Solve : potential malware?

1.	Solve : potential malware?
Answer» Quote I still need to reinstall antivirus, is there a preference between avast or avg? You can choose from this list below. I, myself, prefer MicroSoft Security Essentials. Very efficient, updates automatically and not a resource hog. Remember to only install one antivirus! 1) Avast! Home Edition 2) AVG Free Edition 3) Avira AntiVir Personal 4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download 4-a) Microsoft Security Essentials for Windows XP 5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) 6) PC Tools AntiVirus Free Edition It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. ****************************************** Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the CODE box into a new file: Code: [Select]echo off >Log1.txt ( ipconfig /all nslookup google.com nslookup yahoo.com ping -n 2 google.com ping -n 2 yahoo.com route print ) start Log1.txt del %0 •Go to the File menu at the top of the Notepad and select Save as. •Select save in: desktop •Fill in File name: test.bat •Save as type: All file types (.) •Click save. •Close the Notepad. •Locate and double-click test.bat on the desktop. •A notepad opens, copy and paste the content it (log1.txt)** to your reply. Windows IP Configuration Host Name . . . . . . . . . . . . : cgeiger-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : launchmodem.com Ethernet adapter LOCAL Area Connection: Connection-specific DNS Suffix . : launchmodem.com Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-1A-92-13-01-71 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::15b3:2ca9:7d55:787d%8(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.97(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Saturday, April 02, 2011 2:44:05 PM Lease Expires . . . . . . . . . . : Sunday, April 03, 2011 2:44:05 PM Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DHCPv6 IAID . . . . . . . . . . . : 201332979 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0D-21-C2-1C-00-1A-92-13-01-71 DNS Servers . . . . . . . . . . . : 192.168.1.254 192.168.1.254 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 6: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.launchmodem.com Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 7: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8ac:730:3f57:fe9e(Preferred) Link-local IPv6 Address . . . . . : fe80::8ac:730:3f57:fe9e%9(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : launchmodem.com Description . . . . . . . . . . . : isatap.launchmodem.com Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: launchmodem Address: 192.168.1.254 Name: google.com Addresses: 74.125.45.147 74.125.45.99 74.125.45.103 74.125.45.106 74.125.45.105 74.125.45.104 Server: launchmodem Address: 192.168.1.254 Name: yahoo.com Addresses: 69.147.125.65 72.30.2.43 98.137.149.56 209.191.122.70 67.195.160.76 Pinging google.com [74.125.45.147] with 32 bytes of data: Reply from 74.125.45.147: bytes=32 time=12ms TTL=52 Reply from 74.125.45.147: bytes=32 time=12ms TTL=52 Ping statistics for 74.125.45.147: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 12ms, Maximum = 12ms, Average = 12ms Pinging yahoo.com [209.191.122.70] with 32 bytes of data: Reply from 209.191.122.70: bytes=32 time=73ms TTL=49 Reply from 209.191.122.70: bytes=32 time=69ms TTL=49 Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 69ms, Maximum = 73ms, Average = 71ms =========================================================================== Interface List 8 ...00 1a 92 13 01 71 ...... NVIDIA nForce Networking Controller 1 ........................... Software Loopback Interface 1 12 ...00 00 00 00 00 00 00 e0 isatap.launchmodem.com 9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface 13 ...00 00 00 00 00 00 00 e0 isatap.launchmodem.com =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.97 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.97 276 192.168.1.97 255.255.255.255 On-link 192.168.1.97 276 192.168.1.255 255.255.255.255 On-link 192.168.1.97 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.97 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.97 276 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 9 18 ::/0 On-link 1 306 ::1/128 On-link 9 18 2001::/32 On-link 9 266 2001:0:4137:9e76:8ac:730:3f57:fe9e/128 On-link 8 276 fe80::/64 On-link 9 266 fe80::/64 On-link 9 266 fe80::8ac:730:3f57:fe9e/128 On-link 8 276 fe80::15b3:2ca9:7d55:787d/128 On-link 1 306 ff00::/8 On-link 9 266 ff00::/8 On-link 8 276 ff00::/8 On-link =========================================================================== Persistent Routes: None Sure do appreciate your help and patience! Will run the first essentials scan after I get this to you, would also like to know your thougths on upgrading to 7 after we fix allOk. We need to clear your DNS cache. Please navigate to Start>Run and type cmd in the window that pops up type ipconfig /flushdns Now try to see if IE works in Normal Mode. I could only do the flush in safe mode, so IE shut down after beginning to open in regular mode (the installer window continues to run as well, saying the network source is no longer available, for an .msi file) in regular mode it said it needed elevation?wow, I just did a reset of EI and now it is working in regular, still got the elevation notice and the REPETITIVE insstaller. Will intall WOT and and I think you recommended cc slim?, will wait for the other cleaning til I hear from you, thanks!During Comodo install the options to uncheck did not come up, there were 3 versions to choose from, think I chose the middle and the GEEK Buddy? Quote During Comodo install the options to uncheck did not come up, there were 3 versions to choose from, think I chose the middle and the Geek Buddy? Sorry, I'm not familiar with Comodo AV. Quote still got the elevation notice and the repetitive insstaller. I'm sure this is not malware related. Perhaps you could ask this question in the proper software forum. Please let me know when you're finished with the clean up so I can lock this thread.Sorry, it is the comodo firewall, not the AV Quote Sorry, it is the comodo firewall, not the AV It shouldn't matter from where you downloaded it; they should all be the same. This link that I gave you is a old canned speech. They must have changed the program. I don't remember those options when I installed my Comodo Firewall. Clean up is done! Thanks SuperDave!You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Answer»

Quote

I still need to reinstall antivirus, is there a preference between avast or avg?

You can choose from this list below. I, myself, prefer MicroSoft Security Essentials. Very efficient, updates automatically and not a resource hog.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
********************************************
Please run Notepad (start > All Programs > Accessories >
Notepad) and copy and paste the text in the CODE box into a new file:

Code: [Select]echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

•Go to the File menu at the top of the Notepad and select Save as.

•Select save in: desktop

•Fill in File name: test.bat

•Save as type: All file types (*.*)

•Click save.

•Close the Notepad.

•Locate and double-click test.bat on the desktop.

•A notepad opens, copy and paste the content it (log1.txt) to your reply.

Windows IP Configuration

Host Name . . . . . . . . . . . . : cgeiger-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : launchmodem.com

Ethernet adapter LOCAL Area Connection:

Connection-specific DNS Suffix . : launchmodem.com
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1A-92-13-01-71
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::15b3:2ca9:7d55:787d%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.97(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, April 02, 2011 2:44:05 PM
Lease Expires . . . . . . . . . . : Sunday, April 03, 2011 2:44:05 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 201332979
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0D-21-C2-1C-00-1A-92-13-01-71
DNS Servers . . . . . . . . . . . : 192.168.1.254
192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.launchmodem.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8ac:730:3f57:fe9e(Preferred)
Link-local IPv6 Address . . . . . : fe80::8ac:730:3f57:fe9e%9(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : launchmodem.com
Description . . . . . . . . . . . : isatap.launchmodem.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: launchmodem
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.45.147
     74.125.45.99
     74.125.45.103
     74.125.45.106
     74.125.45.105
     74.125.45.104

Server: launchmodem
Address: 192.168.1.254

Name: yahoo.com
Addresses: 69.147.125.65
     72.30.2.43
     98.137.149.56
     209.191.122.70
     67.195.160.76

Pinging google.com [74.125.45.147] with 32 bytes of data:

Reply from 74.125.45.147: bytes=32 time=12ms TTL=52

Reply from 74.125.45.147: bytes=32 time=12ms TTL=52

Ping statistics for 74.125.45.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 12ms, Maximum = 12ms, Average = 12ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=73ms TTL=49

Reply from 209.191.122.70: bytes=32 time=69ms TTL=49

Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 69ms, Maximum = 73ms, Average = 71ms

===========================================================================
Interface List
8 ...00 1a 92 13 01 71 ...... NVIDIA nForce Networking Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.launchmodem.com
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 isatap.launchmodem.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.97 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.97 276
192.168.1.97 255.255.255.255 On-link 192.168.1.97 276
192.168.1.255 255.255.255.255 On-link 192.168.1.97 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.97 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.97 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
9 18 ::/0 On-link
1 306 ::1/128 On-link
9 18 2001::/32 On-link
9 266 2001:0:4137:9e76:8ac:730:3f57:fe9e/128
On-link
8 276 fe80::/64 On-link
9 266 fe80::/64 On-link
9 266 fe80::8ac:730:3f57:fe9e/128
On-link
8 276 fe80::15b3:2ca9:7d55:787d/128
On-link
1 306 ff00::/8 On-link
9 266 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Sure do appreciate your help and patience! Will run the first essentials scan after I get this to you, would also like to know your thougths on upgrading to 7 after we fix allOk. We need to clear your DNS cache.

Please navigate to Start>Run and type cmd

in the window that pops up type ipconfig /flushdns

Now try to see if IE works in Normal Mode. I could only do the flush in safe mode, so IE shut down after beginning to open in regular mode (the installer window continues to run as well, saying the network source is no longer available, for an .msi file)

in regular mode it said it needed elevation?wow, I just did a reset of EI and now it is working in regular, still got the elevation notice and the REPETITIVE insstaller. Will intall WOT and and I think you recommended cc slim?, will wait for the other cleaning til I hear from you, thanks!During Comodo install the options to uncheck did not come up, there were 3 versions to choose from, think I chose the middle and the GEEK Buddy? Quote

During Comodo install the options to uncheck did not come up, there were 3 versions to choose from, think I chose the middle and the Geek Buddy?

Sorry, I'm not familiar with Comodo AV.

Quote

still got the elevation notice and the repetitive insstaller.

I'm sure this is not malware related. Perhaps you could ask this question in the proper software forum.
Please let me know when you're finished with the clean up so I can lock this thread.Sorry, it is the comodo firewall, not the AV Quote

Sorry, it is the comodo firewall, not the AV

It shouldn't matter from where you downloaded it; they should all be the same. This link that I gave you is a old canned speech. They must have changed the program. I don't remember those options when I installed my Comodo Firewall. Clean up is done! Thanks SuperDave!You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Solve : potential malware?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment