no internet connection

[e_hefetz]

Need your expert help !!!
for more than a day now i don't have an internet connection through my PC. I'm afraid some malware has ruined some settings and broken my connection.

I'm connected through an Aztech DSL 600EW rounter with a cable to the PC. a laptop with wireless connection (through this router) connect to the web just fine.
I've been running the WinsockXPFix.exe but this didn't solve the problem.
In addition, although I'm logged as an admin, I can't disable or repair the Local Area Connection. a ping to the router works (10.0.0.138) but a direct ping to a website doesn't get any response.

I'm getting desparate here and wouldn't like to re-install the OS...
Any ideas..?

Logfile of HijackThis v1.99.1
Scan saved at 02:34:52, on 05/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Protect Folder Plus\CFSSvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Netex Client\NetexTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\eitan hefetz\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.down.co.il
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: FiltURL Class - {5038FED1-CEFE-11D2-9E74-00A0C945A948} - C:\PROGRA~1\netex\URLSEA~1.DLL
O2 - BHO: Netex - {000000A4-5858-4E36-BA5B-FDD80F3D5145} - C:\Program Files\Netex Client\netextb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Band Class - {EFAE365E-DB89-4353-A952-EB035103204F} - C:\Program Files\Netex Client\netexa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Netex - {000000A4-5858-4E36-BA5B-FDD80F3D5145} - C:\Program Files\Netex Client\netextb.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS\svhost32.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [IFStub] C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Tray Application.lnk = C:\Program Files\Netex Client\NetexTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {00000389-CB2E-4FAB-BC54-03FA0B39B465} - C:\Program Files\Netex Client\netextb.dll
O9 - Extra 'Tools' menuitem: Netex - {00000389-CB2E-4FAB-BC54-03FA0B39B465} - C:\Program Files\Netex Client\netextb.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HttpWatch Explorer Bar - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwtch.dll
O9 - Extra 'Tools' menuitem: HttpWatch Explorer Bar - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwtch.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/downloads/kws/kavwebscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - https://connectpal.sap.com/policy/download_binary.php/win32/f5syschk.cab#Version=5500,0,50830,1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: CFSService - Protect Folder Plus Team - C:\Program Files\Protect Folder Plus\CFSSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

[JSntgRvr]

Hi, e_hefetz

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.


O4 - HKCU\..\Run: [IFStub] O4 - HKCU\..\Run: [IFStub] C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe\InstaFinderK_inst.exe

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this folder:

C:\WINDOWS\Temp\Adware

Restart the computer.

Please download the enclosed folder. Save and extract its contents to the desktop. It is a batch file to check your connection. Once extracted click on the Test.bat and post the report it shall produce.

 

[e_hefetz]

Hey JSntgRvr and thank you for the assistance !

I've followed your instructations as follows:
1. O4 - HKCU\..\Run: [IFStub] O4 - C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe
was removed (appeared once).

2. C:\WINDOWS\Temp\Adware - I didn't have any such folder.

3. Test Report -

Bluetooth Network:
Node IpAddress: [0.0.0.0] Scope Id: []



No names in cache


Local Area Connection 4:
Node IpAddress: [10.0.0.138] Scope Id: []



NetBIOS Local Name Table



Name Type Status

---------------------------------------------

EITAN <00> UNIQUE Registered

EITAN <20> UNIQUE Registered

MSHOME <00> GROUP Registered

MSHOME <1E> GROUP Registered

MSHOME <1D> UNIQUE Registered

..__MSBROWSE__.<01> GROUP Registered



Windows IP Configuration



Host Name . . . . . . . . . . . . : eitan

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Bluetooth Network:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver

Physical Address. . . . . . . . . : 00-09-DD-10-31-B4



Ethernet adapter Local Area Connection 4:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.138

Subnet Mask . . . . . . . . . . . : 255.0.0.0

Default Gateway . . . . . . . . . : 10.0.0.138

DHCP Server . . . . . . . . . . . : 10.0.0.138

DNS Servers . . . . . . . . . . . : 10.0.0.138

Lease Obtained. . . . . . . . . . : Saturday, April 05, 2008 10:23:43 AM

Lease Expires . . . . . . . . . . : Saturday, April 12, 2008 10:23:43 AM

Ping request could not find host Yahoo.com. Please check the name and try again.

Ping request could not find host Google.com. Please check the name and try again.

These Windows services are started:

Application Layer Gateway Service
Automatic Updates
CFSService
COM+ Event System
Computer Browser
Cryptographic Services
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Help and Support
HID Input Service
IIS Admin
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
IPSEC Services
LexBce Server
Logical Disk Manager
McAfee Task Scheduler
McAfee WSC Integration
McAfee.com McShield
Network Connections
Network Location Awareness (NLA)
Plug and Play
Print Spooler
Protected Storage
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
Simple Mail Transfer Protocol (SMTP)
SSDP Discovery Service
Sygate Personal Firewall
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
Universal Plug and Play Device Host
Upload Manager
WebClient
Windows Audio
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Time
Windows User Mode Driver Framework
Wireless Zero Configuration
Workstation
World Wide Web Publishing

The command completed successfully.

 

[JSntgRvr]

Hi, e_hefetz

You must reload the Bluetooth LAN Access Server Driver software as the IP Address appears as Node IpAddress: [0.0.0.0] Scope Id: []. Once done, restart the computer and connect.

 

[e_hefetz]

Hey,
I have uninstalled the blue-tooth from the PC. the report now is lacking the blue-tooth line but beside this nothing was changed...

What could be the basic tests to resolve the problem source? it seems i can't ping any external address but only the router 10.0.0.138 ....

Thanks,
Eitan.

 

[JSntgRvr]

Run the Test.bat once again and post its report. I have asked a Network expert to take a look at this.,

 

[JohnWill]

Try this Automated WINSOCK Fix for XP, then do the following after rebooting.

Please supply the following info, exact make and models of the equipment please.

Make and exact model of the broadband modem.
Make and exact model of the router (if a separate unit).
Model numbers can usually be obtained from the label on the device.



I'd also like to see this:

Hold the Windows key and press R, then type CMD to open a command prompt:

Type the following commands:

PING 216.109.112.135

PING yahoo.com

IPCONFIG /ALL

Right click in the command window and choose Select All, then hit Enter.
Paste the results in a message here.

If you are on a machine with no network connection, use a floppy, USB disk, or a CD-RW disk to transfer a text file with the information to allow pasting it here.