Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google/Yahoo and other Sites Won't Work (Windows XP)


  • This topic is locked This topic is locked
3 replies to this topic

#1 a2daron

a2daron

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 22 December 2009 - 11:03 PM

On my friend's computer, he can't access google, gmail, yahoo search among other websites. The internet still works on other websites like lycos.com. I tried running malwarebytes and AVG on the computer after the virus/spyware had infected the computer but nothing was found.

After I left, I told him to edit the hosts file, which could not be found in the ETC folder. I told him to copy and paste a host file from MVPS.org but it said access was denied.

Any suggestions to how to solve this problem would be helpful. Thanks in advance.

DDS Text (after running without internet and anti virus):
DDS (Ver_09-12-01.01) - NTFSx86
Run by Dan Falkowski at 0:08:53.15 on Wed 12/23/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.132 [GMT -5:00]

AV: Windows PC Defender *On-access scanning enabled* (Updated) {C35BB802-9832-4001-B4FD-C3CB2D97506D}
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Windows PC Defender *enabled* {5AAFDD9E-54A2-4FCB-B7B2-0119A73120BD}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
svchost.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAVGAVG9Identity ProtectionAgentBinAVGIDSAgent.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesSearch SettingsSearchSettings.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:PROGRA~1AVGAVG9avgtray.exe
svchost.exe
C:Program FilesAIM95aim.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesAskBarDisbarbinAskService.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAskBarDisbarbinASKUpgrade.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesAVGAVG9avgfws9.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesAVGAVG9avgam.exe
C:Program FilesAVGAVG9avgnsx.exe
C:WINDOWSSystem32wltrysvc.exe
C:WINDOWSSystem32bcmwltry.exe
C:Program FilesAVGAVG9avgemc.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesAVGAVG9Identity Protectionagentbinavgidsmonitor.exe
C:Program FilesNetscapeNavigator 9navigator.exe
C:WINDOWSsystem32msiexec.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsDan FalkowskiDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=%s
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:program filesaim searchAOLSearch.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg9toolbarIEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:program filesdealio toolbarDealioToolbarIE.dll
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:program filesmorpheus musicpluginsRazaWebHook.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:program filesaskbardisbarbinaskBar.dll
BHO: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:program filesp2p_energytbP2P0.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg9avgssie.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:program filesaim searchAOLSearch.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSearchHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg9toolbarIEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.1.1309.3572swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:program filesmsntoolbar3.0.1125.0msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:program filessearch settingskb128SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:program filesmsntoolbar3.0.1125.0msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:program filesaskbardisbarbinaskBar.dll
TB: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:program filesp2p_energytbP2P0.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:program filesdealio toolbarDealioToolbarIE.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:program filesavgavg9toolbarIEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [AIM ] c:program filesaim95aim.exe -cnetwait.odl
uRun: [Shareaza] "c:program filesmorpheus musicMorpheus Music.exe" -tray
uRun: [ares] "c:program filesaresAres.exe" -h
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [Microsoft Default Manager] "c:program filesmicrosoftsearch enhancement packdefault managerDefMgr.exe" -resume
mRun: [SearchSettings] c:program filessearch settingsSearchSettings.exe
mRun: [dla] c:windowssystem32dlatfswctrl.exe
mRun: [UpdateManager] "c:program filescommon filessonicupdate managersgtray.exe" /r
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
mRun: [iPodVideoConverter_upgrade] "c:documents and settingsdan falkowskidesktopipodvideoconverteriPodVideoConverter.exe" /upgrade
mRun: [DVDtoiPodConverter_upgrade] "c:documents and settingsdan falkowskidesktopdvdtoipodconverterDVDtoiPodConverter.exe" /upgrade
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
StartupFolder: c:docume~1danfal~1startm~1programsstartuponenot~1.lnk - c:program filesmicrosoft officeoffice12ONENOTEM.EXE
IE: Download with &Shareaza - c:program filesmorpheus musicpluginsRazaWebHook.dll/3000
IE: Download with Xilisoft YouTube to iPod Converter - c:documents and settingsdan falkowskidesktopyoutube to ipod converterupod_link.HTM
IE: E&xport to Microsoft Excel - c:progra~1micros~3office12EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:program filesaim95aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~3office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~3office12REFIEBAR.DLL
Trusted Zone: google.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg9avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
IFEO: brastk.exe - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:docume~1danfal~1applic~1mozillafirefoxprofiles8lgfm50g.default
FF - component: c:program filesavgavg9firefoxcomponentsavgssff.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils2.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils3.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils35.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsxpavgtbapi.dll
FF - plugin: c:documents and settingsdan falkowskiapplication datamove networkspluginsnpqmp071503000010.dll
FF - plugin: c:documents and settingsdan falkowskiapplication datamove networkspluginsnpqmp071701000002.dll
FF - plugin: c:program filesviewpointviewpoint media playernpViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:windowssystem32driversAVGIDSxx.sys [2009-11-20 25608]
R0 AvgRkx86;avgrkx86.sys;c:windowssystem32driversavgrkx86.sys [2009-11-20 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-11-20 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2009-11-20 28424]
R1 AvgTdiX;AVG Network Redirector;c:windowssystem32driversavgtdix.sys [2009-11-20 360584]
R2 ASKService;ASKService;c:program filesaskbardisbarbinAskService.exe [2009-4-21 464264]
R2 ASKUpgrade;ASKUpgrade;c:program filesaskbardisbarbinASKUpgrade.exe [2009-4-21 234888]
R2 avg9emc;AVG E-mail Scanner;c:program filesavgavg9avgemc.exe [2009-11-20 906520]
R2 avg9wd;AVG WatchDog;c:program filesavgavg9avgwdsvc.exe [2009-11-20 285392]
R2 avgfws9;AVG Firewall;c:program filesavgavg9avgfws9.exe [2009-11-20 2303680]
R2 AVGIDSAgent;AVG9IDSAgent;c:program filesavgavg9identity protectionagentbinAVGIDSAgent.exe [2009-11-20 5832712]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesviewpointcommonViewpointService.exe [2009-4-19 24652]
R3 Avgfwdx;Avgfwdx;c:windowssystem32driversavgfwdx.sys [2009-11-20 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:program filesavgavg9identity protectionagentdriverplatform_xpAVGIDSDriver.sys [2009-11-20 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:program filesavgavg9identity protectionagentdriverplatform_xpAVGIDSFilter.sys [2009-11-20 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:program filesavgavg9identity protectionagentdriverplatform_xpAVGIDSShim.sys [2009-11-20 25736]
R3 GTIPCI21;GTIPCI21;c:windowssystem32driversgtipci21.sys [2004-5-3 80384]
S3 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwdx.sys [2009-11-20 30104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2009-11-22 38224]

=============== Created Last 30 ================

2009-12-23 05:02:05 73728 ----a-w- c:windowssystem32javacpl.cpl
2009-12-14 04:23:47 0 d-----w- c:docume~1danfal~1applic~1Xilisoft
2009-12-14 03:56:41 417792 ----a-w- c:windowssystem32ac3filter.ax
2009-12-14 03:56:41 356352 ----a-w- c:windowssystem32RealMediaSplitter.ax
2009-12-14 03:56:41 258048 ----a-w- c:windowssystem32GplMpgDec.ax
2009-12-14 03:56:40 0 d-----w- c:program filesFree iPod Video Converter
2009-12-14 03:23:35 0 d-----w- c:docume~1danfal~1applic~1OpenCandy
2009-12-11 19:03:39 2065696 ----a-w- c:windowssystem32usbaaplrc.dll

==================== Find3M ====================

2009-12-23 05:01:23 411368 ----a-w- c:windowssystem32deploytk.dll
2009-12-03 21:14:06 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-11-21 03:04:44 333192 ----a-w- c:windowssystem32driversavgldx86.sys
2009-11-21 03:04:44 12464 ----a-w- c:windowssystem32avgrsstx.dll
2009-11-21 03:03:51 25608 ----a-w- c:windowssystem32driversAVGIDSxx.sys
2009-11-21 03:03:50 161800 ----a-w- c:windowssystem32driversavgrkx86.sys
2009-11-21 03:03:49 360584 ----a-w- c:windowssystem32driversavgtdix.sys
2009-11-21 03:02:52 50968 ----a-w- c:windowssystem32avgfwdx.dll
2009-11-21 03:02:52 30104 ----a-w- c:windowssystem32driversavgfwdx.sys
2009-10-29 05:38:23 667136 ----a-w- c:windowssystem32wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:windowssystem32strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:windowssystem32httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:windowssystem32oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:windowssystem32rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:windowssystem32raschap.dll
2009-09-25 05:37:09 81920 ----a-w- c:windowssystem32ieencode.dll

============= FINISH: 0:09:38.06 ===============

Merged posts. ~ OB

Edited by Orange Blossom, 25 December 2009 - 04:09 AM.


BC AdBot (Login to Remove)

 


#2 a2daron

a2daron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 30 December 2009 - 04:27 PM

Attached is the GMER log

Attached Files



#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:20 AM

Posted 01 January 2010 - 10:31 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:20 AM

Posted 07 January 2010 - 02:54 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users