Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "Attention! Your web page request has been cancelled."


  • This topic is locked This topic is locked
2 replies to this topic

#1 dankbud42

dankbud42

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 26 August 2010 - 03:51 PM

Sup everyone? First off id like to thank all of you for all the advice and tutorials on Bleeping Computer. This website has helped me out a LOT <3. Ok, on with business....Ive been removing spyware and crap for years now and i finally got one that has totally stumped me. ive tried every trick i had up my sleeve and cannot find where this little bugger is hiding. when going on the internet it redirect and has popups that say "Attention! Your web page request has been cancelled." from stopmalwaresite dot com. its a big ol red screen and even redirects when trying to go to certain sites (hopefully it doesnt redirect as i hit post lol)...ive ran Malwarebytes, Combofix, unhackme, Rkill, hijackthis, and even SuperAntiSpyware. Ive seen this before and have removed it previously but this one refuses to get out, sooo i finally gave in and here i am asking for help.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Desire at 14:09:33.06 on Wed 08/25/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2072 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\Update.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Desire\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?ilc=1
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\desire\applic~1\mozilla\firefox\profiles\dep9y580.default\
FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-10 165456]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-3-10 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-10 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-10 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-10 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-10 40384]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-10 1684736]

=============== Created Last 30 ================

2010-08-25 15:58:12 0 d-----w- c:\program files\ESET
2010-08-25 15:00:58 0 d-----w- c:\program files\Spyware Doctor
2010-08-25 15:00:58 0 d-----w- c:\program files\common files\PC Tools
2010-08-25 14:39:21 0 dc-h--w- c:\windows\ie8
2010-08-25 14:16:24 1374 ----a-w- c:\windows\imsins.BAK
2010-08-24 23:19:16 262144 ---ha-w- c:\documents and settings\desire\ntuser.dat.LOG1
2010-08-24 23:19:16 0 ---ha-w- c:\documents and settings\desire\ntuser.dat.LOG2
2010-08-24 23:09:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Geek Squad
2010-08-24 18:42:37 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-23 22:09:02 2 --shatr- c:\windows\winstart.bat
2010-08-23 22:08:46 0 d-----w- c:\program files\UnHackMe
2010-08-19 18:53:51 38848 ----a-w- c:\windows\avastSS.scr
2010-08-18 18:36:59 0 d-sha-r- C:\cmdcons
2010-08-18 18:34:17 98816 ----a-w- c:\windows\sed.exe
2010-08-18 18:34:17 77312 ----a-w- c:\windows\MBR.exe
2010-08-18 18:34:17 256512 ----a-w- c:\windows\PEV.exe
2010-08-18 18:34:17 161792 ----a-w- c:\windows\SWREG.exe
2010-08-17 22:26:33 664 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 02:31:02 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

============= FINISH: 14:10:41.98 ===============

Attached Files


Edited by dankbud42, 26 August 2010 - 03:56 PM.


BC AdBot (Login to Remove)

 


#2 dankbud42

dankbud42
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 30 August 2010 - 12:09 PM

This thread can be closed. it was an infected MBR, found with MBRCheck. did a fixmbr in recovery console and its now clean smile.gif

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 30 August 2010 - 04:14 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users