1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need help getting rid of malicious program messing with DNS

Discussion in 'Virus & Other Malware Removal' started by paroo, Nov 29, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. paroo

    paroo Thread Starter

    Joined:
    Nov 29, 2009
    Messages:
    15
    I am unable to connect to the internet by any means. At first I thought it was a problem with my router, but after calling Comcast support, he told me it was a problem with my computer. I plugged the computer into the modem directly, but still no luck. Both the wireless and wired connections say they are connected, but the internet cannot be found. There is one other computer on the network, and it is working fine. I read another thread about a similar problem, but was unable to resolve my problem. I believe that it may be some sort of virus or trojan or what have you. Any help is greatly appreciated. (ipconfig/all is just with the modem, no router)

    System Info
    Windows XP SP1
    Home Edition
    Version 2002
    Compaq Presario

    Comcast
    Lynksys Wireless Router WRT160N V2




    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Owner>ipconfig/all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Leon
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Mixed
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Eth
    ernet NIC
    Physical Address. . . . . . . . . : 00-0C-76-DD-CE-C3
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Autoconfiguration IP Address. . . : 169.254.194.29
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :

    C:\Documents and Settings\Owner>








    Micro HijackThis v2.0.2Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:42:52 PM, on 11/28/2009
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cubs.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

    --
    End of file - 6016 bytes
     
  2. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Your HijackThis log is clean and I do not believe your problem to be Malware related. I will have this moved to the Networking forum where you will receive better help with this issue.
     
  3. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,252
    First Name:
    Wayne
    you may have firewall that is blocking access

    Can you do the following for the broken PC (BUT also include an ipconfig /all for the working PC - post on seperate replies and label clearly, so we know which is which)

    {ipconfig /all}
    We would like to see the results from ipconfig /all

    -> Start > run {search bar in Vista} > cmd > ipconfig /all
    post back the results here


    TWO Methods to do that - if you cannot access the internet with PC, then use method 2 to copy onto a machine that can access the internet and post results here

    Method ONE -------------------------------------------------------------
    start > run {search bar in Vista} > cmd > ipconfig /all

    rightclick in the box
    select all
    enter
    control key + C key - to copy
    then reply here and
    control key + V to paste

    Method TWO -------------------------------------------------------------

    Start> Run {search bar in Vista}> CMD to open a DOS window and type:

    IPCONFIG /ALL >C:\RESULT.TXT

    Open C:\RESULT.TXT with Notepad and copy/paste the entire results here.

    ----------------------------------------------------------------------------

    {Ping Tests}
    Start> Run {search bar in Vista}> CMD to open a DOS window and type:

    Ping google.com
    Post back the results

    rightclick in the box
    select all
    enter
    control key + C key - to copy
    then reply here and
    control key + V to paste

    Ping 209.191.93.53
    post back results

    ----------------------------------------------------------------------------

    {Device Manager}
    Post back the results in device manager
    Start > control Panel {Vista set to classic view}> system > {Vista, device manager on left hand side} {XP hardware Tab, device manager button} > network adaptors, click on the + > post back the devices listed there
    are there any ! ? or X

    for windows 7
    start > control panel>
    System and Security>
    Device Manager

    ----------------------------------------------------------------------------
     
  4. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    Why are you still running SP1?
     
  5. paroo

    paroo Thread Starter

    Joined:
    Nov 29, 2009
    Messages:
    15
    About a week ago, I got some sort of virus when I was on facebook. I had been using McAfee for a while but I was having trouble renewing it, so I uninstalled it. Unfortunately I made the mistake of not reinstalling it right away because the next day, while on facebook, I left the computer for about ten minutes and when I came back some program claiming to be anitvirus software had downloaded. I was unable to connect to the internet or open any programs, including the task manager. So I did a system restore. I downloaded SP2 at some point, but I did a complete system restore back to the factory settings in January so I think it deleted it?
     
  6. paroo

    paroo Thread Starter

    Joined:
    Nov 29, 2009
    Messages:
    15
    BROKEN PC

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Owner>ipconfig/all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Leon
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Mixed
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Eth
    ernet NIC
    Physical Address. . . . . . . . . : 00-0C-76-DD-CE-C3

    Ethernet adapter Wireless Network Connection 5:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Compact Wireless-G USB Adapter
    Physical Address. . . . . . . . . : 00-1E-E5-27-CE-D2
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Autoconfiguration IP Address. . . : 169.254.153.105
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :

    C:\Documents and Settings\Owner>
     
  7. paroo

    paroo Thread Starter

    Joined:
    Nov 29, 2009
    Messages:
    15
    (BROKEN PC)

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Owner>ping www.google.com
    Ping request could not find host www.google.com. Please check the name and try a
    gain.

    C:\Documents and Settings\Owner>ping 209.191.93.53

    Pinging ? with 32 bytes of data:

    Destination host unreachable.
    Destination host unreachable.
    Destination host unreachable.
    Destination host unreachable.

    Ping statistics for ?:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    C:\Documents and Settings\Owner>
     
  8. paroo

    paroo Thread Starter

    Joined:
    Nov 29, 2009
    Messages:
    15
    WORKING PC

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Art Vandelay>ipconfig/all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Vandelay
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast E
    thernet NIC #2
    Physical Address. . . . . . . . . : 00-40-45-32-BC-80

    Ethernet adapter Wireless Network Connection:

    Connection-specific DNS Suffix . : hsd1.il.comcast.net.
    Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Ad
    apter #2
    Physical Address. . . . . . . . . : 00-22-43-2D-44-B6
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.1.101
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 68.87.72.134
    68.87.77.134
    Lease Obtained. . . . . . . . . . : Sunday, November 29, 2009 2:05:30 PM

    Lease Expires . . . . . . . . . . : Monday, November 30, 2009 2:05:30 PM


    C:\Documents and Settings\Art Vandelay>
     
  9. paroo

    paroo Thread Starter

    Joined:
    Nov 29, 2009
    Messages:
    15
    Compact Wireless-G USB Adapter
    Realtek RTL8139/910 Family Fast Ethernet NIC
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
     
  11. paroo

    paroo Thread Starter

    Joined:
    Nov 29, 2009
    Messages:
    15
    Is SP1 the problem? The computer was fine since the first system restore without SP2 until I got that virus. I guess I just forgot to update to SP2 again. Can I download SP2 for my computer on another computer? Or is something else the problem?
     
  12. paroo

    paroo Thread Starter

    Joined:
    Nov 29, 2009
    Messages:
    15
    I did another system recovery and now the internet is working. Thank you for your time. :)
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    SP2 will patch numerous security holes in IE and Windows. SP3 would be better!
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/881291

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice