1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

No internet access (just through wifi)

Discussion in 'Virus & Other Malware Removal' started by juanlow, Apr 17, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    I have a modem/router that let's me access internet in a laptop or cellphone through wifi but in PC connected directly to network there seems to be a DNS issue or something that loads a page 1 out of 100 times and getting worse every day until no page will load for hours or take a huge time to load. Tried a lot of methods but none made a difference. flushdns and other commands, winsockspfix, edited and changed registry keys winsock and winsock2 with ''correct" ones. Rebooted modem but issue is on PC only and perfect on wifi as a matter of fact i'm on the Wifi connection at this time. Im new at techguy so sorry if there is any mistake with this post.:(
     
  2. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,859
    have you tried the laptop connected by cable to the router and see if that works perfectly

    do you have an upto date virus/malware scanner ?

    what security suite / firewall do you have on the PC or ever had a trial version in the past ?

    lets see an ipconfig /all from the desktop and the following ping tests

    ------------------------------------------------------------------------
    ipconfig /all
    If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here

    We would like to see the results from ipconfig /all post back the results in a reply here

    Hold the Windows key and press R, then type CMD then press Enter to open a command prompt box (A new dialogue box - black with white font, will appear on screen ):

    In the command prompt window that opens, type the following command:

    Note that there is a space before the /ALL, but there is NOT a space after the / in the following command.

    ipconfig /all > network.txt & network.txt

    It will export the results to notepad and then automatically open notepad.

    Now all you need to do is copy and paste those results to a reply here
    to do that:
    From the notepad menu - choose Edit - Select all
    all the text will be highlighted
    Next
    From the notepad menu - choose Edit - Copy
    Now go back to the forum - reply and then right click in the reply box and paste
    ------------------------------------------------------------------------

    ------------------------------------------------------------------------
    Ping Tests
    If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here
    Save the file to a USB flash drive or other removable media. Plug it into the working computer with internet access and copy the file and paste here.

    Start> Run {search bar in Vista/W7}> CMD to open a DOS window and type:

    Type the following command
    Ping {plus the number thats shown against the default gateway shown in above ipconfig /all}
    Post back the results
    rightclick in the box
    select all
    enter
    control key + C key - to copy
    then reply here and
    control key + V to paste

    Type the following command
    Ping google.com
    Post back the results
    rightclick in the box
    select all
    enter
    control key + C key - to copy
    then reply here and
    control key + V to paste

    Type the following command
    Ping 209.183.226.152
    post back results
    rightclick in the box
    select all
    enter
    control key + C key - to copy
    then reply here and
    control key + V to paste

    ------------------------------------------------------------------------
     
  3. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    Ok i had not tried laptop cable connected but i did know and it worked with no problem.
    I currently have Microsoft Security Essentials up to date and use spybot and malwarebytes also up to date verifying that there is no virus, malware or spyware in PC.

    Ipconfig>all

    Configuración IP de Windows

    Nombre del host . . . . . . . . . : johnny-b3efa694
    Sufijo DNS principal . . . . . . :
    Tipo de nodo . . . . . . . . . . : desconocido
    Enrutamiento habilitado. . . . . .: No
    Proxy WINS habilitado. . . . . : No

    Adaptador Ethernet Conexión de área local :

    Sufijo de conexión específica DNS :
    Descripción. . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
    Dirección física. . . . . . . . . : 00-18-8B-1D-E8-B4
    DHCP habilitado. . . . . . . . . : No
    Autoconfiguración habilitada. . . : Sí
    Dirección IP. . . . . . . . . . . : 192.168.0.4
    Máscara de subred . . . . . . . . : 255.255.255.0
    Puerta de enlace predeterminada : 192.168.0.1
    Servidor DHCP . . . . . . . . . . : 192.168.0.1
    Servidores DNS . . . . . . . . . .: 205.211.192.35
    205.211.192.36
    Concesión obtenida . . . . . . . : Martes, 17 de Abril de 2012 12:07:30 p.m.
    Concesión expira . . . . . . . . .: Martes, 17 de Abril de 2012 01:07:30 p.m.

