Solved Trojan rootkit proxy problem, can't connect to Internet

Status
Not open for further replies.
Please download RenewMyDNS by DragonMaster Jay.
  • Save it to your Desktop.
  • Double-click RenewMyDNS.exe to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete RenewMyDNS.exe
 
Here's the log and thanks for the program

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.3.2

Microsoft Windows [Version 6.1.7601]


``````````Network and DNS Information``````````



Windows IP Configuration

Host Name . . . . . . . . . . . . : owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel(R) 82578DC Gigabit Network Connection
Physical Address. . . . . . . . . : 90-FB-A6-86-D5-B9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dcf8:d6e5:beea:5fc%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 11 September 2012 09:43:04
Lease Expires . . . . . . . . . . : 18 October 2148 16:19:58
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 194050982
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-61-A6-9B-90-FB-A6-86-D5-B9
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:82e:2c99:a9ec:85c0(Preferred)
Link-local IPv6 Address . . . . . : fe80::82e:2c99:a9ec:85c0%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


``````````Speed-test - Ping``````````

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=306ms TTL=52
Reply from 72.30.38.140: bytes=32 time=274ms TTL=52
Reply from 72.30.38.140: bytes=32 time=413ms TTL=52
Reply from 72.30.38.140: bytes=32 time=648ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 274ms, Maximum = 648ms, Average = 410ms

Pinging geekpolice.net [64.202.189.170] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 64.202.189.170:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Pinging facebook.com [66.220.158.70] with 32 bytes of data:
Reply from 66.220.158.70: bytes=32 time=93ms TTL=242
Reply from 66.220.158.70: bytes=32 time=92ms TTL=242
Reply from 66.220.158.70: bytes=32 time=90ms TTL=242
Reply from 66.220.158.70: bytes=32 time=90ms TTL=242

Ping statistics for 66.220.158.70:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 93ms, Average = 91ms

Pinging google.com [173.194.41.161] with 32 bytes of data:
Reply from 173.194.41.161: bytes=32 time=21ms TTL=53
Reply from 173.194.41.161: bytes=32 time=21ms TTL=55
Reply from 173.194.41.161: bytes=32 time=21ms TTL=54
Reply from 173.194.41.161: bytes=32 time=18ms TTL=55

Ping statistics for 173.194.41.161:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 21ms, Average = 20ms

********************
EOF
 
Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=306ms TTL=52
Reply from 72.30.38.140: bytes=32 time=274ms TTL=52
Reply from 72.30.38.140: bytes=32 time=413ms TTL=52
Reply from 72.30.38.140: bytes=32 time=648ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 274ms, Maximum = 648ms, Average = 410ms

Pinging facebook.com [66.220.158.70] with 32 bytes of data:
Reply from 66.220.158.70: bytes=32 time=93ms TTL=242
Reply from 66.220.158.70: bytes=32 time=92ms TTL=242
Reply from 66.220.158.70: bytes=32 time=90ms TTL=242
Reply from 66.220.158.70: bytes=32 time=90ms TTL=242

Ping statistics for 66.220.158.70:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 93ms, Average = 91ms

Pinging google.com [173.194.41.161] with 32 bytes of data:
Reply from 173.194.41.161: bytes=32 time=21ms TTL=53
Reply from 173.194.41.161: bytes=32 time=21ms TTL=55
Reply from 173.194.41.161: bytes=32 time=21ms TTL=54
Reply from 173.194.41.161: bytes=32 time=18ms TTL=55

Ping statistics for 173.194.41.161:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 21ms, Average = 20ms
Click to expand...

These all had responses...no proxies are enabled. You're saying you cannot connect to sites from any browser?
 
I still cant connect yeh, with a browser or a VOIP program like ventrilo

But in the bottom left when im in google chrome it says "resolving proxy" so perhaps the programs are missing the proxy registry file the virus put there
 
Probably something VPN screwed up actually.


In Chrome, hit the wrench icon, select Settings.

Hit the link: Show Advanced Settings...

Under Network, hit Change Proxy Settings.

It will popup with the Internet Properties dialog. Hit LAN Settings. Uncheck "Use a proxy server for your LAN".

Let me know how this works.
 
I already have the proxy box unchecked, I checked and unchecked it again and pressed OK but nothing worked, the only thing I had checked in that window was automatically detect settings
 
I can get back to you in a little while, but I need to know what browsers you have so I can further investigate the issue. Also, what error messages, if any, are appearing? Or is just no connection in the browsers?
 
There's no internet connection in any of my progams such as steam, ventrilo, msn messenger so I don't believe its a browser issue

The browsers I use are Internet Explorer, Google Chrome and Mozilla Firefox
Here are the messages:

IE 9 Version 9.0.8112.16421

Internet Explorer cannot display the webpage

What you can try:

Diagnose Connection Problems

More information

This problem can be caused by a variety of issues, including:
•Internet connectivity has been lost.
•The website is temporarily unavailable.
•The Domain Name Server (DNS) is not reachable.
•The Domain Name Server (DNS) does not have a listing for the website's domain.
•There might be a typing error in the address.
•If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.


For offline users

You can still view subscribed feeds and some recently viewed webpages.
To view subscribed feeds:
1.Click the Favorites button , click Feeds, and then click the feed you want to view.


To view recently visited webpages (might not work on all pages):
1.Press Alt, click File, and then click Work Offline.
2.Click the Favorites button , click History, and then click the page you want to view.





