1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Further DNS server problems

Discussion in 'Networking' started by gettingold, Feb 13, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. gettingold

    gettingold Thread Starter

    Joined:
    Feb 13, 2013
    Messages:
    43
    Praises all!

    I've heard nothing but the best about this community, I hope you’ll be able to help me.

    The problem I’m having was already posted and solved on a few support forums, but please stay till the end, ‘cause not one of those solutions helped me.

    It's win7, DSL cable modem, no router. error messages are: "DNS server is not responding", "cable is not properly connected" and sometimes it's something about the dynamic address, but this is rare so I can't remember exactly.

    It is the old “endless modem restarting” business after getting a message “DNS server is not responding” and I’m telling you none of the aforementioned solutions resolved this (including disabling the “Microsoft Virtual WiFi Miniport Adapter“, well, I didn't disable it ‘cause I don’t have it in Device Manager (with hidden devices turned on, of course)).

    Does anyone know if a fix has been found for people in my situation? i.e. If you don’t have a Microsoft Virtual WiFi Miniport Adapter, and DNS flushing does not work. (And the most difficult part is I have to do this on my own, I can't rely on ISP help desk)


    DON'T READ the following unless you need to know everything I tried:

    ...led me to the most common solution to "DNS server is not responding" issue (at least judging by the number of people who solved their problem this way) in form of a rather easy and simple exercise of uninstalling Microsoft Virtual WiFi Miniport Adapter in your Device Manager (you have to enable the "show hidden devices" option in view).

    However, life usually doesn't work that simple for me, as I don't have "Microsoft Virtual WiFi Miniport Adapter". I do have alarmingly many miniports for my standards (about 8 of them), but that's probably me.

    So I went on to flush DNS in cmd, to no avail.

    I tried to enter my MAC address into the modem (the pass-through feature, or the bypass NAT feature, whatever you like)

    I tried using open DNS, but it changes nothing.

    I tried finding the PID of the service that sends to many requests, hoping that, if this crashes my Net, I could disable it. One PID pointed to a trojan tonjaa.exe and I thought "great", I kill the trojan and it stops demanding too much of my modem. I installed a few of the top rootkit killers and they found nothing. In the end PID was not that of a trojan.

    It seems to me that DNS servers names weren't correct in my static IP address. But, as I once said, it's no use asking my ISP anything, so I tried to obtain them via ipconfig /all. I just entered what I found under DNS.

    Lastly, I went on to hard coding the MAC address into the adapter settings, taking the advice of a Microsoft MVP. But the downside to this is that it doesn't go with the static IP. It uses open DNS. And it didn’t work. The same amount of error messages I get after trying this.

    gettingold
     
  2. gettingold

    gettingold Thread Starter

    Joined:
    Feb 13, 2013
    Messages:
    43
    No intention of bumping this, but I did try a few more things so here it goes (mostly things I found on this forum that were recommended earlier):

    First of all I think it’s my laptop causing this, for it doesn’t happen when I shut my lap down, and my girlfriend is using hers. She doesn’t have any problems.

    Second, I tried pinging myself when the error appears, but it’s not possible. I can’t connect to my modem when this happens (I think this is something along the lines of etafs recommendations to angelwithahorn).

    Thirdly, I tried the DNS jumper. It didn’t do any thing for me. Same error after I started it.

    I’m not using McAfee!

    I’m posting my specs, maybe the lack of these was the reason for all of you ignoring me, although I hoped it wouldn’t come to this, because posting all of your info on net is not the most comfortable thing I did. Especially when I never saw posting these solved anyone problem. It was always something else (at least it seems).

    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Users\Cubisa>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Gdansk
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Wireless LAN adapter Wireless Network Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
    Physical Address. . . . . . . . . : 00-1A-73-88-58-3C
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::d907:d322:c63d:8b15%13(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.0.11(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : 15. veljače 2013. 4:36:30
    Lease Expires . . . . . . . . . . : 15. veljače 2013. 10:29:19
    Default Gateway . . . . . . . . . : 192.168.0.1
    DHCP Server . . . . . . . . . . . : 192.168.0.1
    DHCPv6 IAID . . . . . . . . . . . : 218110579
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-6F-64-3C-00-1A-4B-68-C2-1F

    DNS Servers . . . . . . . . . . . : 8.8.8.8
    4.2.2.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom 590x 10/100 Ethernet
    Physical Address. . . . . . . . . : 00-1A-4B-68-C2-1F
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{BFE11842-D7D4-40E7-A86A-6D919963C8DD}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{A3AEEB4D-C060-42B1-88B3-4250EF38B0D0}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    C:\Users\Cubisa>

