1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

no internet connection

Discussion in 'Virus & Other Malware Removal' started by e_hefetz, Apr 4, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. e_hefetz

    e_hefetz Thread Starter

    Joined:
    Apr 4, 2008
    Messages:
    3
    Need your expert help !!!
    for more than a day now i don't have an internet connection through my PC. I'm afraid some malware has ruined some settings and broken my connection.

    I'm connected through an Aztech DSL 600EW rounter with a cable to the PC. a laptop with wireless connection (through this router) connect to the web just fine.
    I've been running the WinsockXPFix.exe but this didn't solve the problem.
    In addition, although I'm logged as an admin, I can't disable or repair the Local Area Connection. a ping to the router works (10.0.0.138) but a direct ping to a website doesn't get any response.

    I'm getting desparate here and wouldn't like to re-install the OS...
    Any ideas..?

    Logfile of HijackThis v1.99.1
    Scan saved at 02:34:52, on 05/04/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Protect Folder Plus\CFSSvc.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\WINDOWS\System32\sistray.EXE
    C:\WINDOWS\System32\khooker.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Babylon\Babylon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Netex Client\NetexTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\eitan hefetz\Desktop\hijackthis_sfx.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.down.co.il
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R3 - URLSearchHook: FiltURL Class - {5038FED1-CEFE-11D2-9E74-00A0C945A948} - C:\PROGRA~1\netex\URLSEA~1.DLL
    O2 - BHO: Netex - {000000A4-5858-4E36-BA5B-FDD80F3D5145} - C:\Program Files\Netex Client\netextb.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Band Class - {EFAE365E-DB89-4353-A952-EB035103204F} - C:\Program Files\Netex Client\netexa.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Netex - {000000A4-5858-4E36-BA5B-FDD80F3D5145} - C:\Program Files\Netex Client\netextb.dll
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS\svhost32.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [IFStub] C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Tray Application.lnk = C:\Program Files\Netex Client\NetexTray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {00000389-CB2E-4FAB-BC54-03FA0B39B465} - C:\Program Files\Netex Client\netextb.dll
    O9 - Extra 'Tools' menuitem: Netex - {00000389-CB2E-4FAB-BC54-03FA0B39B465} - C:\Program Files\Netex Client\netextb.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: HttpWatch Explorer Bar - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwtch.dll
    O9 - Extra 'Tools' menuitem: HttpWatch Explorer Bar - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwtch.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/downloads/kws/kavwebscan.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
    O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - https://connectpal.sap.com/policy/download_binary.php/win32/f5syschk.cab#Version=5500,0,50830,1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: CFSService - Protect Folder Plus Team - C:\Program Files\Protect Folder Plus\CFSSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, e_hefetz :)

    Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.


    O4 - HKCU\..\Run: [IFStub] O4 - HKCU\..\Run: [IFStub] C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe\InstaFinderK_inst.exe


    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    .

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this folder:

    C:\WINDOWS\Temp\Adware

    Restart the computer.

    Please download the enclosed folder. Save and extract its contents to the desktop. It is a batch file to check your connection. Once extracted click on the Test.bat and post the report it shall produce.
     

    Attached Files:

    • Test.zip
      File size:
      246 bytes
      Views:
      1
  3. e_hefetz

    e_hefetz Thread Starter

    Joined:
    Apr 4, 2008
    Messages:
    3
    Hey JSntgRvr and thank you for the assistance ! :eek:

    I've followed your instructations as follows:
    1. O4 - HKCU\..\Run: [IFStub] O4 - C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe
    was removed (appeared once).

