potential malware

[SuperDave]

I still need to reinstall antivirus, is there a preference between avast or avg?

You can choose from this list below. I, myself, prefer MicroSoft Security Essentials. Very efficient, updates automatically and not a resource hog.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
********************************************
Please run Notepad (start > All Programs > Accessories >
Notepad) and copy and paste the text in the code box into a new file:

Code: [Select]

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

•Go to the File menu at the top of the Notepad and select Save as.

•Select save in: desktop

•Fill in File name: test.bat

•Save as type: All file types (*.*)

•Click save.

•Close the Notepad.

•Locate and double-click test.bat on the desktop.

•A notepad opens, copy and paste the content it (log1.txt) to your reply.

[CG1]

Windows IP Configuration

   Host Name . . . . . . . . . . . . : cgeiger-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : launchmodem.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : launchmodem.com
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-1A-92-13-01-71
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::15b3:2ca9:7d55:787d%8(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.97(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, April 02, 2011 2:44:05 PM
   Lease Expires . . . . . . . . . . : Sunday, April 03, 2011 2:44:05 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 201332979
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0D-21-C2-1C-00-1A-92-13-01-71
   DNS Servers . . . . . . . . . . . : 192.168.1.254
                                       192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.launchmodem.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8ac:730:3f57:fe9e(Preferred)
   Link-local IPv6 Address . . . . . : fe80::8ac:730:3f57:fe9e%9(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : launchmodem.com
   Description . . . . . . . . . . . : isatap.launchmodem.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  launchmodem
Address:  192.168.1.254

Name:    google.com
Addresses:  74.125.45.147
     74.125.45.99
     74.125.45.103
     74.125.45.106
     74.125.45.105
     74.125.45.104

Server:  launchmodem
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  69.147.125.65
     72.30.2.43
     98.137.149.56
     209.191.122.70
     67.195.160.76



Pinging google.com [74.125.45.147] with 32 bytes of data:

Reply from 74.125.45.147: bytes=32 time=12ms TTL=52

Reply from 74.125.45.147: bytes=32 time=12ms TTL=52



Ping statistics for 74.125.45.147:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 12ms, Maximum = 12ms, Average = 12ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=73ms TTL=49

Reply from 209.191.122.70: bytes=32 time=69ms TTL=49



Ping statistics for 209.191.122.70:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 69ms, Maximum = 73ms, Average = 71ms

===========================================================================
Interface List
  8 ...00 1a 92 13 01 71 ...... NVIDIA nForce Networking Controller
  1 ........................... Software Loopback Interface 1
 12 ...00 00 00 00 00 00 00 e0  isatap.launchmodem.com
  9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 13 ...00 00 00 00 00 00 00 e0  isatap.launchmodem.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.97     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.97    276
     192.168.1.97  255.255.255.255         On-link      192.168.1.97    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.97    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.97    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.97    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  9     18 ::/0                     On-link
  1    306 ::1/128                  On-link
  9     18 2001::/32                On-link
  9    266 2001:0:4137:9e76:8ac:730:3f57:fe9e/128
                                    On-link
  8    276 fe80::/64                On-link
  9    266 fe80::/64                On-link
  9    266 fe80::8ac:730:3f57:fe9e/128
                                    On-link
  8    276 fe80::15b3:2ca9:7d55:787d/128
                                    On-link
  1    306 ff00::/8                 On-link
  9    266 ff00::/8                 On-link
  8    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None


Sure do appreciate your help and patience!  Will run the first essentials scan after I get this to you, would also like to know your thougths on upgrading to 7 after we fix all

[SuperDave]

Ok. We need to clear your DNS cache.

Please navigate to Start>Run and type cmd

in the window that pops up type ipconfig /flushdns

Now try to see if IE works in Normal Mode.

[CG1]

I could only do the flush in safe mode, so IE shut down after beginning to open in regular mode  (the installer window continues to run as well, saying the network source is no longer available, for an .msi file)

in regular mode it said it needed elevation?

[CG1]

wow, I just did a reset of EI and now it is working in regular, still got the elevation notice and the repetitive insstaller.  Will intall WOT and and I think you recommended cc slim?, will wait for the other cleaning til I hear from you, thanks!

[CG1]

During Comodo install the options to uncheck did not come up, there were 3 versions to choose from, think I chose the middle and the Geek Buddy?

[SuperDave]

During Comodo install the options to uncheck did not come up, there were 3 versions to choose from, think I chose the middle and the Geek Buddy?

Sorry, I'm not familiar with Comodo AV.

still got the elevation notice and the repetitive insstaller.

I'm sure this is not malware related. Perhaps you could ask this question in the proper software forum.
Please let me know when you're finished with the clean up so I can lock this thread.

[CG1]

Sorry, it is the comodo firewall, not the AV

[SuperDave]

Sorry, it is the comodo firewall, not the AV

It shouldn't matter from where you downloaded it; they should all be the same. This link that I gave you is a old canned speech. They must have changed the program. I don't remember those options when I installed my Comodo Firewall.

[CG1]

Clean up is done!  Thanks SuperDave!

[SuperDave]

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.