    HERE’s some Ping tests:

    C:\Users\Cubisa>Ping 10.1.1.254

    Pinging 10.1.1.254 with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 10.1.1.254:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    C:\Users\Cubisa>

    This is google ping:

    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Users\Cubisa>Ping google.com

    Pinging google.com [173.194.44.224] with 32 bytes of data:
    Reply from 173.194.44.224: bytes=32 time=50ms TTL=53
    Reply from 173.194.44.224: bytes=32 time=49ms TTL=53
    Reply from 173.194.44.224: bytes=32 time=59ms TTL=53
    Reply from 173.194.44.224: bytes=32 time=51ms TTL=53

    Ping statistics for 173.194.44.224:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 49ms, Maximum = 59ms, Average = 52ms

    C:\Users\Cubisa>


    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Users\Cubisa>Ping 209.183.226.152

    Pinging 209.183.226.152 with 32 bytes of data:
    Reply from 209.183.226.152: bytes=32 time=224ms TTL=49
    Reply from 209.183.226.152: bytes=32 time=142ms TTL=49
    Reply from 209.183.226.152: bytes=32 time=128ms TTL=49
    Reply from 209.183.226.152: bytes=32 time=127ms TTL=49

    Ping statistics for 209.183.226.152:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 127ms, Maximum = 224ms, Average = 155ms

    C:\Users\Cubisa>
     
  3. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,252
    First Name:
    Wayne
    you have a good connection to the internet - not sure why you are pinging 10.1.1.254
    the test is to ping the default gateway 192.168.0.1
    so when you get the dns issue - please redo all those three ping tests and post the results here

    they help us isolate the problem and so are an important part of the diagnosis

    does the error occur when connected by cable to the modem, by wireless or both
    I notice you are wireless connected
    so can we also see an xirrus screen shot - maybe wireless interference - see below

    I dont understand this completely - your girlfriend NEVER has a problem or only has a problem when you are using your PC ?

    ------------------------------------------------------------------------
    Run Xirrus Wi-Fi Inspector
    Download and install

    If you cannot access the internet with this PC, then you will need to copy the program across to the faulty PC
    Save the file to a USB flash drive or other removable media. Plug it into the working computer with internet access and copy the file and install the program.
    You will now need to take a screen shot and copy that back to the working PC and attach the screen shot in a reply on the forum here.

    http://www.xirrus.com/Products/Wi-Fi-Inspector.aspx
    Direct link to the program is here http://info.xirrus.com/Wi-FiInspectorConfirmation.html

    {If the above link does not work heres another link http://www.pcworld.com/downloads/file_download/fid,77196-order,4/download.html}

    Then run and install the program - on a wireless enabled PC/Laptop
    if you get an error - You need will need to have NET Framework installed for the WiFi Inspector to function.
    On windows 8 - (i do not have windows 8) but, it would appear that, When you first try to run, you may get a message that .net framework is needed, and included in that message is a link to download/install.

    Run the program

    A user guide is available here http://www.xirrus.com/cdn/pdf/Xirrus-Wi-Fi-inspectorguide-1-2-1-RevB-6.aspx

    post a screen shot of the program running.
    if there are a lot of networks showing can you click on "networks" top lefthand area - so we can see all the network information.

    post which SSID name is yours, its located in the list, under network "Adapter Name" (1st column)


    Note:
    For a reliable (or robust as the Xirrus user guide says) wireless connection you need a signal of about -70 dBm or better. "A desirable signal level for a robust Wi-Fi connection will be green".
    note: the signal level is a negative number, so for example -88 is worst and -40 is better

    To post a screen shot of the active window.
    Windows XP
    Hold the Alt key and press the PrtScn key. Open the Windows PAINT application (Start> All Programs> Accessories> Paint) and Paste the screen shot. You can then use PAINT to trim to suit, and save it as a JPG format file.

    Vista or Windows 7
    you can use the "snipping tool" which is found in Start> All programs> Accessories> Snipping Tool

    Windows 8
    you can use the snipping tool > Open Snipping Tool (From the Windows 8 Start Screen, type "snip" and press enter.
    >Press the Esc. key.
    >go back to your Windows 8 start screen - Swipe from left or press Window Button
    >Press Ctrl+PrntScr button to use Snipping Tool
    see here
    http://www.pcadvisor.co.uk/opinion/windows/3415854/how-take-screenshot-in-windows-8/
    http://www.pcadvisor.co.uk/how-to/windows/3405830/how-take-screenshot-in-windows-8/


    To upload the screen shot to the forum, open the full reply window ("Go Advanced" button) and use the Manage Attachments button to upload it here.
    Full details are available here http://library.techguy.org/wiki/TSG_Posting_a_Screenshot

    A useful guide on troubleshooting an intermittent wireless connection
    http://help.orange.co.uk/orangeuk/support/personal/353093
     
  4. gettingold

    gettingold Thread Starter

    Joined:
    Feb 13, 2013
    Messages:
    43
    I made a screen of xirrus, as I already have it instaled because it was mentioned in these threads earlier.

    (I'm not sure will this work because I don't see any confirmation that there's an attachment.)

    For your questions:

    My girlfriend does have the same problems only when I'm connected. If I shut down my lap, she surfs smoothly. If she shuts down her lap top, I still get these DNS is not responding error meassages. That's why I though it has to do with my lap top.

    I will try ping tests as soon as it happens again.

    One more thing; my lap top is not constantly off. I can surf, and I'm using it now, but 5-10 times a day I get the error message and have to reset the modem in order to keep on with what I'm doing.

    (BTW; about pinging 10.1.1.254, it was a hasty mistake, it looks stupid to me aswell now, but I copied that from an earlier response, obviously pinging someones else IP)
     

    Attached Files:

  5. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,252
    First Name:
    Wayne
    thats a very crowded network environment
    is webstar your wireless?

    your probably on the best channel - although vlp_00300 is also on channel 1 but quite a low signal

    thats interesting , not sure why that would be - unless you are downloading a lot of data in the background

    have you tried connecting by cable to the router and does it still happen - or is it just on wireless ?

    when you disconnect , does your girlfriend also disconnect every time at the same time - or can she continue to work on the internet

    lets see the three ping tests and another xirrus screen shot when it disconnects
     
  6. gettingold

    gettingold Thread Starter

    Joined:
    Feb 13, 2013
    Messages:
    43
    These are the ping tests right after some off time:

    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Windows\system32>Ping google.com

    Pinging google.com [173.194.70.138] with 32 bytes of data:
    Reply from 173.194.70.138: bytes=32 time=3537ms TTL=47
    Reply from 173.194.70.138: bytes=32 time=56ms TTL=47
    Reply from 173.194.70.138: bytes=32 time=3298ms TTL=47
    Reply from 173.194.70.138: bytes=32 time=635ms TTL=47

    Ping statistics for 173.194.70.138:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 56ms, Maximum = 3537ms, Average = 1881ms

    C:\Windows\system32>Ping 209.183.226.152

    Pinging 209.183.226.152 with 32 bytes of data:
    Reply from 209.183.226.152: bytes=32 time=241ms TTL=49
    Request timed out.
    Reply from 209.183.226.152: bytes=32 time=164ms TTL=49
    Request timed out.

    Ping statistics for 209.183.226.152:
    Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 164ms, Maximum = 241ms, Average = 202ms

    C:\Windows\system32>Ping 192.168.0.1

    Pinging 192.168.0.1 with 32 bytes of data:
    Reply from 192.168.0.1: bytes=32 time=5ms TTL=64
    Reply from 192.168.0.1: bytes=32 time=2390ms TTL=64
    Reply from 192.168.0.1: bytes=32 time=24ms TTL=64
    Reply from 192.168.0.1: bytes=32 time=140ms TTL=64

    Ping statistics for 192.168.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 5ms, Maximum = 2390ms, Average = 639ms

    C:\Windows\system32>


    And a xirrus screen after it disconnected a second time.


    I still didn't try using only the LAN cable, but will do as soon as I bring one home from work this evening.


    Webstar is my wireless. If you need screens of some other tests in xirrus just let me know.


    On more thing; you pointed me to help.orange and one of the advices was to let windows manage my wireless connections. This made everything slightly worse. Now it takes ages to open a web page even when I'm not having off time.
     

    Attached Files:

  7. gettingold

    gettingold Thread Starter

    Joined:
    Feb 13, 2013
    Messages:
    43
    Oh, sorry, forgot one thing; girlfriends lap top goes off every time my does. It can happen a minute earlier or later, but it does happen to both lap tops.
     
