Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google and Bing access blocked on WinXP

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google and Bing access blocked on WinXP

Unread postby wherati » July 11th, 2013, 11:56 pm

I have a WinXP Service Pack3 PC that is blocked from addressing many Google addresses as well as bing.com. Youtube, gmail, yahoo, etc. work just fine. When I ping either google.com or http://www.google.com, the IP address pinged is Pinging http://www.bing.com pings this same IP address - Pinging bing.com returns IP address (correct IP address), but there are no replies. On this infected computer, the browser just keeps waiting for the server and eventually gives up. Disabling Windows Firewall does not help.

Other computers on my LAN work just fine and can access any domain, and will ping http://www.google.com at IP, google.com at, http://www.bing.com at, and bing.com at I can ping any of these and get replies.

I followed the following instructions http://forums.malwarebytes.org/index.ph ... opic=76654 (minus the custom ComFix script or the rootkit) with no success. After several hours of scanning, Combofix and ESET online scanner both found some suspicious items that they claimed they deleted - but the problem remains.

I have checked the hosts file, and it only has the localhost loopback

Would appreciate any help!

DDS.SCR Output
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35
Run by Doctor at 20:46:03 on 2013-07-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1145 [GMT -7:00]
============== Running Processes ================
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Dentrix\DtxQuickLaunch.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Documents and Settings\Doctor\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Dentrix\PAMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.nordandassociates.com/clientlogin.php
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DtxQuickLaunch.exe] c:\program files\dentrix\DtxQuickLaunch.exe
uRun: [ISUSPM] "c:\documents and settings\all users\application data\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
StartupFolder: c:\docume~1\doctor\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\doctor\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\doctor\startm~1\programs\startup\shortc~1.lnk - c:\program files\dentrix\PAMgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 7944263171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer =
TCP: Interfaces\{6E3C7A1F-1CDF-4BE7-A89C-D571BF30CD49} : DHCPNameServer =
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist remote support customer\430\g2ax_winlogon.dll
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\documents and settings\doctor\application data\mozilla\firefox\profiles\m6m9xtu9.default-1348079904062\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-07-11 11:35; firebug@software.joehewitt.com; c:\documents and settings\doctor\application data\mozilla\firefox\profiles\m6m9xtu9.default-1348079904062\extensions\firebug@software.joehewitt.com.xpi
============= SERVICES / DRIVERS ===============
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-11 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-11 22856]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-7-11 701512]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-9-19 27064]
S4 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files\citrix\gotoassist remote support customer\430\g2ax_service.exe [2012-8-16 610960]
S4 GuruLELicensing;Guru Limited Edition Licensing;c:\program files\guru limited edition server\GuruLEService.exe [2008-4-28 60416]
=============== Created Last 30 ================
2013-07-11 19:46:06 -------- d-----w- c:\program files\ESET
2013-07-11 19:23:12 -------- d-sha-r- C:\cmdcons
2013-07-11 19:21:01 98816 ----a-w- c:\windows\sed.exe
2013-07-11 19:21:01 256000 ----a-w- c:\windows\PEV.exe
2013-07-11 19:21:01 208896 ----a-w- c:\windows\MBR.exe
2013-07-11 17:33:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-11 17:33:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-11 17:08:52 -------- d-----w- c:\program files\common files\Symantec Shared
2013-07-11 17:08:45 -------- d-----w- c:\documents and settings\all users\application data\Norton
2013-07-11 17:08:37 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2013-07-11 16:39:12 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-06-26 14:52:09 -------- d-----w- c:\program files\Dropbox
==================== Find3M ====================
2013-06-08 06:55:44 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-26 00:41:22 810496 ----a-w- c:\windows\system32\wmvdmod.dll
============= FINISH: 20:46:35.62 ===============
Active Member
Posts: 1
Joined: July 11th, 2013, 11:43 pm
Register to Remove

Re: Google and Bing access blocked on WinXP

Unread postby deltalima » July 12th, 2013, 3:53 pm

Hi wherati,

Are you using this computer as part of a business?
User avatar
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google and Bing access blocked on WinXP

Unread postby deltalima » July 15th, 2013, 1:15 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware