Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google.com -> 404 nginx

Started by hoochimama , Nov 08 2010 05:21 PM

  • Please log in to reply
6 replies to this topic

#1 hoochimama

hoochimama

    New Member

  • Members
  • Pip
  • 3 posts

Posted 08 November 2010 - 05:21 PM

For about 2 weeks now I've been unable to access google.com as well as google.us ending up in a page that reads "404 Not Found nginx" while other search engines such as yahoo, altavista and even other google domains such as google.fr/.de/.pt work fine. Searches in these other engines/domains are working fine.

I am also unable to see anything related to image recognition(the test pictures, input boxes and submit buttons) someone from bleepingcomputer's irc kindly registered this account for me.

This happens to 3 different browsers and programs such as jdownloader, I have no proxy set up, my hosts file seems ok(only has the definition for localhost).

I have tried malwarebytes, spybot search&destroy, kapersky online, e-set online scanner, avira rescue disc and a few others to no avail.

Operating system is windows 7 64bit.

Thanks in advance.

Edited by Blade Zephon, 08 November 2010 - 06:20 PM.
Moved from AIH to AII. ~BZ

 

  • BC Ads
  • BleepingComputer.com

#2 cryptodan

cryptodan

    Bleepin Madman

  • Inactive Staff
  • PipPipPipPipPipPip
  • 19,032 posts
  • Gender:Male
  • Location:Catonsville, Md

Posted 09 November 2010 - 11:25 PM

Can you post the logs from your scans, and were they quick or full?

#3 hoochimama

hoochimama

    New Member

  • Members
  • Pip
  • 3 posts

Posted 09 November 2010 - 11:31 PM

Didn't keep the logs, ran full scans, which do you want me to run again?

#4 cryptodan

cryptodan

    Bleepin Madman

  • Inactive Staff
  • PipPipPipPipPipPip
  • 19,032 posts
  • Gender:Male
  • Location:Catonsville, Md

Posted 10 November 2010 - 12:28 AM

all

#5 hoochimama

hoochimama

    New Member

  • Members
  • Pip
  • 3 posts

Posted 11 November 2010 - 07:01 PM

Just noticed malware bytes automatically stored log files without me having to ask for it.

Here's the last full scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5033

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03-11-2010 16:03:07
mbam-log-2010-11-03 (16-03-07).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 345317
Time elapsed: 54 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Also ran a quick scan just now:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5096

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11-11-2010 23:50:44
mbam-log-2010-11-11 (23-50-44).txt

Scan type: Quick scan
Objects scanned: 153652
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here's a fresh spybot scan

--- Search result list ---
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-10-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-10-12 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-10-12 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-04 Includes\Hijackers.sbi (*)
2010-11-03 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-10-12 Includes\KeyloggersC.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-11-09 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-10-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-10-26 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-11-02 Includes\Trojans.sbi (*)
2010-10-12 Includes\TrojansC-02.sbi (*)
2010-10-12 Includes\TrojansC-03.sbi (*)
2010-10-12 Includes\TrojansC-04.sbi (*)
2010-11-09 Includes\TrojansC-05.sbi (*)
2010-10-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


--- Startup entries list ---
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1173504
MD5: EA6EADF6314E43783BA8EEE79F93F73C

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1173504
MD5: EA6EADF6314E43783BA8EEE79F93F73C

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, msnmsgr
where: S-1-5-21-1436189602-806520073-2569910069-1000...
command: "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
size: 4240760
MD5: 4655580A16674EB18D38394FB276E26B

Located: HK_CU:Run, uTorrent
where: S-1-5-21-1436189602-806520073-2569910069-1000...
command: "C:\Program Files (x86)\uTorrent\uTorrent.exe"
file: C:\Program Files (x86)\uTorrent\uTorrent.exe
size: 328056
MD5: 008F2FE191618133A68F1AC190DC6044

Located: HK_CU:RunOnce, FlashPlayerUpdate
where: S-1-5-21-1436189602-806520073-2569910069-1000...
command: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin
file: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_Plugin.exe
size: 232912
MD5: 00D36079894D61D3E72E286FA5C7736C



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 22-09-2010 17:04:14
Date (last access): 08-11-2010 15:50:20
Date (last write): 22-09-2010 17:04:14
Filesize: 75200
Attributes: archive
MD5: 203A74767EB81F96A5166B1933DB46D0
CRC32: B0D671C9
Version: 9.4.0.195

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 19-10-2010 18:10:48
Date (last access): 19-10-2010 18:10:48
Date (last write): 26-01-2009 14:31:02
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 21-09-2010 13:08:38
Date (last access): 27-10-2010 20:03:46
Date (last write): 21-09-2010 13:08:38
Filesize: 439168
Attributes: archive
MD5: 6BF01E200063D7274F3AF06D226671F5
CRC32: C8953126
Version: 7.250.4225.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java™ Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 15-10-2010 15:19:22
Date (last access): 15-10-2010 15:19:22
Date (last write): 15-10-2010 15:19:22
Filesize: 41760
Attributes: archive
MD5: 3F59EDE1444C14CFBAA15C7EBBFE6196
CRC32: 847C94E6
Version: 6.0.220.4



--- ActiveX list ---
{0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control)
DPF name:
CLSID name: Dldrv2 Control
Installer:
Codebase: http://download.gigabyte.com.tw/object/Dldrv.ocx
description:
classification: Legitimate
known filename: Dldrv.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\DOWNLO~1\
Long name: Dldrv.ocx
Short name:
Date (created): 14-03-2010 06:41:28
Date (last access): 08-11-2010 16:20:30
Date (last write): 14-03-2010 06:41:46
Filesize: 292616
Attributes: archive
MD5: 5AEB62CA67C4B967D77168430F176A4F
CRC32: E3AC2B31
Version: 1.4.206.11

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_22
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 15-10-2010 15:19:22
Date (last access): 15-10-2010 15:19:22
Date (last write): 15-10-2010 15:19:22
Filesize: 108320
Attributes: archive
MD5: 6A25F175BC9D7709ABEA66086489121D
CRC32: 3BFA8F9A
Version: 6.0.220.4

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_22
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 15-10-2010 15:19:22
Date (last access): 15-10-2010 15:19:22
Date (last write): 15-10-2010 15:19:22
Filesize: 108320
Attributes: archive
MD5: 6A25F175BC9D7709ABEA66086489121D
CRC32: 3BFA8F9A
Version: 6.0.220.4

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_22
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_22.dll
Short name: NPJPI1~1.DLL
Date (created): 15-10-2010 15:19:22
Date (last access): 15-10-2010 15:19:22
Date (last write): 15-10-2010 15:19:22
Filesize: 141088
Attributes: archive
MD5: AFB7EFCDE5277F6514EF0E9FF8D8D862
CRC32: 2A43B8CC
Version: 6.0.220.4

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\CONFLICT.1\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\SysWow64\Macromed\Flash\
Long name: Flash10e.ocx
Short name:
Date (created): 27-01-2010 00:58:36
Date (last access): 08-11-2010 16:27:42
Date (last write): 27-01-2010 00:58:36
Filesize: 3981080
Attributes: readonly archive
MD5: C06E6E160F34CE092301BD2B29067F3F
CRC32: D922F8F5
Version: 10.0.45.2



--- Process list ---
PID: 0 ( 0) [System]
PID: 2884 (2656) C:\Program Files (x86)\uTorrent\uTorrent.exe
size: 328056
MD5: 008F2FE191618133A68F1AC190DC6044
PID: 2748 (2736) C:\Program Files (x86)\Java\jre6\bin\javaw.exe
size: 145184
MD5: 87893167C98FCEF5D14077511F219B75
PID: 3372 (2656) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 912344
MD5: E1AB298BAFC8ECCA8C322A29C5FDC68C
PID: 760 (3372) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
size: 16856
MD5: 6F7ECB12B6782A2122DEBE9EC9DF2C5D
PID: 3488 (2656) D:\Bethesda Softworks\Fallout New Vegas\Geck.exe
size: 12943872
MD5: DBAC1DF604D7BD9C342E39EA214D9F34
PID: 2228 (2656) C:\Program Files (x86)\mIRC\mirc.exe
size: 2810880
MD5: 2F63A83968F9586FE4FB48134253619C
PID: 952 (2656) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
size: 1090952
MD5: D594EA4AC1C0E4675EF2F0063950ABEF
PID: 2824 ( 952) C:\Windows\SysWOW64\NOTEPAD.EXE
size: 179712
MD5: D378BFFB70923139D6A4F546864AA61C
PID: 3812 (2656) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 248 ( 4) smss.exe
PID: 380 ( 364) csrss.exe
PID: 428 ( 364) wininit.exe
size: 96256
PID: 448 ( 436) csrss.exe
PID: 484 ( 428) services.exe
PID: 512 ( 428) lsass.exe
PID: 520 ( 428) lsm.exe
PID: 632 ( 436) winlogon.exe
PID: 664 ( 484) svchost.exe
size: 20992
PID: 728 ( 484) nvvsvc.exe
PID: 768 ( 484) svchost.exe
size: 20992
PID: 860 ( 484) svchost.exe
size: 20992
PID: 896 ( 484) svchost.exe
size: 20992
PID: 944 ( 484) svchost.exe
size: 20992
PID: 572 ( 484) svchost.exe
size: 20992
PID: 1084 ( 728) NvXDSync.exe
PID: 1136 ( 484) svchost.exe
size: 20992
PID: 1220 ( 728) nvvsvc.exe
PID: 1336 ( 484) spoolsv.exe
PID: 1368 ( 484) svchost.exe
size: 20992
PID: 1496 ( 484) nvSCPAPISvr.exe
PID: 1640 ( 484) svchost.exe
size: 20992
PID: 1688 ( 484) WLIDSVC.EXE
PID: 1832 (1688) WLIDSVCM.EXE
PID: 1868 ( 484) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2060 ( 484) svchost.exe
size: 20992
PID: 2308 ( 484) C:\Windows\System32\taskhost.exe
PID: 2568 ( 484) svchost.exe
size: 20992
PID: 2632 ( 896) C:\Windows\System32\dwm.exe
PID: 2656 (2624) C:\Windows\explorer.exe
size: 2870272
MD5: 9AAAEC8DAC27AA17B053E6352AD233AE
PID: 2192 ( 484) SearchIndexer.exe
size: 428032
PID: 3016 ( 484) wmpnetwk.exe
PID: 852 ( 860) audiodg.exe
PID: 3912 (2656) C:\Windows\System32\mspaint.exe
size: 6376960
MD5: E97295DE2A9FDE547FEAB4FE41DF16CA
PID: 648 (2192) SearchProtocolHost.exe
size: 164352
PID: 2816 (2192) C:\Windows\System32\SearchFilterHost.exe
size: 86528
MD5: 8A674F9AB20B4937357BF6F5A0938EBF


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12-11-2010 00:34:06

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 6: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider 7: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f8a1c2abb361dd4095f6a7faa716031e
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-07 03:03:46
# local_time=2010-11-07 03:03:46 (+0000, GMT Standard Time)
# country="Portugal"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 1949424 1949424 0 0
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 162645 41561387 0 0
# compatibility_mode=8192 67108863 100 0 3700 3700 0 0
# scanned=168104
# found=56
# cleaned=56
# scan_time=2688
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\3a9c5000-7c4bd43f probably a variant of Win32/Agent.FPEXZHL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\7c5e6701-17a411c2 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\35ace28a-341b9b77 probably a variant of Win32/Agent.LMMBFXF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\653a8b4a-15f68029 probably a variant of Win32/Agent.FPEXZHL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6974112a multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\279f4d0e-3eb7b6d1 a variant of Java/Exploit.Agent.NAC trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4b06bce-4c42a0de multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4e810bce-6470fd08 Java/TrojanDownloader.Agent.NAM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-2a210737 probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-49fdeb34 Java/TrojanDownloader.Agent.NBL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-5cf3d96d multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\16465f18-4b297644 a variant of Java/Exploit.Agent.NAC trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\2aa09918-555a413f Java/TrojanDownloader.Agent.NAM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\611715da-3925deb1 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1c890b5d-2d7a4660 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-3a7299b0 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-46ef6489 Java/TrojanDownloader.Agent.NBK trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\271dcda0-6c02f206 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-1e3a7e5b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-67d3641c Java/TrojanDownloader.Agent.NBK trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\15115563-33ab109e a variant of OSX/Exploit.Smid.C trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\41e8aee3-3a16a953 probably a variant of Win32/Agent.HRYTTOE trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\72a5bf64-54ce5c22 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-2eea954e probably a variant of Win32/Agent.HRYTTOE trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\bbcdb65-22a9a978 a variant of Java/Exploit.Agent.NAC trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\77fbf727-57e11fcf a variant of Java/Exploit.Agent.NAL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\24ea6344-7a2a6a40 a variant of Java/TrojanDownloader.OpenStream.NAU trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5541aec4-68372744 Java/TrojanDownloader.Agent.NBM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-3a729894 probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-2d2e13cd multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\22d532d-17e1ddb7 a variant of Java/Mugademel.A trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\4084a7b0-42e17761 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-446734c7 Java/TrojanDownloader.Agent.NBL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\74f79b71-6f105ec1 Java/TrojanDownloader.Agent.NBU trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-4ebc7530 Java/TrojanDownloader.Agent.NBL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-50ef56ab probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\5f52fa74-2a3ddea4 Java/TrojanDownloader.Agent.NBE trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-5236b62a multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5c241875-6a0d0fb7 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\503a64f7-694405d2 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\3ae66678-5ffa0bc7 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\75ef0f39-7aeabf80 Java/TrojanDownloader.Agent.NBJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\78b2a5b9-732831df multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\fa8f07a-1c3b93c1 probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\bec417b-7b965cb1 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\3e5023fe-40d4f0cd Java/TrojanDownloader.Agent.NBU trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\1e87fd7f-782265c7 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\5ef0107f-45c874b6 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\4b969c7-7b392feb multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\75fe1a88-56af5420 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Body&Brains\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\2dc185c9-5433e448 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Guest\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-11d2a3f7 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Guest\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-7bf91084 probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Guest\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\78b2a5b9-1a5c5aa9 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
D:\Users\Body&Brains\Downloads\stuff\Crack.Only_Alpha.Protocol-SKIDROW.rar a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\Users\Body&Brains\Downloads\stuff\Crack.Only_Alpha.Protocol-SKIDROW\SKIDROW\Binaries\Skidrow.DLL a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f8a1c2abb361dd4095f6a7faa716031e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-12 02:00:12
# local_time=2010-11-12 02:00:12 (+0000, GMT Standard Time)
# country="Portugal"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 273371 273371 0 0
# compatibility_mode=768 16777215 100 0 2376890 2376890 0 0
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 233006 41988853 0 0
# compatibility_mode=8192 67108863 100 0 431166 431166 0 0
# scanned=205818
# found=0
# cleaned=0
# scan_time=3409


Edited by hoochimama, 11 November 2010 - 09:08 PM.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • PipPipPipPipPipPip
  • 32,225 posts
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 13 November 2010 - 05:45 PM

Hello,

I've looked up that error message and from what I've read, nginx is a server. Ordinarily, one would think upon receiving that error code that something was wrong on the server end. But, if Google had a server issue, there would be tons of people posting about it and that isn't happening. Further, Google works just fine for me. Therefore, the problem must be at your end. Looking at the last log, I see a bunch of stuff removed from Java cache and I also see a cracked program removed from downloaded programs.

Cracked programs and the very sites they are on are loaded with malware. Simply visiting such a site can compromise your computer. If you have any cracked programs on your computer, please uninstall them now. That said, given that MBAM comes up clean, I think a deeper look at your system is warranted. Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :cherry:
For the time being, please PM another moderator for assistance. A time to weep and a time to laugh; A time to mourn and a time to dance.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 hankel123

hankel123

    New Member

  • Members
  • Pip
  • 4 posts

Posted 24 August 2011 - 10:18 AM

try norton power eraser it is free from the norton website it fixed the problem for me
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·