  8. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,252
    First Name:
    Wayne
    change the wireless channel on the router

    this may not work because of some adapter compatibility - but try using channel 13 on the router - But note US can onlyuse 1-11 and so some adapters are set to the US range
    if 13 will not work on both laptops
    try using 11

    on the modem - when the disconnect occurs - would you look at the lights on the modem and post back the status

    when you carried out the ping tests - did the connection come back - because apart from a couple of time outs - it seems to have a connection

    the times are also quite long

    can you do the same on the girlfriends laptop and post the results - NOW this will get confusing - so please make sure in the reply you tell us
    What machine the results are for
    AND
    What condition - connected or disconnected
     
  9. gettingold

    gettingold Thread Starter

    Joined:
    Feb 13, 2013
    Messages:
    43
    First of all a very big THANK you for taking interest in this, I'm having this problem for at least 2-3 years. Further, I have to go to work now, so I'll continue as soon as I can.

    Would you, please, be so kind to tell me, in the meantime, how I change channel? this is a bit above my knowledge. To tell you the truth I didn't think I was using router. I only have a modem in my living room (or is this complete nonsense I'm writing?).
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    with those terrible ping times, I would suspect a possibility of malware or a security tool on your computer interfering, especially as your GF's computer works well on the same network

    lets see if we can eliminate the possibility of malware to give Etaf a chance of looking for other causes afterwards

    follow advice here and post the logs those programs make
     
  11. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,252
    First Name:
    Wayne
    As dvk01 one of our security gurus , has replied, lets stop all the suggestions I have made for now - and just follow dvk01 advice.

    Once he has reviewed the logs and cleared the system of any virus/malware issue , i can come back if you still have any issue. otherwise it will get very confusing following.

    i will be subscribed to the post - so will get an email each time a reply is made anyway
     
  12. gettingold

    gettingold Thread Starter

    Joined:
    Feb 13, 2013
    Messages:
    43
    A big thanks to you as well. I'll get right on this in the evening! My shift starts in about half an hour.

    Thanks and I'll get back with those logs.

    gettingold
     
  13. gettingold

    gettingold Thread Starter

    Joined:
    Feb 13, 2013
    Messages:
    43
    Following dvk01's instructions would look like this:

    MY problem is that I get disconnected 5-10 times a day with a note DNS sever is not responding. (Sometimes it says my cable is disconnected, which makes no sense to me, especially because it fixes it self.)

    If I don't do anything, off time lasts anything from a few moments up to couple of hours, but it will eventually get back on line. If I choose not to ignore it and restart the modem it fixes everything immediately in 95% of cases.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:12:28, on 15.2.2013.
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Vuze\Azureus.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Cubisa\Desktop\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A3AEEB4D-C060-42B1-88B3-4250EF38B0D0}: NameServer = 8.8.8.8,4.2.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE11842-D7D4-40E7-A86A-6D919963C8DD}: NameServer = 8.8.8.8,4.2.2.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{A3AEEB4D-C060-42B1-88B3-4250EF38B0D0}: NameServer = 8.8.8.8,4.2.2.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{A3AEEB4D-C060-42B1-88B3-4250EF38B0D0}: NameServer = 8.8.8.8,4.2.2.1
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Usluga Google ažuriranje (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Usluga Google ažuriranje (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