    Ping Results

    Haciendo ping a 192.168.0.1 con 32 bytes de datos:
    Respuesta desde 192.168.0.1: bytes=32 tiempo<1m TTL=64
    Respuesta desde 192.168.0.1: bytes=32 tiempo<1m TTL=64
    Respuesta desde 192.168.0.1: bytes=32 tiempo<1m TTL=64
    Respuesta desde 192.168.0.1: bytes=32 tiempo<1m TTL=64

    Estad¡sticas de ping para 192.168.0.1:
    Paquetes: enviados = 4, recibidos = 4, perdidos = 0
    (0% perdidos),
    Tiempos aproximados de ida y vuelta en milisegundos:
    M¡nimo = 0ms, M ximo = 0ms, Media = 0msr


    Haciendo ping a google.com [74.125.229.231] con 32 bytes de datos:
    Respuesta desde 74.125.229.231: bytes=32 tiempo=60ms TTL=53
    Respuesta desde 74.125.229.231: bytes=32 tiempo=58ms TTL=53
    Respuesta desde 74.125.229.231: bytes=32 tiempo=59ms TTL=53
    Respuesta desde 74.125.229.231: bytes=32 tiempo=67ms TTL=53

    Estad¡sticas de ping para 74.125.229.231:
    Paquetes: enviados = 4, recibidos = 4, perdidos = 0
    (0% perdidos),
    Tiempos aproximados de ida y vuelta en milisegundos:
    M¡nimo = 58ms, M ximo = 67ms, Media = 61ms


    Haciendo ping a 209.183.226.152 con 32 bytes de datos:
    Respuesta desde 209.183.226.152: bytes=32 tiempo=90ms TTL=44
    Respuesta desde 209.183.226.152: bytes=32 tiempo=89ms TTL=44
    Respuesta desde 209.183.226.152: bytes=32 tiempo=89ms TTL=44
    Respuesta desde 209.183.226.152: bytes=32 tiempo=552ms TTL=44

    Estad¡sticas de ping para 209.183.226.152:
    Paquetes: enviados = 4, recibidos = 4, perdidos = 0
    (0% perdidos),
    Tiempos aproximados de ida y vuelta en milisegundos:
    M¡nimo = 89ms, M ximo = 552ms, Media = 205ms

    Thanks for the reply Etaf.
     
  4. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,859
    your using a fixed IP on the PC - also it has a good connection to the internet

    lets see an ipconfig /all from the laptop - connected normally

    like norton or mcafee - it could be blocking


    - try safemode with networking
    as the PC starts keep tapping F8 - a menu appears - choose
    safemode with networking - see if that works
    ------------------------------------------------------------------------
     
  5. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    i dont have any other security service on PC and no trial versions before.

    This is the ipconfig for the laptop directly connected:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Admin-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Wireless LAN adapter Wireless Network Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Dell Wireless 1510 Wireless-N WLAN Mini-Card
    Physical Address. . . . . . . . . : 00-23-4E-4C-14-EE
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
    Physical Address. . . . . . . . . : 00-22-19-D8-BD-45
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::c70:b1b7:9351:541d%11(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.0.7(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : martes, 17 de abril de 2012 01:51:03 p.m.
    Lease Expires . . . . . . . . . . : martes, 17 de abril de 2012 02:51:02 p.m.
    Default Gateway . . . . . . . . . : 192.168.0.1
    DHCP Server . . . . . . . . . . . : 192.168.0.1
    DHCPv6 IAID . . . . . . . . . . . : 234889753
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-1D-8F-09-00-22-19-D8-BD-45
    DNS Servers . . . . . . . . . . . : 205.211.192.35
    205.211.192.36
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{B46CDB16-EA98-47DD-A819-81EC20474ABA}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{F67BC41A-2DC9-4A42-922C-597EFD3B9295}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2ce6:1454:3f57:fff8(Preferred)
    Link-local IPv6 Address . . . . . : fe80::2ce6:1454:3f57:fff8%15(Preferred)
    Default Gateway . . . . . . . . . : ::
    NetBIOS over Tcpip. . . . . . . . : Disabled

    Safe mode w/networking gives me same limitations as normal mode.
    Very delayed load of web page. Like 1 out of 10 attempts loaded and after that always show same error "taking too long to load.."
     
