Godaddy.com is unreachable

Welcome to Majrogeeks!

Do you recognize the below as things you downloaded yourself?

Code:

Virus:W32/Happy
C:\Program Files\Gravity\newsdb\at\IQSnewsgroup.txt[~0008269.~][Happy99.exe]
 
Security Risk:HackTool/Gendel.A          
C:\GENDEL32.EXE 
 
Security Risk:HackTool/Gendel.A               
F:\WINDOWS\SYSTEM32\Setup\GENDEL32.EX_ 
 
Potentially unwanted tool:Application/NirCmd.A            
F:\fixwareout\FindT\NIRCMD.EXE 

 

I see a load of startup processes and services that are stopped/disabled. It does not appear that you are stopping them with MSConfig. Are you stopping all of these items from running by using Windows Defender or another similar program? If so, why. I even see things from McAfee in there but you don't have McAfee installed anymore. Uninstalling software while process/services are disabled like this often results in incomplete software removal and typically results in problems in some form (this is not a malwar problem however).

Do you know what the below file is for?

Code:

"F:\Documents and Settings\All Users\Application Data\"
uyaŽ31~1.sys  Jan 27 2007          13  "UYAŽ3113>.sys"

 

Since you don't know what they are, you should delete the below files:
C:\GENDEL32.EXE
F:\WINDOWS\SYSTEM32\Setup\GENDEL32.EX_
F:\Documents and Settings\All Users\Application Data\UYAŽ3113>.sys

You did not answer my question about all those processes and services being stopped!

You problems do not appear to be malware related at this time. Perhaps you need to flush your DNS cache. Also why are you using IP Routing and why is WINS Proxy enabled too?

I do however have somethings for you to do besides the above.

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
F:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Now Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Stop using whatever it is that you are using to disable all those startup processes and services. If you don't need startups, delete them permanently or uninstall the softare. Some items listed are not even installed on your PC anymore.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - blank (file missing)l
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
After clicking Fix, exit HJT.

Now reboot in normal mode
Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

As I said previously, I don't believe this is a malware issue.

Did you enable IP Routing while doing debgging with Verizon? You should disable this too unless you need it setup for some reason. Do you use this PC as a router to allow other PCs to connect to the internet?

Look at an ipconfig /all report from your other PCs on the network and compare. They probably do not have IP Routing enabled (nor the Wins Proxy).

Do other PCs connect to GoDaddy without a problem?

Try bypassing your router and directly connect your problem PC to your DSL/Cable modem and see what happens. (Yes this will temporarily disconnect the other PCs while testing this).

Also if you boot your PC in safe mode can you connect to the net? If so, can you connect to godaddy in safe mode?

Try another browser too like FireFox. Does it connect?

 

Are all PC's setup with IP Routing and WINS Proxy? I'm not sure if this is the cause of the problem or not but these settings are not normally required on a home network unless something special is being done. The reason I'm not sure is because I don't understand why it would impact only one IP address unless there is something setup in your IP Route to stop it.

You are going to have to check to make sure you are not blocking godaddy in your firewall or with any other protect software. Make sure you have not some how put it into the Restricted Zone too.

Have you done an ipconfig /flushdns from the command prompt? If not, run that.

 

Well at least that proves what I had been saying..... that it was not malware! Happy to hear everything is working now.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!