Findgala hijack removal

[bilaxon]

I am still having the same major problems with blocked access to common websites, removal tools, some downloads and windows updates, whatever findgala did to screw up the DNS resolution is still in there...

i can ping some web addresses but not others - its extremely frustrating

it still will not allow access to www.aol.com, www.microsoft.com, www.yahoo.com etc...

i have tried some experiments with pinging these sites and their ip addresses and it literally blocks all of them and just times out, where as other sites that I CAN access work just fine (avg 26ms round trip time)

[SuperDave]

Please run Notepad (start > All Programs > Accessories >
Notepad) and copy and paste the text in the code box into a new file:

Code: [Select]

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

•Go to the File menu at the top of the Notepad and select Save as.

•Select save in: desktop

•Fill in File name: test.bat

•Save as type: All file types (*.*)

•Click save.

•Close the Notepad.

•Locate and double-click test.bat on the desktop.

•A notepad opens, copy and paste the content it (log1.txt) to your reply.
****************************************************************
Go Start>Run ("Start search" in Vista), type in:
cmd
Click OK (hit Enter in Vista).

At Command Prompt, paste this:
ipconfig /all>c:\ipconfig_all.txt&notepad c:\ipconfig_all.txt&exit
Hit Enter.

Copy and paste what you see in Notepad into a Reply here.

[bilaxon]

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Laxson-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dqstarter.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : dqstarter.local
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 90-E6-BA-32-DF-F8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5cc:588c:8575:547f%21(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.106(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, April 09, 2011 11:05:43 AM
   Lease Expires . . . . . . . . . . : Tuesday, April 19, 2011 8:00:40 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 361817786
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-46-AB-0E-90-E6-BA-32-DF-F8
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   Primary WINS Server . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : 802.11n Wireless LAN Card
   Physical Address. . . . . . . . . : 00-26-82-21-D4-AA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.dqstarter.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : dqstarter.local
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  74.125.93.103
     74.125.93.147
     74.125.93.106
     74.125.93.104
     74.125.93.105
     74.125.93.99

Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  69.147.125.65
     72.30.2.43
     98.137.149.56
     209.191.122.70
     67.195.160.76


Pinging google.com [74.125.93.103] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 74.125.93.103:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 69.147.125.65:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

===========================================================================
Interface List
 21...90 e6 ba 32 df f8 ......Realtek PCIe GBE Family Controller
 11...00 26 82 21 d4 aa ......802.11n Wireless LAN Card
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.1    192.168.1.106     20
          0.0.0.0          0.0.0.0    192.168.1.1    192.168.1.106     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.106    276
    192.168.1.106  255.255.255.255         On-link     192.168.1.106    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.106    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.106    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.106    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 21    276 fe80::/64                On-link
 21    276 fe80::5cc:588c:8575:547f/128
                                    On-link
  1    306 ff00::/8                 On-link
 21    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None


Windows IP Configuration

   Host Name . . . . . . . . . . . . : Laxson-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dqstarter.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : dqstarter.local
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 90-E6-BA-32-DF-F8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5cc:588c:8575:547f%21(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.106(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, April 09, 2011 11:05:43 AM
   Lease Expires . . . . . . . . . . : Tuesday, April 19, 2011 8:00:41 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 361817786
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-46-AB-0E-90-E6-BA-32-DF-F8
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   Primary WINS Server . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : 802.11n Wireless LAN Card
   Physical Address. . . . . . . . . : 00-26-82-21-D4-AA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.dqstarter.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : dqstarter.local
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

[bilaxon]

i ran that batch file a few more times (i added aol.com in there) and got a different result for yahoo once:


Name:    aol.com
Addresses:  64.12.79.57
     205.188.100.58
     207.200.74.38

Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  74.125.93.106
     74.125.93.105
     74.125.93.103
     74.125.93.147
     74.125.93.104
     74.125.93.99

Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  69.147.125.65
     72.30.2.43
     98.137.149.56
     209.191.122.70
     67.195.160.76


Pinging aol.com [205.188.100.58] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 205.188.100.58:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging google.com [74.125.93.106] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 74.125.93.106:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=34ms TTL=56
Reply from 69.147.125.65: bytes=32 time=33ms TTL=56

Ping statistics for 69.147.125.65:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 33ms, Maximum = 34ms, Average = 33ms

[SuperDave]

How are you connected to the modem? Hardwire or wireless? Do you try re-setting the modem?

[bilaxon]

its hardwired to the cable modem through a router

no other computer has any problems with any of these sites - or any other problems connecting to the internet at all.

bypassing the router and connecting directly to the modem makes no difference

I have tried using the netsh command to reset the TCPIP stack, reinstalled the NIC driver, and practically everything else that i can think of - it just will not connect to some sites at all, strangely though it will intermittently connect to yahoo or google - i got this on my last test:

Name:    aol.com
Addresses:  207.200.74.38
     64.12.79.57
     205.188.100.58

Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  74.125.93.104
     74.125.93.147
     74.125.93.99
     74.125.93.105
     74.125.93.103
     74.125.93.106

Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  67.195.160.76
     69.147.125.65
     72.30.2.43
     98.137.149.56
     209.191.122.70


Pinging aol.com [207.200.74.38] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 207.200.74.38:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging google.com [74.125.93.104] with 32 bytes of data:
Reply from 74.125.93.104: bytes=32 time=44ms TTL=54
Reply from 74.125.93.104: bytes=32 time=41ms TTL=54

Ping statistics for 74.125.93.104:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 44ms, Average = 42ms

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 67.195.160.76:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

[SuperDave]

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..