Google Chrome Version 21 - 21.0.1180.83 m

This webpage is not available
Google Chrome's connection attempt to www.google.co.uk was rejected. The website may be down, or your network may not be properly configured.
Here are some suggestions:
Reload this webpage later.
Check your Internet connection. Restart any router, modem, or other network devices you may be using.
Add Google Chrome as a permitted program in your firewall's or antivirus software's settings. If it is already a permitted program, try deleting it from the list of permitted programs and adding it again.
If you use a proxy server, check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don't believe you should be using a proxy server, adjust your proxy settings: Go to the wrench menu > Settings > Show advanced settings... > Change proxy settings... > LAN Settings and deselect the "Use a proxy server for your LAN" checkbox.
Error 102 (net::ERR_CONNECTION_REFUSED): The server refused the connection.






Mozilla Firefox 15.0

Unable to connect

Firefox can't establish a connection to the server at www.youtube.com.

The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.
 
Gotcha. Appears the Winsock has been terminated somehow.

Press start, then run and enter cmd - then hit OK.

In the command prompt window, press in the following code exactly:


netsh winsock reset catalog

Then, exit out.
==

Do you have Internet after performing the above process?
 
I typed it in, and it told me to restart which I did and the internet still didn't work, both google chrome and firefox and ventrilo my voip program
 
Please copy and paste the following in to Notepad:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"GlobalMaxTcpWindowSize"="256960"
"TcpWindowSize"="256960"
"DefaultTTL"="64"
"EnablePMTUDiscovery"="1"
"DisableTaskOffload"="0"

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer"=dword:00000010
"MaxConnectionsPer1_0Server"=dword:00000010

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer"=dword:00000010
"MaxConnectionsPer1_0Server"=dword:00000010

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters]
"SizReqBuf"="16384"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"MaxCmds"=dword:00000064
"MaxThreads"=dword:00000064
"MaxCollectionCount"="65535"
Click to expand...
Then click File > Save as
File name: internetFIX.reg
Save as type: All Files
Location: Desktop

==

Once saved, Exit Notepad, and double-click on internetFIX.reg and confirm the prompts.

Then, restart your computer.

Let me know if this works or not.
 
I accepted the prompts and added it into my registry but when I restarted my computer it didn't work, msn is taking ages to sign in rather than giving me a connection error so im still waiting on it, other than that the others like ventrilo, my web browsers are all giving me the same error messages I sent you and none can connect to the internet still
 
Open it go Tools>Internet options>Advanced tab and click on "Reset" button.
Restart IE.

Also....

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
 
I inputted all the commands although when I didnt see the difference when holding control and shift when opening CMD, ran CMD as an admin and after putting in all the commands and turning off my pc and resetting my router nothing changed, I still saw resolving proxy in the bottom left for google chrome
 
Ok, I just added the files to my registry but for some reason I cant add mpssvc.reg, it says "Not all data was successfully writted to the registry, some keys are open by the system or other processes" I tried restarting pc after entering the others and tried running in safe mode but safe mode wouldnt load and I also couldn't get the internet to work after trying the other 8 registry files then restarting

I dont know why it wont let me add the mpssvc.reg
 
Press start, then run and enter cmd - then hit OK.

In the command prompt window, press in the following code exactly:


netsh winsock reset catalog

Then, exit out.
==

Do you have Internet after performing the above process?
 
Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.
2hd457o.gif


settingsslider.png


Set the slider to Maximum.

driversports.png


IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.


generaltab.png


On the General tab, make sure all of the boxes are checked.


misce.png


On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.


2ekm73m.gif

Click Create Report to run it.

beginscanning.png

It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.
 
Security Programs

Please remove the ones in bold from the Programs list:

=> Ad-Aware Security Toolbar => Advanced SystemCare 5
=> avast! Internet Security => Malwarebytes Anti-Malware version 1.62.0.1300
=> McAfee Security Scan Plus => Panda ActiveScan 2.0
=> Panda ActiveScan Cleaner => Sophos Virus Removal Tool
=> Spybot - Search & Destroy => Windows Live OneCare safety scanner
=> Ad-Aware Antivirus
=> ZoneAlarm Internet Security Suite

For the ones in blue, decide which one you want to keep and remove the other. You can only have one security suite running. I'd recommend avast! Internet Security. I'm sorry if you paid for both, but you only need one of them.

After you do that, let me know if your Internet connection unlocks itself.
 
WOOT!

I remove the ones you said and I chose to remove avast and I think that was a good choice too as the internet is now working for all my programs! Thanks a lot dude, you've helped me out a lot!

Im thinking after I got that virus proxy problem It must have changed the way AVAST worked for me, because ive been using avast fine with all system security things enabled but now that it expired it seems like a good idea to remove that and ill install zone alarm soon

Thanks again, I guess you can close this now unless theres anything else I need to do, but internet works in google chrome, steam, ventrilo, firefox and msn messenger :D, wont need to use the laptop anymore
 
Status
Not open for further replies.

Similar threads

D
Windows xp home cannot connect to internet
Replies
4
Views
1K
bazz2004
B
Paganx
Wifi connected but no access to internet
Replies
4
Views
2K
Macho
Macho
Gilbertcyberpro
Alienware 17 r5 Why is my internet speed being reduced to 30 download and 0.4 upload. Normally 900 up and down
Replies
2
Views
1K
Mark Fuller
M

Latest posts

Back