DNS but no page access / email access

F

Fred Marshall

Windows ME system. Dialup.
Could not access anything on the dialup.
Removed a number of Adware/Spyware instances
Removed a Trojan Horse
Initially could not ping a URL/name no DNS
Now can at least ping a URL name so DNS is working at that level.
IE6 can not go to any pages using URL or IP address either one.
OE6 won't go to mail server.
Log follows
Any suggestions appreciated!!

Microsoft Antispyware beta was installed on this system.
It appears the failure occurred after it was installed but not immediately
after it was installed.
Some allusions on the web to the MS Antispyware Beta "deleting" IE. Any
confirmation, etc?

Logfile of HijackThis v1.97.7
Scan saved at 8:11:35 PM, on 2/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\E_S4I2M1.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTS.SCR
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.2.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.com/
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM
FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia
Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\SYSTEM\E_S4I2M1.EXE
/P24 "EPSON Stylus Photo RX600" /O7 "EPUSB1:" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON
CardMonitor\EPSON CardMonitor1.2.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common
Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program
Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Dell Home (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program
files\newdotnet\newdotnet3_88.dll' missing
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Yahoo! Poker - http://yog19.yahoo.com/yog/y/pq0_x.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
http://download.weatherbug.com/minibug/tri...uginstaller.cab
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} -
http://download.microsoft.com/download/0/A...01F/wmvadvd.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
64.255.237.242,64.255.237.243


Thanks,

Fred
 
P

PA Bear

Replace your ancient version of HijackThis with v1.99
http://aumha.net/downloads/hijackthis.zip

Post your logs to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or
http://aumha.net/viewforum.php?f=30 for expert analysis, not here, please.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

Fred said:
Windows ME system. Dialup.
Could not access anything on the dialup.
Removed a number of Adware/Spyware instances
Removed a Trojan Horse
Initially could not ping a URL/name no DNS
Now can at least ping a URL name so DNS is working at that level.
IE6 can not go to any pages using URL or IP address either one.
OE6 won't go to mail server.
Log follows
Any suggestions appreciated!!

Microsoft Antispyware beta was installed on this system.
It appears the failure occurred after it was installed but not immediately
after it was installed.
Some allusions on the web to the MS Antispyware Beta "deleting" IE. Any
confirmation, etc?

Logfile of HijackThis v1.97.7
Scan saved at 8:11:35 PM, on 2/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Click to expand...
<snip>
 
A

Al

Now can at least ping a URL name so DNS is working at that level.
IE6 can not go to any pages using URL or IP address either one.
OE6 won't go to mail server.
Log follows
Any suggestions appreciated!!
Click to expand...

fwiw, that means you have UDP (for nameserver lookup) and ICMP (for ping) but
not TCP (for mail and web)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

elite***32.exe [*** = random char] and EliteToolBar - please help remove 2
Weird Behavior 1
Search Engine Hijack (qhosts?), HijackThis.log. 3
IE6 slow and hangs when launched 4
ie6 locking up 2
PLS HELP...(about: blank) 1
Help with Malware 3
IE 6 becomes unstable, eventually locking up computer 1

Top