Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox works but not IE or Chrome


  • This topic is locked This topic is locked
13 replies to this topic

#1 MNHockey_24

MNHockey_24

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 02 April 2010 - 10:23 PM

When I try to go to web pages with Google Chrome I always get "Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error.". When i open Firefox up i can browse freely. Other applications such as weather bug will also not connect to the internet anymore. Yesterday I had a problem with spywareguard2008 and another one that i cant remember that Norton Security Suite caught.

DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by Ryan at 20:23:08.49 on Fri 04/02/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.551 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\OEM02Mon.exe
C:\Windows\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Users\Ryan\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ryan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
uRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaca.exe /fu "c:\windows\temp\E_S5F5C.tmp" /EF "HKCU"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Google Update] "c:\users\ryan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Bnobucetuhese] rundll32.exe "c:\users\ryan\appdata\local\erokadikuji.dll",Startup
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.1.5)_Gecko/20091102_Firefox/3.5.5_(.NET_CLR_3.5.30729)" -"http://highered.mcgraw-hill.com/sites/0073401536/student_view0/chapter13/flashcards.html"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\boincm~1.lnk - c:\program files\boinc\boincmgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} - file:///E:/win/setup/iaieplay.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\xobni\Skype4COM.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ryan\appdata\roaming\mozilla\firefox\profiles\wrxuojxz.default\
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: network.proxy.ftp - 128.31.1.13
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 128.31.1.13
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 128.31.1.13
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 128.31.1.13
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 128.31.1.13
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\ryan\appdata\roaming\mozilla\firefox\profiles\wrxuojxz.default\extensions\{9ede0a88-76a7-4dd7-b142-ab9a14de9d86}\components\FFExternalAlert.dll
FF - component: c:\users\ryan\appdata\roaming\mozilla\firefox\profiles\wrxuojxz.default\extensions\{9ede0a88-76a7-4dd7-b142-ab9a14de9d86}\components\RadioWMPCore.dll
FF - component: c:\users\ryan\appdata\roaming\mozilla\firefox\profiles\wrxuojxz.default\extensions\{c2745af1-f3a4-40f3-8a40-5b44d16ffe56}\components\NabledXPCOMHelper.dll
FF - plugin: c:\program files\digital fountain\splash player\npdfplayer.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\javasoft\jre\1.3.1_02\bin\NPJava11.dll
FF - plugin: c:\program files\javasoft\jre\1.3.1_02\bin\NPJava12.dll
FF - plugin: c:\program files\javasoft\jre\1.3.1_02\bin\NPJava131_02.dll
FF - plugin: c:\program files\javasoft\jre\1.3.1_02\bin\NPJava32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ryan\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\ryan\appdata\roaming\mozilla\firefox\profiles\wrxuojxz.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-1 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-9 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-9 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-9 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100326.001\IDSvix86.sys [2010-3-26 343088]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-12-19 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-12-19 234888]
R2 BOINC;BOINC;c:\program files\boinc\boinc.exe [2008-8-17 725760]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-2-9 117640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-13 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-10 102448]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-9 48688]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-19 21504]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-10-10 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 NetFlixDownloadManager;VMC NetFlix Download Manager;"c:\program files\luttmann\vmcnetflix\netflixdownloadmanager.exe" --> c:\program files\luttmann\vmcnetflix\NetFlixDownloadManager.exe [?]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]

=============== Created Last 30 ================

2010-04-03 01:09:16 20 ----a-w- c:\users\ryan\defogger_reenable
2010-04-02 23:09:25 0 d-----w- c:\program files\TrendMicro
2010-04-02 13:49:14 0 d-----w- c:\program files\Microsoft Security Essentials
2010-04-02 08:30:22 0 d-----w- c:\program files\Windows Portable Devices
2010-04-02 08:30:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-04-02 08:12:41 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-04-02 08:12:40 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-04-02 08:12:39 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-04-02 08:10:20 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-04-02 08:08:25 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-04-02 08:08:23 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-04-02 08:08:23 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-04-02 04:38:54 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-02 00:09:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-02 00:09:22 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-02 00:01:11 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-04-01 23:59:59 0 d-----w- c:\programdata\Lavasoft
2010-04-01 23:57:52 0 d-----w- c:\program files\Lavasoft
2010-04-01 23:24:17 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-04-01 23:24:17 471552 ----a-w- c:\windows\system32\secproc.dll
2010-04-01 23:24:16 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-01 23:24:16 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-01 23:24:15 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-01 23:24:15 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-01 23:24:15 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-01 23:24:15 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-01 23:24:14 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-04-01 23:24:03 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-04-01 23:23:49 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-04-01 23:23:48 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-01 23:23:48 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-01 03:25:23 0 d-----w- c:\users\ryan\appdata\roaming\Malwarebytes
2010-04-01 03:24:51 0 d-----w- c:\programdata\Malwarebytes
2010-03-22 19:47:58 0 d-----w- c:\users\ryan\appdata\roaming\PMS
2010-03-14 01:25:02 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-14 01:24:52 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-14 01:24:40 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-13 01:38:10 0 d-----w- c:\users\ryan\appdata\roaming\ManyCam
2010-03-13 01:38:10 0 d-----w- c:\program files\ManyCam 2.4

==================== Find3M ====================

2010-04-02 08:30:13 86016 ----a-w- c:\windows\inf\infpub.dat
2010-04-02 08:30:13 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-02 08:30:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-02 08:30:12 143360 ----a-w- c:\windows\inf\infstor.dat
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-09 19:12:11 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-09 19:12:11 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-09 19:12:11 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-09 19:11:58 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-02-09 19:11:57 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-09 19:11:49 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2008-09-22 23:09:44 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-07-14 02:15:23 76 --sh--r- c:\windows\CT4CET.bin
2009-12-17 00:08:04 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-12-17 00:08:04 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-12-17 00:08:04 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-14 08:24:10 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-02-21 19:49:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:28:12.78 ===============


I tried running GMER and my computer ended up restarting itself twice after freezing so I gave up on that.


Thanks for your help in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 03 April 2010 - 05:35 AM

Hi MNHockey_24,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.
  1. Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box (without the word CODE) into a new file:


    CODE
    @ECHO OFF
    reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Bnobucetuhese /f
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    del /a/f/q c:\users\ryan\appdata\local\erokadikuji.dll
    echo y|cacls :\users\ryan\appdata\local\erokadikuji.dll /p everyone:f
    move c:\users\ryan\appdata\local\erokadikuji.dll %temp%\erokadikuji.dll.bad
    Dir /a/s "c:\users\ryan\appdata\local\" >log.txt 2>1
    START log.txt

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate look.bat on the desktop. It should look like this:
    • Right-click to run it as administrator.
    • A notepad opens, copy and paste the content (log.txt) to your reply. Also tell me if IE in connecting now.

  2. Reboot the computer.

  3. This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

  4. Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  5. I see on the log Ask Toolbar is installed on your computer.

    This program is known to be bundled with adware/spyware. You may read more about Ask Toolbars here:
    http://www.benedelman.org/spyware/ask-toolbars/

    If you decide to uninstall Ask Toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    Ask.com Toolbar

    Also remove the folder in bold (if present) only after uninstalling Ask Toolbar:
    C:\Program Files\AskBar
    c:\program files\askbardis

  6. Tell me how is your computer running.



#3 MNHockey_24

MNHockey_24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 April 2010 - 08:45 AM

I will refrain from making changes to my computer that you don not tell me to.
The Log file was to long to post so I am attaching the .txt file.

IE is working and so is chrome. Going to restart then continue on with the rest of your post.

Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 03 April 2010 - 09:33 AM

Great. thumbup2.gif

#5 MNHockey_24

MNHockey_24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 April 2010 - 09:42 AM

Everything seems to be back in running order. I removed the Ask tool bar however it was not in add/remove so i went and found only one folder C:\Program Files\AskBar, I ran the uninstaller that was in the folder.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3949

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

4/3/2010 9:26:17 AM
mbam-log-2010-04-03 (09-26-17).txt

Scan type: Quick scan
Objects scanned: 120699
Time elapsed: 15 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bnobucetuhese (Trojan.Agent.U) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Ryan\AppData\Roaming\ErrorSweeper (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Roaming\ErrorSweeper\Log (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Roaming\ErrorSweeper\Registry Backups (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Ryan\AppData\Roaming\ErrorSweeper\Log\2009 Nov 07 - 09_27_11 AM_927.log (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Roaming\ErrorSweeper\Log\2009 Nov 07 - 09_27_19 AM_555.log (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Roaming\ErrorSweeper\Log\2009 Nov 07 - 09_28_43 AM_264.log (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Roaming\ErrorSweeper\Log\2009 Nov 07 - 09_28_45 AM_524.log (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Roaming\ErrorSweeper\Log\2009 Nov 07 - 09_38_17 AM_200.log (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Roaming\ErrorSweeper\Log\2009 Nov 07 - 09_38_19 AM_432.log (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Roaming\ErrorSweeper\Registry Backups\2009-11-07_09-34-39.reg (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ErrorSweeper Scheduled Scan.job (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 03 April 2010 - 09:50 AM

Just to make sure.


Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

CODE
@ECHO OFF
mbr.exe -t
ping 1.1.1.1 -n 1 -w 1500 >nul
start mbr.log

  • Go to the File menu at the top of the Notepad and select Save as.
  • Select Save in: desktop
  • Fill in File name: look.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate look.bat on the desktop. It should look like this:
  • Right-click to run it as administrator.
  • A notepad opens, copy and paste the content (log.txt) to your reply.


#7 MNHockey_24

MNHockey_24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 April 2010 - 11:15 AM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 03 April 2010 - 11:19 AM

The log is not conclusive. Did you run it as administrator?

#9 MNHockey_24

MNHockey_24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 April 2010 - 11:51 AM

forgot to run as admin.


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll dxgkrnl.sys igdkmd32.sys hal.dll
kernel: MBR read successfully
user & kernel MBR OK

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 03 April 2010 - 12:12 PM

It looks good. thumbup2.gif
  1. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "JDK 6 Update 19 (JDK or JRE)".
    • Click the Download JRE button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. They are:

      Java 2 Runtime Environment Standard Edition v1.3.1_02
      Java™ 6 Update 13
      Java™ 6 Update 3
      Java™ 6 Update 7

    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.

  2. First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    • Click OK and Yes.

  3. I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
    • Download and install it.
    • Update it manually by clicking on Updates in the left pane and then Check for Updates.
    • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
    • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.

Happy Surfing. smile.gif

#11 MNHockey_24

MNHockey_24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 April 2010 - 01:35 PM

I was unable to remove one of the Java applications Java 6 update 3. I went ahead and installed the new version anyways. the error i get when running the uninstaller is "Error 1719"

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 03 April 2010 - 01:44 PM

Download the trial version of Your Uninstaller! (Free Fix)
    Install it and run it.
    Under Modules select Uninstaller.
    Highlight Java 6 update 3 and press Uninstall.
    It might give you an error, proceed anyway and it eventually removes the software.
    Let it remove all the files and folders and anything it founds.
    Let me know how it went as we are going to round off.


#13 MNHockey_24

MNHockey_24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 April 2010 - 02:29 PM

That took care of the install. Thank you for your help. Computer seems to be running back to normal again.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 03 April 2010 - 05:14 PM

You are welcome.

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users