Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox and IE can't load web pages


  • This topic is locked This topic is locked
2 replies to this topic

#1 jkinst

jkinst

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 PM

Posted 14 November 2009 - 11:41 AM

Referred from here: http://www.bleepingcomputer.com/forums/t/269837/rootrepeal-now-running-for-20-hours/ ~ OB

The lay of the land: home network running netgear dsn2000 wireless-n router/modem; gateway gt5426e running Windows Vista Home Premium sp2, 32-bit (wired); macbook pro, dual boot running os 10.5.8/windows xp (wireless, currently on mac side).

I open a firefox browser, the browser window gets hung up and never finishes loading the home page or any page. It never returns an error stating there is no internet connection. Refresh doesn't change anything. I can't login to my router/modem either, as it won't load pages. When I hover the mouse over the internet icon on the tray it says there is an internet connection.

When I run Clamwin it reveals the following worm - C:\Users\Mary\Desktop\desktop:Worm.Autorun-2190 FOUND. I am not able to run Spybot because it can't connect to initialize and update its database.

I've gone through the various system checks outlined in these forums. I ran dds and root repeal. After 4 days of continuous operation, I finally stopped root repeal and posted the problem under "Am I infected? What do I do?". There I was asked to download and run Win32KDiag.exe, which returned a report saying it was denied access to everything it tried to check. The administrator told me then to post my dds.txt log here, explaining what happened.

So here you go. Thanks for your help.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Mary at 15:48:45.09 on Fri 11/06/2009
Internet Explorer: 8.0.6001.18828
MicrosoftĂ Windows Vista˘ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1114 [GMT -6:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\system32\mqsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\mqtgsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\AT&T\Self Support Tool\ATTTray.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mary\installers\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp:/www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [SBC_McciTrayApp] c:\program files\at&t\self support tool\ATTTray.exe
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\mary\appdata\roaming\mozilla\firefox\profiles\3ij1325h.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2008-3-30 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-6 1153368]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-3-30 11264]

=============== Created Last 30 ================

2009-11-06 17:42:32 65536 ------w- c:\windows\system32\Ikeext.etl
2009-11-06 17:27:50 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-06 17:27:50 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-06 17:24:54 0 d-----w- c:\users\mary\installers
2009-11-06 17:13:27 0 d-----w- c:\program files\CCleaner
2009-11-06 00:27:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-10-27 19:58:12 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:58:11 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-15 15:11:07 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 15:11:05 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 15:11:04 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

==================== Find3M ====================

2009-10-02 14:11:34 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-02 14:11:34 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-02 14:11:34 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-02 14:07:47 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-02 08:24:27 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-01 15:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-03-30 19:06:37 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:48:55.46 ===============

Edited by Orange Blossom, 14 November 2009 - 11:47 PM.


BC AdBot (Login to Remove)

 


#2 jkinst

jkinst
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 PM

Posted 17 November 2009 - 08:09 PM

To whomever starts to help with this request: please disregard request. We couldn't wait any longer: we're paying to have it repaired.

Thanks

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:48 PM

Posted 19 November 2009 - 10:58 PM

Thank you for letting us know. I'm sorry we couldn't get to you sooner. I hope your computer issues will be taken care of.

Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users