Weird connection problem

Emachines Emachines t5274a desktop comp...
February 23, 2010 at 13:24:35
Specs: Windows Vista, Pentium Dual Core 2Ghz/ 2.0 GB Ram
I have a very weird connection problem.

I recently removed some Rogue Software
called "Personal Security"

This prevented any internet access. The
system has been scanned with many anti-
malware programs. Nothing is left.

I currently cannot access the internet from the
browser still. I can pull an nslookup and ping
google.com. Also the connection icon in the
task bar says I have local and internet
connectivity. Upon running the connection
diagnostics, windows vista found no
connection problems.

I even went to services.msc to ensure the
DHCP and DNS services were running and
they start automatically.

I installed a wireless card, the driver
downloaded automatically from windows
update.

I used netsh to reset to ip stack and cleared
the catalog. I also flushed the DNS cache.

all proxy settings are not set to use a proxy. I
also checked the registry for proxy setings
keys in there.

I even installed mozilla firefox, still no internet
browsing capability

I ran anti-rootkit, combo-fix, vundo-fix and the
fixes from super-anti-spyware relating to
network settings. I also ran trojan remover to
remove any restrictive policies.

I have spent a day and a half on this, with no
results. I cannot access the internet.

Has anyone had a problem like this?

Also other pc's can use the same wireless access point and ethernet jack I am currently using. This problem is rooted in the vista machine, not the network.



See More: Weird connection problem

Report •


#1
February 23, 2010 at 13:35:18
Half of me trusts your statement that the machine is clean & says run ipconfig /all & post the output.

The other half of me doesn't trust that the machine is clean & says run hijack this & post the output.

Do one or both of those things.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
February 23, 2010 at 13:42:05
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:59 PM, on 2/23/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN
Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common
Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = about:blank
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.gateway.com/g/startpage....
Ch=Retail&SubCH=&Br=EM&Loc=ENG_US&Sys=DTP&M=T
5274a
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.gateway.com/g/startpage....
Ch=Retail&SubCH=&Br=EM&Loc=ENG_US&Sys=DTP&M=T
5274a
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-
C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-
B9E3AAC4465B} - C:\Program Files\Microsoft\Search
Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-
4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
8333-CF10577473F7} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-
4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-
03dc2f38c34f} - C:\Program Files\MSN
Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-
435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-
8fa844297b3f} - C:\Program Files\MSN
Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [IgfxTray]
C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence]
C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program
Files\Google\Google Desktop Search\GoogleDesktop.exe"
/startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program
Files\Microsoft\Search Enhancement Pack\Default
Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN
Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)]
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
/runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher]
%WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows
Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk =
C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk =
C:\Program Files\Common
Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add to Google Photos
Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... -
res://C:\Program Files\Google\Google
Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF
0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-
8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-
7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} -
C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
(EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/act...
ure_Control_v1-0-27-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://fpdownload2.macromedia.com/g...
h/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-
043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks
2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-
53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs:
C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3
.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio
(AgereModemAudio) - Agere Systems -
C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec
Corporation - C:\Program
Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. -
C:\Program Files\eMachines Games\eMachines Game
Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589
(GoogleDesktopManager-110309-193829) - Google -
C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) -
Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google -
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\Program
Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: QBCFMonitorService - Intuit - C:\Program
Files\Common
Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit
Inc. - C:\Program Files\Common
Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SBSD Security Center Service
(SBSDWSCService) - Safer Networking Ltd. - C:\Program
Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 7928 bytes

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\midstate mattress>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : midstatematt-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family
Fast Ethernet
NIC
Physical Address. . . . . . . . . : 00-1E-90-37-D9-AF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::7da9:6806:81cb:61f7%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.110(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, February 23, 2010
3:16:50 PM
Lease Expires . . . . . . . . . . : Wednesday, February 24,
2010 3:16:49 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 167779984
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-B3-29-9D-
00-1E-90-28-ED-0C

DNS Servers . . . . . . . . . . . : 64.65.208.6
64.65.196.6
208.67.222.222
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-
Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{4C19592D-34E3-489E-
9431-34303C579
F86}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\Users\midstate mattress>


Report •

#3
February 23, 2010 at 13:43:03
Do you think the IP v4 and v6 are conflicting somehow?

Also, I ran LSP fix and it said that winsock 2 does not exist,
please re-install.


Report •

Related Solutions

#4
February 23, 2010 at 15:38:37
I'm not a fan of toolbars, otherwise the hijack this logs looks clean.

The wired NIC is getting an IP address & you should have internet through it. I don't see a wireless NIC at all.

Make sure that the firewall isn't blocking the connection. If that's ok, try the winsock fix & see what happens.

How do you know when a politician is lying? His mouth is moving.


Report •

#5
February 23, 2010 at 17:04:52
The wireless card was uninstalled after I realized it wasn't
hardware failure.

I have since taken these steps...

I tried LSP fix, they keep telling me the winsock2 is corrupt.
So I have deleted the registry keys corresponding to winsock
and winsock2. I altered the nettcpip.inf to install ipv4
unsigned, restored to original and re-installed ipv4 with the
signed driver. (http://support.microsoft.com/kb/325356)

The firewall is currently turned off. Google desktop works on
127.0.0.1 I checked to HOSTS file. all clear.

Also I did a port scan on my local machine(127.0.0.1) I get a winsock error 10044

I tried a port scan on my LAN, I get a response from 12 machines, however when trying to find the ports, i get the same winsock error message 10044.

It is so hard to fix Winsock in Vista.

Might I add, when I log-in as administrator, every time I right
click inside a windows explorer window, explorer crashes.
This only happens as administrator.


Report •

#6
February 23, 2010 at 17:11:25
http://www.mydigitallife.info/2007/...

Try the netsh winsock reset.

How do you know when a politician is lying? His mouth is moving.


Report •

#7
February 23, 2010 at 17:21:59
I did try that earlier, with no results. However out of repsect of
people helping me, I tried it again.

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>netsh winsock reset
The system cannot find the file specified.

C:\Windows\system32>netsh int ip reset
Reseting Echo Request, failed.
Access is denied.

Reseting Global, OK!
Reseting Interface, OK!
A reboot is required to complete this action.


C:\Windows\system32>netsh int ipv4 install
A reboot is required to complete this action.


C:\Windows\system32>netsh winsock audit

The following commands are available:

Commands in this context:
audit trail - Shows the audit trail of Layered Service
Providers that have be
en installed and uninstalled.


C:\Windows\system32>

I reboot... Same message

Any help is welcome. I want to avoid re-formatting. I don't roll
like that.


Report •

#8
February 24, 2010 at 06:50:20
netsh winsock reset

That's the command to try.

If you're getting access denied, there might be a permissions problem.

How do you know when a politician is lying? His mouth is moving.


Report •

#9
February 24, 2010 at 07:36:17
I currently cannot access the internet from the
browser still. I can pull an nslookup and ping
google.com.

Try another browser if you haven't already and let us know if a different one works.


Report •

Ask Question