    --
    End of file - 4657 bytes


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Run by Cubisa at 21:15:27 on 2013-02-15
    Microsoft Windows 7 Ultimate 6.1.7600.0.1250.385.1033.18.1919.1029 [GMT 1:00]
    .
    AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Vuze\Azureus.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: NameServer = 83.139.104.2 83.139.105.2
    TCP: Interfaces\{A3AEEB4D-C060-42B1-88B3-4250EF38B0D0} : NameServer = 8.8.8.8,4.2.2.1
    TCP: Interfaces\{A3AEEB4D-C060-42B1-88B3-4250EF38B0D0} : DHCPNameServer = 83.139.104.2 83.139.105.2
    TCP: Interfaces\{BFE11842-D7D4-40E7-A86A-6D919963C8DD} : NameServer = 8.8.8.8,4.2.2.1
    TCP: Interfaces\{BFE11842-D7D4-40E7-A86A-6D919963C8DD} : DHCPNameServer = 83.139.104.2 83.139.105.2
    SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\cubisa\appdata\roaming\mozilla\firefox\profiles\hngde22z.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\users\cubisa\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: browser.blink_allowed - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-22 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-22 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-22 60936]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-5-27 21992]
    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-10-14 2754984]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-3 22856]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-3 676936]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
    S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
    .
    =============== Created Last 30 ================
    .
    2013-02-13 11:57:35 -------- d-----w- c:\program files\Xirrus
    2013-02-13 11:56:59 -------- d-----w- c:\users\cubisa\appdata\local\Downloaded Installations
    2013-02-06 21:05:34 -------- d-----w- c:\programdata\SecTaskMan
    2013-02-06 21:04:03 -------- d-----w- c:\program files\Security Task Manager
    2013-02-06 20:30:26 2 --shatr- c:\windows\winstart.bat
    2013-01-24 18:42:12 -------- d-----w- C:\Temp
    .
    ==================== Find3M ====================
    .
    2013-02-15 09:35:55 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-15 09:35:55 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-03-13 10:01:26 1008141 ----a-w- c:\program files\iExplore.exe
    2012-03-13 10:00:46 806 ----a-w- c:\program files\FixExe.reg
    2010-09-06 18:22:42 19657194 ----a-w- c:\program files\vlc-1.1.4-win32.exe
    .
    ============= FINISH: 21:15:49,18 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2.5.2010. 18:51:59
    System Uptime: 15.2.2013. 11:20:40 (10 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30C2
    Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | U10 | 1900/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 104 GiB total, 14,232 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 8 GiB total, 0,933 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ACPI\HPQ0006\2&DABA3FF&1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\HPQ0006\2&DABA3FF&1
    Service:
    .
    ==== System Restore Points ===================
    .
    RP498: 15.2.2013. 14:16:11 - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.3
    ATI Catalyst Install Manager
    Auto Gordian Knot 2.55
    Avira AntiVir Personal - Free Antivirus
    AviSynth 2.5
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CoreAVC Professional Edition (remove only)
    CPUID CPU-Z 1.57.1
    DivX Setup
    Dropbox
    DVD Decrypter (Remove Only)
    Easton Shaft Selector 2010
    eMule
    eReg
    Google Update Helper
    Java Auto Updater
    Java(TM) 6 Update 20
    K-Lite Mega Codec Pack 9.4.0
    LSI HDA Modem
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MS Office 97/2000/XP CRO Spelling
    Opera 12.00
    PowerISO
    Scrabble Plus 1.00
    Security Task Manager 1.8d
    TeamViewer 7
    Time Adjuster STANDARD 3.1
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    Unity Web Player
    VC80CRTRedist - 8.0.50727.6195
    Virtual Globe.
    VirtualCloneDrive
    VLC media player 1.1.4
    VobSub v2.23 (Remove Only)
    Vuze
    WIDCOMM Bluetooth Software 6.2.0.5800
    Winamp
    Winamp Detector Plug-in
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Xirrus Wi-Fi Inspector
    XviD MPEG4 Video Codec (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9.2.2013. 21:52:29, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume7.
    9.2.2013. 21:36:53, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume I:.
    15.2.2013. 11:22:32, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    15.2.2013. 10:24:45, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
    15.2.2013. 10:23:57, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
    10.2.2013. 20:16:10, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
    .
    ==== End Of File ===========================


    .
    GMER 2.1.18952 - http://www.gmer.net

    Rootkit scan 2013-02-15 21:37:36
    Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9120822AS rev.3.BHE 111,79GB
    Running: cbj0qkrh.exe; Driver: C:\Users\Cubisa\AppData\Local\Temp\kfldqpog.sys


    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C56579 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7AF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E00E000, 0x2678C8, 0xE8000020]
    ? C:\Users\Cubisa\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 1503447760
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30280619
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 1503535651
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30280619

    ---- EOF - GMER 2.1 ----


    IMPORTANT A few more headsups:

    I'm using avira antivirus program

    I have win36 installed on a 64 laptop (because I changed laptop and didn't have the money to buy different OS)

    During these tests I was connected via LAN cable to save time and merge a few different tests; so now I know that no matter what I did I DID NOT lose connection on LAN cable. Only on wireless.
     
  14. gettingold

    gettingold Thread Starter

    Joined:
    Feb 13, 2013
    Messages:
    43
    Sorry, that's win32 on a 64 laptop.

    cheers!
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    OK no sign of any malware there

    the obvious problem that I can see is your second DNS name server 4.2.2.1 is a DNS server that is supposed to be used for recursive lookups by other DNS servers & isn't supposed to be available for general internet use

    Your problem might well be due to that as the server owners do attempt to block access to it, especially from your region

    Change all DNS to google

    then as you say it all works perfectly on Ethernet ( which is probably using different dns servers)
    I would suspect that you have a clash between your router & one of the other close by routers which are using the same channel

    it might work better or properly if you use encryption, rather than an open connection ( and definitely will be much safer)
    But I will leave you with Etaf to configure that
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089301

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice