anit virus advertising virus

some antivirus ad popped up when i opened firefox and clicked into a site i know well. so i used mbam and avira. that thing hasnt popped up ever since but my internet has slowed down to a crawl. im not sure if its the work of the virus, maybe its just the service provider. i don't know what this thing is called coz i panicked and did a virus scan right away. but just in case heres the mbam log:

Malwarebytes' Anti-Malware 1.41
Database version: 3168
Windows 5.1.2600

14/11/2009 10:28:24 p.m.
mbam-log-2009-11-14 (22-28-24).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 165505
Time elapsed: 29 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\User\Local Settings\Temp\BNeB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\BNeF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


thanks

Last edited by ericshin on 15th November 2009, 10:30 am; edited 2 times in total (Reason for editing : forgot to thank)

Hi,
please read THIS post, and post your HijackThis log file in this topic.

Wait for instructions given only by DragonMaster Jay, Origin or Belahzur

My nvidia firewall says there's a high risk. Then it says theres an application called svchost - Microsoft Windows operating system. Then it gives me the opton to allow or deny. What do i do?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:57 p.m., on 21/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\Documents and Settings\User\My Documents\winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\User\Desktop\New Folder (2)\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=5129
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\User\My Documents\Real player\rpbrowserrecordplugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "D:\Documents and Settings\User\My Documents\winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\WINDOWS\TEMP\E_S86.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe

--
End of file - 6216 bytes

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.41
Database version: 3210
Windows 5.1.2600 Service Pack 3

22/11/2009 2:18:59 p.m.
mbam-log-2009-11-22 (14-18-58).txt

Scan type: Quick Scan
Objects scanned: 106029
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I did a scan before with mbam in my first post and it said there were two infected files but now there isn't now but my avira detected something called op[1] only a few days ago and said it was a virus or trojan or something like that. Should i allow svchost through my firewall even though it says high risk?

Hello.
No, block it..for now, it may be for something else.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

DDS (Ver_09-10-26.01) - NTFSx86
Run by User at 20:32:44.40 on Sun 22/11/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.64.1033.18.1023.622 [GMT 13:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\Documents and Settings\User\My Documents\winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=5129
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\documents and settings\user\my documents\real player\rpbrowserrecordplugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [DAEMON Tools] "d:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [WinampAgent] "d:\documents and settings\user\my documents\winamp\winampa.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [EPSON Stylus CX3900 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibep.exe /fu "c:\windows\temp\E_S86.tmp" /EF "HKLM"
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\5reuey1j.default\
FF - component: d:\documents and settings\user\my documents\real player\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: d:\documents and settings\user\my documents\real player\netscape6\nppl3260.dll
FF - plugin: d:\documents and settings\user\my documents\real player\netscape6\nprjplug.dll
FF - plugin: d:\documents and settings\user\my documents\real player\netscape6\nprpjplug.dll
FF - plugin: d:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll

============= SERVICES / DRIVERS ===============

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-5-28 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-5-28 45416]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2009-5-28 108289]

=============== Created Last 30 ================


==================== Find3M ====================

2009-11-21 05:50:51 96384 ----a-w- c:\windows\system32\drivers\sptd8717.sys

============= FINISH: 20:33:14.29 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/15/2007 10:26:05 PM
System Uptime: 11/22/2009 8:25:57 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | A8N5X
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 10 GiB total, 2.959 GiB free.
D: is FIXED (NTFS) - 65 GiB total, 2.457 GiB free.
E: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&11
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&11
Service:

==== System Restore Points ===================

RP68: 11/21/2009 6:44:31 PM - Installed Windows XP Service Pack 3.

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Age of Empires III
Age of Empires III - The Asian Dynasties
Avira AntiVir Personal - Free Antivirus
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Dawn of War - Soulstorm
Diablo II
Doom 3
Earth's Special Forces
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESCX3900 User's Guide
ESF Bot 3.1
Fable - The Lost Chapters
GameSpy Arcade
GOM Player
Grand Theft Auto Vice City
Half-Life
HijackThis 2.0.2
Hitman Blood Money
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Halo
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 Parser and SDK
Neverwinter Nights 2
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PIF DESIGNER
POD-Bot 2.5
RealPlayer
Realtek AC'97 Audio
Sierra Utilities
TypeFaster Typing Tutor
WebFldrs XP
Winamp
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

11/21/2009 6:52:49 PM, error: Service Control Manager [7023] - The Portable Media Serial Number service terminated with the following error: The specified module could not be found.
11/21/2009 6:37:24 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bfb22cf7, parameter3 b2067b28, parameter4 00000000.
11/21/2009 6:37:00 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bfb22cf7, parameter3 b998fb28, parameter4 00000000.
11/15/2009 1:04:29 AM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 0013D4871E03 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Still having problems?

yeah, i'm pretty sure me internet speed has decreased by a lot ever since that advertising thing has popped up coz it takes me like 10 minutes to watch a 4 1/2 minute video off youtube or metacafe.

And also when i check on line for the internet usage the i've used, it says that i haven't used any at all for the last week or so even though i've been coming on here and played a few online games.

My internet also cuts off after a while so i can't open firefox until i restart the computer. This never happend before.

I've also got 2 "trojans.agents" in the quarantine of mbam. should i delete them?

thanks

bump

Nah, leave them for now, the quarantined items are dead.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-11-23.02 - User 24/11/2009 21:21.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.64.1033.18.1023.704 [GMT 13:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.

2009-11-22 01:11 . 2009-09-10 01:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 01:11 . 2009-09-10 01:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 05:52 . 2009-11-21 05:52 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-11-21 05:50 . 2009-11-21 05:50 -------- d-s---w- c:\windows\system32\Microsoft
2009-11-21 05:46 . 2008-04-13 16:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-11-21 05:44 . 2007-08-10 07:46 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-11-21 05:33 . 2008-04-13 13:30 103424 ----a-w- c:\windows\system32\dpcdll.dll
2009-11-21 05:31 . 2008-04-13 16:42 188416 ----a-w- c:\windows\system32\msh261.drv
2009-11-14 08:37 . 2009-11-14 08:37 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-11-14 08:37 . 2009-11-14 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-14 07:00 . 2009-11-14 07:00 -------- d-----w- c:\documents and settings\User\Application Data\EPSON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 05:58 . 2009-11-21 05:58 3398 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-11-21 05:53 . 2008-02-24 10:15 42944 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 05:50 . 2007-12-21 09:11 96384 ----a-w- c:\windows\system32\drivers\sptd8717.sys
2009-11-21 05:49 . 2007-12-15 09:24 70691 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-09-06 00:49 . 2009-09-06 00:49 488968 ----a-w- c:\documents and settings\User\Application Data\Real\Update\temp\~Upg0\setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-11-04 7307264]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-11-04 86016]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"WinampAgent"="d:\documents and settings\User\My Documents\winamp\winampa.exe" [2008-08-03 36352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-03 185872]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-11-04 1519616]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [5/28/2009 4:43 PM 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [5/28/2009 4:43 PM 45416]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [5/28/2009 4:43 PM 108289]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/21/2007 10:11 PM 664064]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=5129
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\5reuey1j.default\
FF - component: d:\documents and settings\User\My Documents\Real player\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: d:\documents and settings\User\My Documents\Real player\Netscape6\nppl3260.dll
FF - plugin: d:\documents and settings\User\My Documents\Real player\Netscape6\nprjplug.dll
FF - plugin: d:\documents and settings\User\My Documents\Real player\Netscape6\nprpjplug.dll
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
AddRemove-HijackThis - d:\documents and settings\User\My Documents\HijackThis.exe
AddRemove-NVIDIA Drivers - c:\windows\System32\NVUNINST.EXE UninstallGUI
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-Sierra Utilities - c:\program files\Sierra On-Line\sutil32.exe uninstall



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 21:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2009-11-24 21:26
ComboFix-quarantined-files.txt 2009-11-24 08:25

Pre-Run: 3,057,106,944 bytes free
Post-Run: 3,267,203,072 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F78BD1C040A82E77BB3AADF52E5BAE52

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

when i did that it opened and ran combofix while my antivirus and firewall was still on. nothing bad will happen from that right?

internet is still running slow it and and still cuts off after a while and still have to restart computer reconnect to the internet. unplugging and replugging the modem doesn't work, i actually have to unplug the modem then restart computer.

thanks

bump

No, AV/firewall are fine as long as they are active and updated.

