Other computers on my LAN work just fine and can access any domain, and will ping http://www.google.com at IP 74.125.239.145, google.com at 74.125.239.128, http://www.bing.com at 23.72.38.115, and bing.com at 131.253.33.200. I can ping any of these and get replies.
I followed the following instructions http://forums.malwarebytes.org/index.ph ... opic=76654 (minus the custom ComFix script or the rootkit) with no success. After several hours of scanning, Combofix and ESET online scanner both found some suspicious items that they claimed they deleted - but the problem remains.
I have checked the hosts file, and it only has the localhost loopback 127.0.0.1.
Would appreciate any help!
***************
DDS.SCR Output
***************
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35
Run by Doctor at 20:46:03 on 2013-07-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1145 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\pnssosvr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Dentrix\DtxQuickLaunch.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Documents and Settings\Doctor\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Dentrix\PAMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nordandassociates.com/clientlogin.php
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DtxQuickLaunch.exe] c:\program files\dentrix\DtxQuickLaunch.exe
uRun: [ISUSPM] "c:\documents and settings\all users\application data\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
StartupFolder: c:\docume~1\doctor\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\doctor\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\doctor\startm~1\programs\startup\shortc~1.lnk - c:\program files\dentrix\PAMgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 7944263171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{6E3C7A1F-1CDF-4BE7-A89C-D571BF30CD49} : DHCPNameServer = 68.94.156.1 68.94.157.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist remote support customer\430\g2ax_winlogon.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\doctor\application data\mozilla\firefox\profiles\m6m9xtu9.default-1348079904062\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-07-11 11:35; firebug@software.joehewitt.com; c:\documents and settings\doctor\application data\mozilla\firefox\profiles\m6m9xtu9.default-1348079904062\extensions\firebug@software.joehewitt.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-11 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-11 22856]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-7-11 701512]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-9-19 27064]
S4 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files\citrix\gotoassist remote support customer\430\g2ax_service.exe [2012-8-16 610960]
S4 GuruLELicensing;Guru Limited Edition Licensing;c:\program files\guru limited edition server\GuruLEService.exe [2008-4-28 60416]
.
=============== Created Last 30 ================
.
2013-07-11 19:46:06 -------- d-----w- c:\program files\ESET
2013-07-11 19:23:12 -------- d-sha-r- C:\cmdcons
2013-07-11 19:21:01 98816 ----a-w- c:\windows\sed.exe
2013-07-11 19:21:01 256000 ----a-w- c:\windows\PEV.exe
2013-07-11 19:21:01 208896 ----a-w- c:\windows\MBR.exe
2013-07-11 17:33:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-11 17:33:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-11 17:08:52 -------- d-----w- c:\program files\common files\Symantec Shared
2013-07-11 17:08:45 -------- d-----w- c:\documents and settings\all users\application data\Norton
2013-07-11 17:08:37 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2013-07-11 16:39:12 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-06-26 14:52:09 -------- d-----w- c:\program files\Dropbox
.
==================== Find3M ====================
.
2013-06-08 06:55:44 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-26 00:41:22 810496 ----a-w- c:\windows\system32\wmvdmod.dll
.
============= FINISH: 20:46:35.62 ===============