Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error 404 Not Found when trying to contact google, no solution funded, probably a malware.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Arnianor

Arnianor

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 11 August 2011 - 04:28 AM

Syndrom :
Can't open www.google.com, www.google.ch, www.google.fr, www.google.de, etc in browser (IE8 and Firefox), when other website such as youtube.com works perfectly.
Message : 404 Not Found (nginx) (see this link (imageshack))
This has been so for the last 2 weeks, the computer is the one of my grand-father meaning I don't know what he exactly did.

What has already been checked/tried and worked (but didn't solve the problem):
- ping google.com
- ping google.ch
- Open google.com using it's IPv4 adress (74.125.39.106) in both IE8 and Firefox
- Open google.ch using it's IPv4 adress (74.125.39.105) in both IE8 and Firefox
- Open google.com.ph (Philipinae) directly in both browser (Computer located in Switzerland)
- Open maps.google.com, translate.google.com, images.google.com, etc. in both browser

What has already been checked/tried and didn't worked nor solved the problem :
- ipconfig /dnsflush (many)
- ipconfig /renew (many)
- Force DNS server on computer (DNS used : 8.8.8.8 as primary, 208.67.222.222 as secondary)
- Force DNS server on rooter (DNS used : 8.8.8.8 as primary, 208.67.222.222 as secondary)
- Boot in safe mode, network devices enabled, then tried to contact google.com without success
- Use of a browser with clean install (Firefox)
- Modem reboot
- Modem reset
- Rooter reboot
- Rooter's firmware update, with reset
- Restore computer to previous point
- Scan on boot using Avast! (paid version)
- Complete scan then quick scan using Malwarebytes anti-malware (free version, logs attached)
- Stop IE's addons
- Looked on forums for existing solution

Other syndroms :
Computer reboots without warning when running gmer.exe, sending this error code on reboot :

BCCode : 100000d1 BCP1 : 324DD0C7 BCP2 : 00000005 BCP3 : 00000001
BCP4 : F74C889B OSVer : 5_1_2600 SP : 3_0 Product : 768_1


When asking for technical specifications :

C:\DOCUME~1\FRANOI~1\LOCALS~1\Temp\WER008c.dir00\Mini081011-02.dmp
C:\DOCUME~1\FRANOI~1\LOCALS~1\Temp\WER008c.dir00\sysdata.xml


DDR Log :

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by François at 23:03:47 on 2011-08-10
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.41.1036.18.1535.821 [GMT 2:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost -k DcomLaunch
svchost.exe
C:\WINXP\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINXP\system32\Ati2evxx.exe
svchost.exe
C:\WINXP\Explorer.EXE
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINXP\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\system32\cisvc.exe
C:\WINXP\system32\svchost.exe -k hpdevmgmt
C:\WINXP\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINXP\System32\svchost.exe -k HPZ12
C:\WINXP\System32\svchost.exe -k HPZ12
C:\WINXP\system32\svchost.exe -k imgsvc
C:\WINXP\SOUNDMAN.EXE
C:\WINXP\system32\devldr32.exe
C:\WINXP\system32\wuauclt.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\gaming mouse\Mouse\Mouse.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\palmOne\AlarmApp.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Siemens\Gigaset USB Adapter 300\GUI.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Webshots\Webshots.scr
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINXP\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\François\Bureau\dds.scr
C:\WINXP\system32\cidaemon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.video2000.ch/net.asp/4-0-5-3-3-1/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C17590D2-ECB4-4B15-8820-F58798DCC118} - No File
TB: {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: {d5045198-55c2-46ed-87f4-17e31be72a33} - I.R.I.S. Desktop Search
uRun: [CTFMON.EXE] c:\winxp\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HPDJ Taskbar Utility] c:\winxp\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [WebCam Go Plus Sti Service Application] Wcgopsvc
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Flashget] c:\program files\flashget\FlashGet.exe /min
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [Mouse] c:\program files\gaming mouse\mouse\Mouse.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\winxp\system32\CTFMON.EXE
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\franoi~1\menudm~1\progra~1\dmarra~1\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\docume~1\franoi~1\menudm~1\progra~1\dmarra~1\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~2.win\menudm~1\progra~1\dmarra~1\alarmm~1.lnk - c:\program files\palmone\AlarmApp.exe
StartupFolder: c:\docume~1\alluse~2.win\menudm~1\progra~1\dmarra~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~2.win\menudm~1\progra~1\dmarra~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~2.win\menudm~1\progra~1\dmarra~1\monite~1.lnk - c:\program files\siemens\gigaset usb adapter 300\GUI.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{56573E5A-BFF3-4206-956C-54FD9D74217E} : DhcpNameServer = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\WPDShServiceObj.dll
Hosts: 64.27.9.108 www.google.com
Hosts: 178.17.165.3 www.google.com
Hosts: 64.27.9.108 www.google.com.au
Hosts: 178.17.165.3 www.google.com.au
Hosts: 64.27.9.108 www.google.be
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\françois\application data\mozilla\firefox\profiles\lnkb2cax.default\
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\winxp\system32\drivers\aswNdis.sys [2011-5-31 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\winxp\system32\drivers\aswNdis2.sys [2011-5-31 194264]
R1 aswFW;avast! TDI Firewall driver;c:\winxp\system32\drivers\aswFW.sys [2011-5-31 103384]
R1 aswSnx;aswSnx;c:\winxp\system32\drivers\aswSnx.sys [2011-5-31 441176]
R1 aswSP;aswSP;c:\winxp\system32\drivers\aswSP.sys [2011-5-31 309848]
R2 aswFsBlk;aswFsBlk;c:\winxp\system32\drivers\aswFsBlk.sys [2011-5-31 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-31 42184]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-5-31 121000]
R3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\winxp\system32\drivers\CBPSp50.sys [2009-5-13 27072]
R3 rpv1ms;Rapoo V1 Gaming Mouse;c:\winxp\system32\drivers\rpv1ms.sys [2011-6-7 9600]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\winxp\system32\drivers\rt2870.sys [2009-5-13 529408]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-10 133104]
S3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\winxp\system32\drivers\cbpmp50.sys --> c:\winxp\system32\drivers\CBPMp50.sys [?]
S3 GenericMount Helper Service;GenericMount Helper Service;"c:\program files\norton ghost\shared\drivers\genericmounthelper.exe" --> c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [?]
S3 GenericMount;Generic Mount Driver;c:\winxp\system32\drivers\genericmount.sys --> c:\winxp\system32\drivers\GenericMount.sys [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-10 133104]
S3 SymSnapService;SymSnapService;"c:\program files\norton ghost\shared\drivers\symsnapservice.exe" --> c:\program files\norton ghost\shared\drivers\SymSnapService.exe [?]
S3 WCGOPHAL;WCGOPHAL;c:\winxp\system32\drivers\Wcgophal.sys [2006-11-18 13576]
S3 WCGOPVID;Video Blaster WebCam Go Plus (WDM);c:\winxp\system32\drivers\Wcgopvid.sys [2006-11-18 91077]
.
=============== Created Last 30 ================
.
2011-08-10 16:40:54 -------- d-----w- C:\Gigaset_WLAN300
2011-08-10 08:25:42 139656 -c----w- c:\winxp\system32\dllcache\rdpwd.sys
2011-08-10 08:24:51 10496 -c----w- c:\winxp\system32\dllcache\ndistapi.sys
2011-08-08 08:15:25 -------- d-----w- c:\winxp\system32\wbem\repository\FS
2011-08-08 08:15:25 -------- d-----w- c:\winxp\system32\wbem\Repository
2011-07-27 13:14:41 -------- d-----w- c:\documents and settings\françois\application data\AGI
2011-07-27 13:14:32 -------- d-----w- c:\program files\AGI
2011-07-27 13:11:27 -------- d-----w- c:\documents and settings\all users.winxp\application data\agi
.
==================== Find3M ====================
.
2011-07-25 08:39:33 404640 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\winxp\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\winxp\system32\drivers\ndistapi.sys
2011-07-04 11:43:53 40112 ----a-w- c:\winxp\avastSS.scr
2011-07-04 11:37:33 103384 ----a-w- c:\winxp\system32\drivers\aswFW.sys
2011-07-04 11:36:43 441176 ----a-w- c:\winxp\system32\drivers\aswSnx.sys
2011-07-04 11:36:18 194264 ----a-w- c:\winxp\system32\drivers\aswNdis2.sys
2011-06-24 14:10:47 139656 ----a-w- c:\winxp\system32\drivers\rdpwd.sys
2011-06-23 18:31:31 916480 ----a-w- c:\winxp\system32\wininet.dll
2011-06-23 18:31:30 43520 ----a-w- c:\winxp\system32\licmgr10.dll
2011-06-23 18:31:30 1469440 ------w- c:\winxp\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\winxp\system32\html.iec
2011-06-20 17:44:47 293888 ----a-w- c:\winxp\system32\winsrv.dll
2011-06-07 15:10:05 1182157 ----a-w- c:\winxp\unins000.exe
2011-06-06 11:35:23 1859072 ----a-w- c:\winxp\system32\win32k.sys
2011-06-05 13:44:31 73728 ----a-w- c:\winxp\system32\javacpl.cpl
2011-06-05 13:44:31 472808 ----a-w- c:\winxp\system32\deployJava1.dll
2011-05-31 18:19:23 0 ----a-w- c:\winxp\ativpsrm.bin
.
============= FINISH: 23:06:32.90 ===============


GMER.exe :
Although the computer has a 32 bit OS (Windows XP), gmer.exe caused the computer to crash constantly on scanning. I apologize for this and attach only what I was able to save.

Thanks for your help

Arnianor

Attached Files



BC AdBot (Login to Remove)

 


#2 Arnianor

Arnianor
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 15 August 2011 - 01:22 AM

Bump, does anyone have an idea ?

#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:54 PM

Posted 16 August 2011 - 12:22 AM

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:54 PM

Posted 27 August 2011 - 03:07 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users