  6. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,859
    may not make any difference - lets change the desktop to automatic dhcp


    ------------------------------------------------------------------------

    Setup to Automatically get IP and DNS

    XP
    --
    Setup to Automatically get an IP and DNS (DHCP) - for XP
    follow these instructions - if wireless - choose the wireless connection
    http://www.srikanthkoka.com/lan.html

    VISTA
    -----
    Setup to Automatically get an IP and DNS (DHCP) - for Vista
    http://windows.microsoft.com/en-US/windows-vista/Change-TCP-IP-settings

    WINDOWS 7
    ---------
    Setup to Automatically get an IP and DNS (DHCP) - for Windows 7
    http://windows.microsoft.com/en-US/windows7/Change-TCP-IP-settings
    ------------------------------------------------------------------------
     
  7. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    Ok i checked those settings right now and its already set to automatic in every option. :/
     
  8. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,859
    not according to this
    can we see another ipconfig /all from that PC
     
  9. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    ok this is new ipconfig/all of PC



    Configuración IP de Windows



    Nombre del host . . . . . . . . . : johnny-b3efa694

    Sufijo DNS principal . . . . . . :

    Tipo de nodo . . . . . . . . . . : desconocido

    Enrutamiento habilitado. . . . . .: No

    Proxy WINS habilitado. . . . . : No



    Adaptador Ethernet Conexión de área local :



    Sufijo de conexión específica DNS :

    Descripción. . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

    Dirección física. . . . . . . . . : 00-18-8B-1D-E8-B4

    DHCP habilitado. . . . . . . . . : No

    Autoconfiguración habilitada. . . : Sí

    Dirección IP. . . . . . . . . . . : 192.168.0.4

    Máscara de subred . . . . . . . . : 255.255.255.0

    Puerta de enlace predeterminada : 192.168.0.1

    Servidor DHCP . . . . . . . . . . : 192.168.0.1

    Servidores DNS . . . . . . . . . .: 205.211.192.35

    205.211.192.36

    Concesión obtenida . . . . . . . : Martes, 17 de Abril de 2012 02:12:20 p.m.

    Concesión expira . . . . . . . . .: Martes, 17 de Abril de 2012 03:12:20 p.m.
     

    Attached Files:

  10. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,859
    thats confusing

    try a tcp/ip reset


    ------------------------------------------------------------------------

    TCP/IP stack repair options for use with Vista/Windows 7

    Start, Programs\Accessories and right click on Command Prompt, select "Run as Administrator" to open a command prompt.

    Note: Type only the text in bold for the following commands.

    Reset WINSOCK entries to installation defaults: netsh winsock reset catalog

    Reset IPv4 TCP/IP stack to installation defaults. netsh int ipv4 reset reset.log
    and press enter

    Reset IPv6 TCP/IP stack to installation defaults. netsh int ipv6 reset reset.log
    and press enter

    Reboot the machine.

    If you receive the message
    The requested operation requires elevation.
    Then please open the command prompt as administrator - as requested above
    Start, Programs\Accessories and right click on Command Prompt, select "Run as Administrator" to open a command prompt.

    Please note and post back - if you receive the message
    Access is Denied

    Post back the results here - we need to know these commands worked correctly
    rightclick in the box
    select all
    enter
    control key + C key - to copy
    then reply here and
    control key + V to paste

    ------------------------------------------------------------------------

    TCP/IP stack repair options for use with Windows XP with SP2/SP3

    Start, Run, CMD to open a command prompt:

    In the command prompt window that opens, type type the following commands:

    Note: Type only the text in bold for the following commands.

    Reset TCP/IP stack to installation defaults, type: netsh int ip reset reset.log
    and press enter

    Reset WINSOCK entries to installation defaults, type: netsh winsock reset catalog
    and press enter

    Reboot the machine.

    Please note and post back - if you receive the message
    Access is Denied

    Post back the results here
    rightclick in the box
    select all
    enter
    control key + C key - to copy
    then reply here and
    control key + V to paste
    ------------------------------------------------------------------------
     
  11. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    This is the result for the first command in the resetlog

    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7425E006-995F-4A41-97B7-0F9538012C50}\IpAutoconfigurationAddress
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7425E006-995F-4A41-97B7-0F9538012C50}\IpAutoconfigurationMask
    deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7425E006-995F-4A41-97B7-0F9538012C50}\IpAutoconfigurationSeed
    <completed>

    the other command showed it restablished winsock catalog correctly.
    Did not receive any error message.
    After rebooting: Still have same issue with all web pages getting "too long to respond.." message
    in the ipconfig it still shows as "No" in DHCP field and show as automatic in settings in every option.
     
  12. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,859
  13. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    HijackThis log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:07:29 p.m., on 18/04/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Archivos de programa\Microsoft Security Client\msseces.exe
    C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Archivos de programa\Java\jre6\bin\jqs.exe
    C:\Archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
    C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
    C:\Archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\WINDOWS\system32\NLSSRV32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Archivos de programa\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Documents and Settings\Johnny\Mis documentos\Downloads\W7\FindeXerNightly1.1.0.3\FindeXer.dll
    O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [MSC] "c:\Archivos de programa\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O8 - Extra context menu item: Descargar con Mipony - file://C:\Archivos de programa\MiPony\Browser\IEContext.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Archivos de programa\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra button: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Archivos de programa\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Archivos de programa\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Johnny\Menú Inicio\Programas\CarbonPoker\CarbonPoker.lnk (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299880509015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1299880644265
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Plug-in 1.6.0_26) -
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wbem\wbemsyst.dll

    Randomly named gmer.exe log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-04-18 12:35:41
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD080HJ/P rev.ZH100-34
    Running: 93mkdyqi.exe; Driver: C:\DOCUME~1\Johnny\CONFIG~1\Temp\awxiraow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    As with the ddr script it showed me an error in notepad stating "this program cannot be run in dos mode" :S sorry for delayed response i had to go to work.
     
  14. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,859
    is that the end of the HJT log ? usually have end file ?

    i will move to virus forum
     
  15. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    Sorry - copy/paste mistake
    HJT log again

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:07:29 p.m., on 18/04/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Archivos de programa\Microsoft Security Client\msseces.exe
    C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Archivos de programa\Java\jre6\bin\jqs.exe
    C:\Archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
    C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
    C:\Archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\WINDOWS\system32\NLSSRV32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Archivos de programa\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Documents and Settings\Johnny\Mis documentos\Downloads\W7\FindeXerNightly1.1.0.3\FindeXer.dll
    O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [MSC] "c:\Archivos de programa\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O8 - Extra context menu item: Descargar con Mipony - file://C:\Archivos de programa\MiPony\Browser\IEContext.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Archivos de programa\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra button: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Archivos de programa\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Archivos de programa\Gadwin Systems\WebSnapshot\WebSnapshot.dll (HKCU)
    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Johnny\Menú Inicio\Programas\CarbonPoker\CarbonPoker.lnk (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299880509015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1299880644265
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Plug-in 1.6.0_26) -
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wbem\wbemsyst.dll
    O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Google Update Servicio (gupdate) (gupdate) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
    O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe
    O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
    O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe

    --
    End of file - 9637 bytes
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1049652