Post a new Hijack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:49 p.m., on 28/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Documents and Settings\User\My Documents\winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\User\Desktop\winlogon.scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=5129
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\User\My Documents\Real player\rpbrowserrecordplugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "D:\Documents and Settings\User\My Documents\winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 5818 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
  O4 - HKLM\..\Run: [WinampAgent] "D:\Documents and Settings\User\My Documents\winamp\winampa.exe"
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Reboot normally.
Any better now?

internet still seems slow so i think it will still cut off after a while

What browser are you using?

mozilla firefox

oh and the internet does still cut off and when it cuts off i can't play games online so its not just firefox.

and also i figured out that i don't actuall have to unplug and replug the modem. as long as i restart the computer the internet will work again

bump

Not too sure what that's about.

I'll ask Doc to drop by.

ok thanks

Please download RenewMyDNS by DragonMaster Jay.

• Save it to your Desktop.
  
• Right-click on the file and select Extract All...
  
• Choose a location to save extracted files and keep pressing Next until Finish.
  
• Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  
• Follow the prompts, and when finished it will launch a log.
  
• Post that log in your next reply.
  
• After posting the log, delete the folder RenewMyDNS.

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows XP [Version 5.1.2600]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))




Windows IP Configuration



Host Name . . . . . . . . . . . . : JAMES-U343NIHYF

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-13-D4-87-1E-03

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.1.1.3

Subnet Mask . . . . . . . . . . . : 255.0.0.0

Default Gateway . . . . . . . . . : 10.1.1.1

DHCP Server . . . . . . . . . . . : 10.1.1.1

DNS Servers . . . . . . . . . . . : 10.1.1.1

Lease Obtained. . . . . . . . . . : Friday, 4 December 2009 10:39:39 p.m.

Lease Expires . . . . . . . . . . : Friday, 4 December 2009 11:39:39 p.m.


(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.



(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))


Pinging yahoo.com [69.147.114.224] with 32 bytes of data:



Request timed out.

Reply from 69.147.114.224: bytes=32 time=316ms TTL=51

Reply from 69.147.114.224: bytes=32 time=312ms TTL=50

Reply from 69.147.114.224: bytes=32 time=308ms TTL=50



Ping statistics for 69.147.114.224:

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),

Approximate round trip times in milli-seconds:

Minimum = 308ms, Maximum = 316ms, Average = 312ms



Pinging geekpolice.net [74.86.239.78] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 74.86.239.78:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),



Pinging facebook.com [69.63.184.142] with 32 bytes of data:



Reply from 69.63.184.142: bytes=32 time=307ms TTL=241

Reply from 69.63.184.142: bytes=32 time=298ms TTL=241

Reply from 69.63.184.142: bytes=32 time=298ms TTL=241

Reply from 69.63.184.142: bytes=32 time=298ms TTL=241



Ping statistics for 69.63.184.142:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 298ms, Maximum = 307ms, Average = 300ms



Pinging microsoft.com [207.46.197.32] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.197.32:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

Sorry the one above has word wrap on. this log doesn't have word wrap on

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows XP [Version 5.1.2600]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))


Windows IP Configuration Host Name . . . . . . . . . . . . : JAMES-U343NIHYF Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-13-D4-87-1E-03 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.1.1.3 Subnet Mask . . . . . . . . . . . : 255.0.0.0 Default Gateway . . . . . . . . . : 10.1.1.1 DHCP Server . . . . . . . . . . . : 10.1.1.1 DNS Servers . . . . . . . . . . . : 10.1.1.1 Lease Obtained. . . . . . . . . . : Friday, 4 December 2009 10:39:39 p.m. Lease Expires . . . . . . . . . . : Friday, 4 December 2009 11:39:39 p.m.
(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.

(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))
Pinging yahoo.com [69.147.114.224] with 32 bytes of data:Request timed out.Reply from 69.147.114.224: bytes=32 time=316ms TTL=51Reply from 69.147.114.224: bytes=32 time=312ms TTL=50Reply from 69.147.114.224: bytes=32 time=308ms TTL=50Ping statistics for 69.147.114.224: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),Approximate round trip times in milli-seconds: Minimum = 308ms, Maximum = 316ms, Average = 312msPinging geekpolice.net [74.86.239.78] with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out.Ping statistics for 74.86.239.78: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),Pinging facebook.com [69.63.184.142] with 32 bytes of data:Reply from 69.63.184.142: bytes=32 time=307ms TTL=241Reply from 69.63.184.142: bytes=32 time=298ms TTL=241Reply from 69.63.184.142: bytes=32 time=298ms TTL=241Reply from 69.63.184.142: bytes=32 time=298ms TTL=241Ping statistics for 69.63.184.142: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 298ms, Maximum = 307ms, Average = 300msPinging microsoft.com [207.46.197.32] with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out.Ping statistics for 207.46.197.32: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
********************
EOF[b]

bump

Hi.
I have not forgotten you, I've been speaking with a colleague who knows more about problems like this than I do.

1. Disconnect the modem from all three cables so that the modem is completely off (the power cord, the
   ethernet cable and the phone line) -- Also, unplug the Ethernet cable from your computer.
   
2. Open up Network Connections (Start, Programs, Accessories, Communications) --> Right-click on the Local Area Connection and select Disable.
   
3. Close the Local Area Connection window, and then goto Start --> Run --> type services.msc and press OK. Scroll down until you see the DHCP client, and select Restart the service.
   
4. Please shut down the computer and wait two minutes. Reconnect all of the cables to your modem. Wait two minutes, and then reconnect the modem to the computer with your Ethernet cable. Wait another two minutes and then turn on your computer.
   
5. Please re-open Network Connections; right-click on your Local Area Connection and select Enable -- restart your computer.
   

Let me know how you get on or if you have any problems.

during step 5 a computer screen with a yellow ball popped up on the bottom right of my screen saying it was acquiring network address. after like 5 minutes it dissappeared but the internet didn't work. so i restarted the computer and its working.

Also during step 5, as soon as i clicked on enable that svchost thing with the high risk popped up asking if i would allow or deny. does that have anything to do with this problem?

internet is also slow. according to this site:
http://www.telecom.co.nz/bbspeed/telecom500.htm
telecom is the company that we are paying for our internet. and it says our speed is:
Results

Below is the data used to calculate your download speed:

* Download time: 14.335 seconds
* Size of file: 520 Kilobytes
* Estimated line speed: 296 (kilobits/second)
* Estimated line speed: 36.3 (kilobytes/second)
its like right at the end of the bar so i'm assumming that's really slow.

also i forgot to mention before. everytime the internet cuts off, the computer screen with the yellow ball would pop up as it did when i enables the local area connection. and the same thing would happen after and during the time it was there, the internet wouldn't work.

thanks

Not too bad, my connection is only just a little bit faster, but only by about 120kb.

PM'd a colleague, I'll see what he says.

bump

Hello.
See here on how to change your IP adress.
http://www.hotcomm.com/faq/FAQ_staticIPXP.asp

It is usually a problem for multiple computers on a network to have the same static address, so Windows assigns the problem computer a temporary dynamic (dynamic means "changing") address. If they are assigned a Static IP that is unique, their connection is liable to stay correct.

XP SP3 has a fix that was included that dealt with "black hole" router detection algorithm, which prevents computers from receiving invalid network packets.

In plain English, the user's computer has a weak connection, because the IP address may need to be Static instead of Dynamic. The fix in XP SP3 caused quite a few issues with connectivity, and these problems are solved by changing the IP address structure. :o)

but this has been happening before i installed sp3. and whats the differnence between a static and dynamic? i know that dynamic changes the ip address from time to time but how is that better or worse?

Like you said, dynamic IP's change, and static stay the same, this site will give a better detailed explanation than I could ever give.
http://www.fnal.gov/docs/pc/nt_at_fermilab/html/current/ntguide.b.html