlow's Avatar
juanlow juanlow is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
17-Apr-2012, 04:02 PM #5
i dont have any other security service on PC and no trial versions before.

This is the ipconfig for the laptop directly connected:

Windows IP Configuration

Host Name . . . . . . . . . . . . : Admin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1510 Wireless-N WLAN Mini-Card
Physical Address. . . . . . . . . : 00-23-4E-4C-14-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : 00-22-19-D8-BD-45
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c70:b1b7:9351:541d%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : martes, 17 de abril de 2012 01:51:03 p.m.
Lease Expires . . . . . . . . . . : martes, 17 de abril de 2012 02:51:02 p.m.
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 234889753
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-1D-8F-09-00-22-19-D8-BD-45
DNS Servers . . . . . . . . . . . : 205.211.192.35
205.211.192.36
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{B46CDB16-EA98-47DD-A819-81EC20474ABA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F67BC41A-2DC9-4A42-922C-597EFD3B9295}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2ce6:1454:3f57:fff8(Preferred)
Link-local IPv6 Address . . . . . : fe80::2ce6:1454:3f57:fff8%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Safe mode w/networking gives me same limitations as normal mode.
Very delayed load of web page. Like 1 out of 10 attempts loaded and after that always show same error "taking too long to load.."
etaf's Avatar
etaf   (Wayne) etaf is offline
Computer Specs
Moderator with 52,298 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
17-Apr-2012, 04:05 PM #6
may not make any difference - lets change the desktop to automatic dhcp


------------------------------------------------------------------------

Setup to Automatically get IP and DNS

XP
--
Setup to Automatically get an IP and DNS (DHCP) - for XP
follow these instructions - if wireless - choose the wireless connection
http://www.srikanthkoka.com/lan.html

VISTA
-----
Setup to Automatically get an IP and DNS (DHCP) - for Vista
http://windows.microsoft.com/en-US/w...CP-IP-settings

WINDOWS 7
---------
Setup to Automatically get an IP and DNS (DHCP) - for Windows 7
http://windows.microsoft.com/en-US/w...CP-IP-settings
Quote:
From a TerryNet post
To configure a dynamic IP address on your Windows Vista or 7 computer:

1. Click Start.
2. Select Network, then Network and Sharing Center, and click Manage network connections or Change adapter settings from the list of tasks.
3. Right click the connection of interest and click Properties.
4. Select Internet Protocol Version 4 (TCP/IPv4) from the list and click the Properties button.
5. Select Obtain an IP address automatically.
6. Select Obtain DNS Server address automatically.
7. Click OK.
8. Click Close.
------------------------------------------------------------------------
juanlow's Avatar
juanlow juanlow is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
17-Apr-2012, 04:15 PM #7
Ok i checked those settings right now and its already set to automatic in every option. :/
etaf's Avatar
etaf   (Wayne) etaf is offline
Computer Specs
Moderator with 52,298 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
17-Apr-2012, 04:20 PM #8
not according to this
Quote:
Adaptador Ethernet Conexión de área local :

Sufijo de conexión específica DNS :
Descripción. . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Dirección física. . . . . . . . . : 00-18-8B-1D-E8-B4
DHCP habilitado. . . . . . . . . : No
Autoconfiguración habilitada. . . : Sí
Dirección IP. . . . . . . . . . . : 192.168.0.4
Máscara de subred . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada : 192.168.0.1
Servidor DHCP . . . . . . . . . . : 192.168.0.1
Servidores DNS . . . . . . . . . .: 205.211.192.35
205.211.192.36
can we see another ipconfig /all from that PC
juanlow's Avatar
juanlow juanlow is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
17-Apr-2012, 04:35 PM #9
ok this is new ipconfig/all of PC



Configuración IP de Windows



Nombre del host . . . . . . . . . : johnny-b3efa694

Sufijo DNS principal . . . . . . :

Tipo de nodo . . . . . . . . . . : desconocido

Enrutamiento habilitado. . . . . .: No

Proxy WINS habilitado. . . . . : No



Adaptador Ethernet Conexión de área local :



Sufijo de conexión específica DNS :

Descripción. . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Dirección física. . . . . . . . . : 00-18-8B-1D-E8-B4

DHCP habilitado. . . . . . . . . : No

Autoconfiguración habilitada. . . : Sí

Dirección IP. . . . . . . . . . . : 192.168.0.4

Máscara de subred . . . . . . . . : 255.255.255.0

Puerta de enlace predeterminada : 192.168.0.1

Servidor DHCP . . . . . . . . . . : 192.168.0.1

Servidores DNS . . . . . . . . . .: 205.211.192.35

205.211.192.36

Concesión obtenida . . . . . . . : Martes, 17 de Abril de 2012 02:12:20 p.m.

Concesión expira . . . . . . . . .: Martes, 17 de Abril de 2012 03:12:20 p.m.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
etaf's Avatar
etaf   (Wayne) etaf is offline
Computer Specs
Moderator with 52,298 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
17-Apr-2012, 04:37 PM #10
thats confusing

try a tcp/ip reset


------------------------------------------------------------------------

TCP/IP stack repair options for use with Vista/Windows 7

Start, Programs\Accessories and right click on Command Prompt, select "Run as Administrator" to open a command prompt.

Note: Type only the text in bold for the following commands.

Reset WINSOCK entries to installation defaults: netsh winsock reset catalog

Reset IPv4 TCP/IP stack to installation defaults. netsh int ipv4 reset reset.log
and press enter

Reset IPv6 TCP/IP stack to installation defaults. netsh int ipv6 reset reset.log
and press enter

Reboot the machine.

If you receive the message
The requested operation requires elevation.
Then please open the command prompt as administrator - as requested above
Start, Programs\Accessories and right click on Command Prompt, select "Run as Administrator" to open a command prompt.

Please note and post back - if you receive the message
Access is Denied

Post back the results here - we need to know these commands worked correctly
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and
control key + V to paste

------------------------------------------------------------------------

TCP/IP stack repair options for use with Windows XP with SP2/SP3

Start, Run, CMD to open a command prompt:

In the command prompt window that opens, type type the following commands:

Note: Type only the text in bold for the following commands.

Reset TCP/IP stack to installation defaults, type: netsh int ip reset reset.log
and press enter

Reset WINSOCK entries to installation defaults, type: netsh winsock reset catalog
and press enter

Reboot the machine.

Please note and post back - if you receive the message
Access is Denied

Post back the results here
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and
control key + V to paste
------------------------------------------------------------------------
juanlow's Avatar
juanlow juanlow is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
17-Apr-2012, 05:15 PM #11
This is the result for the first command in the resetlog

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7425E006-995F-4A41-97B7-0F9538012C50}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7425E006-995F-4A41-97B7-0F9538012C50}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7425E006-995F-4A41-97B7-0F9538012C50}\IpAutoconfigurationSeed
<completed>

the other command showed it restablished winsock catalog correctly.
Did not receive any error message.
After rebooting: Still have same issue with all web pages getting "too long to respond.." message
in the ipconfig it still shows as "No" in DHCP field and show as automatic in settings in every option.
etaf's Avatar
etaf   (Wayne) etaf is offline
Computer Specs
Moderator with 52,298 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
17-Apr-2012, 05:23 PM #12
perhaps you have a virus/malware

have a read here
http://forums.techguy.org/virus-othe...e-posting.html
post the logs and we can move the virus forum for the gurus to have a look - but may take 48hrs to get a reply
juanlow's Avatar
juanlow juanlow is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
18-Apr-2012, 02:45 PM #13
HijackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:07:29 p.m., on 18/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\Microsoft Security Client\msseces.exe
C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe
C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
C:\Archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Documents and Settings\Johnny\Mis documentos\Downloads\W7\FindeXerNightly1.1.0.3\FindeXer.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Archivos de programa\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Descargar con Mipony - file://C:\Archivos de programa\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Archivos de programa\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra button: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Archivos de programa\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
O9 - Extra 'Tools' menuitem: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Archivos de programa\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Johnny\Menú Inicio\Programas\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1299880509015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1299880644265
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Plug-in 1.6.0_26) -
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbem\wbemsyst.dll

Randomly named gmer.exe log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-18 12:35:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD080HJ/P rev.ZH100-34
Running: 93mkdyqi.exe; Driver: C:\DOCUME~1\Johnny\CONFIG~1\Temp\awxiraow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

As with the ddr script it showed me an error in notepad stating "this program cannot be run in dos mode" :S sorry for delayed response i had to go to work.
etaf's Avatar
etaf   (Wayne) etaf is offline
Computer Specs
Moderator with 52,298 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
18-Apr-2012, 02:50 PM #14
is that the end of the HJT log ? usually have end file ?

i will move to virus forum
juanlow's Avatar
juanlow juanlow is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
18-Apr-2012, 02:59 PM #15
Sorry - copy/paste mistake
HJT log again

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:07:29 p.m., on 18/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\Microsoft Security Client\msseces.exe
C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe
C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
C:\Archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Documents and Settings\Johnny\Mis documentos\Downloads\W7\FindeXerNightly1.1.0.3\FindeXer.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Archivos de programa\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Descargar con Mipony - file://C:\Archivos de programa\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Archivos de programa\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra button: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Archivos de programa\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
O9 - Extra 'Tools' menuitem: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Archivos de programa\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Johnny\Menú Inicio\Programas\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1299880509015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1299880644265
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Plug-in 1.6.0_26) -
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbem\wbemsyst.dll
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Update Servicio (gupdate) (gupdate) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe

--
End of file - 9637 bytes
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
dns, internet, network, wifi

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