    2. C:\WINDOWS\Temp\Adware - I didn't have any such folder.

    3. Test Report -

    Bluetooth Network:
    Node IpAddress: [0.0.0.0] Scope Id: []



    No names in cache


    Local Area Connection 4:
    Node IpAddress: [10.0.0.138] Scope Id: []



    NetBIOS Local Name Table



    Name Type Status

    ---------------------------------------------

    EITAN <00> UNIQUE Registered

    EITAN <20> UNIQUE Registered

    MSHOME <00> GROUP Registered

    MSHOME <1E> GROUP Registered

    MSHOME <1D> UNIQUE Registered

    ..__MSBROWSE__.<01> GROUP Registered



    Windows IP Configuration



    Host Name . . . . . . . . . . . . : eitan

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : Yes

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Bluetooth Network:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver

    Physical Address. . . . . . . . . : 00-09-DD-10-31-B4



    Ethernet adapter Local Area Connection 4:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter

    Physical Address. . . . . . . . . : 00-00-00-00-00-00

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 10.0.0.138

    Subnet Mask . . . . . . . . . . . : 255.0.0.0

    Default Gateway . . . . . . . . . : 10.0.0.138

    DHCP Server . . . . . . . . . . . : 10.0.0.138

    DNS Servers . . . . . . . . . . . : 10.0.0.138

    Lease Obtained. . . . . . . . . . : Saturday, April 05, 2008 10:23:43 AM

    Lease Expires . . . . . . . . . . : Saturday, April 12, 2008 10:23:43 AM

    Ping request could not find host Yahoo.com. Please check the name and try again.

    Ping request could not find host Google.com. Please check the name and try again.

    These Windows services are started:

    Application Layer Gateway Service
    Automatic Updates
    CFSService
    COM+ Event System
    Computer Browser
    Cryptographic Services
    DHCP Client
    Distributed Link Tracking Client
    DNS Client
    Error Reporting Service
    Event Log
    Fast User Switching Compatibility
    Help and Support
    HID Input Service
    IIS Admin
    Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
    IPSEC Services
    LexBce Server
    Logical Disk Manager
    McAfee Task Scheduler
    McAfee WSC Integration
    McAfee.com McShield
    Network Connections
    Network Location Awareness (NLA)
    Plug and Play
    Print Spooler
    Protected Storage
    Remote Access Auto Connection Manager
    Remote Access Connection Manager
    Remote Procedure Call (RPC)
    Remote Registry
    Secondary Logon
    Security Accounts Manager
    Server
    Shell Hardware Detection
    Simple Mail Transfer Protocol (SMTP)
    SSDP Discovery Service
    Sygate Personal Firewall
    System Event Notification
    System Restore Service
    Task Scheduler
    TCP/IP NetBIOS Helper
    Telephony
    Terminal Services
    Themes
    Universal Plug and Play Device Host
    Upload Manager
    WebClient
    Windows Audio
    Windows Image Acquisition (WIA)
    Windows Management Instrumentation
    Windows Time
    Windows User Mode Driver Framework
    Wireless Zero Configuration
    Workstation
    World Wide Web Publishing

    The command completed successfully.
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, e_hefetz :)

    You must reload the Bluetooth LAN Access Server Driver software as the IP Address appears as Node IpAddress: [0.0.0.0] Scope Id: []. Once done, restart the computer and connect.
     
  5. e_hefetz

    e_hefetz Thread Starter

    Joined:
    Apr 4, 2008
    Messages:
    3
    Hey,
    I have uninstalled the blue-tooth from the PC. the report now is lacking the blue-tooth line but beside this nothing was changed...

    What could be the basic tests to resolve the problem source? it seems i can't ping any external address but only the router 10.0.0.138 ....

    Thanks,
    Eitan.
     
  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Run the Test.bat once again and post its report. I have asked a Network expert to take a look at this.,
     
  7. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    Try this Automated WINSOCK Fix for XP, then do the following after rebooting.

    Please supply the following info, exact make and models of the equipment please.

    Make and exact model of the broadband modem.
    Make and exact model of the router (if a separate unit).
    Model numbers can usually be obtained from the label on the device.



    I'd also like to see this:

    Hold the Windows key and press R, then type CMD to open a command prompt:

    Type the following commands:

    PING 216.109.112.135

    PING yahoo.com

    IPCONFIG /ALL

    Right click in the command window and choose Select All, then hit Enter.
    Paste the results in a message here.

    If you are on a machine with no network connection, use a floppy, USB disk, or a CD-RW disk to transfer a text file with the information to allow pasting it here.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/700431

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice