Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Access Web Sites using any Browser


  • This topic is locked This topic is locked
9 replies to this topic

#1 JimDaniels

JimDaniels

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 11 October 2011 - 06:59 AM

I am unable to access web pages using any type of browser; however, I can access my AIM chat application, and I can ping Internet websites like yahoo.com and my local router from a command prompt, but I cannot access the router's management gui through a brower. However, I am able to access web pages while in Safe Mode, which leads me to believe it's a possible infection.

I have a Windows XP system SP3, and have run a repair which pushed me back to IE6, but still have the same problem. I have also run SuperAntiSpyware and MalwareBytes scans as well as things like Winsock fixes and CompleteInternetRepair utilities, but still no luck.

Another tech has suggested that it is some new virus and that I should run ComboFix. So I'm coming here first before I run ComboFix for additional advice.

Thanks in advance for any assistance you can provide. Here is my dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Jim at 20:23:56 on 2011-10-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2548 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\cbService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\eCopy\Desktop 9.2\Bin\eDP2eD.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\igfxsrvc.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [SetDefPrt] c:\program files\brother\brmfl04b\BrStDvPt.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OM_Monitor] "c:\program files\olympus\olympus master\FirstStart.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [eDP2eD] "c:\program files\ecopy\desktop 9.2\bin\eDP2eD.exe"
mRun: [eCopy Scan Inbox Monitor] "c:\program files\ecopy\desktop 9.2\bin\InboxMonitor.exe" -run
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [Cobian Backup 10 Interface] "c:\program files\cobian backup 10\cbInterface.exe" -service
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~1\flashs~1\save.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{24FF85E0-BAB1-4C60-9C6F-332D87AC3E77} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5646D978-8A5E-4094-9AC0-EA2EA18CAECE} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R1 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 381424]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-10-10 67584]
R2 CobianBackup10;Cobian Backup 10;c:\program files\cobian backup 10\cbService.exe [2011-10-10 1125376]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-12-26 47640]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9ce59a6a4d000;Google Update Service (gupdate1c9ce59a6a4d000);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-26 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 P0230BBK;Creative PC-CAM 750 (Still Image);c:\windows\system32\drivers\P0230bbk.sys [2006-2-4 27908]
S3 P0230BVD;Creative PC-CAM 750 (Video);c:\windows\system32\drivers\P0230bvd.sys [2006-2-4 463160]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2006-1-27 65664]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2010-6-29 114416]
S4 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\logmein\x86\lmiguardiansvc.exe" --> c:\program files\logmein\x86\LMIGuardianSvc.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-26 366152]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-10-17 86016]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2011-10-11 00:20:46 -------- d-----w- c:\documents and settings\jim\local settings\application data\Safe mirror
2011-10-11 00:10:11 -------- dc-h--w- c:\windows\ie8
2011-10-10 23:57:32 -------- d-----w- c:\program files\Cobian Backup 10
2011-10-08 16:13:07 -------- d-sh--w- C:\found.001
2011-10-08 15:35:43 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-08 15:35:36 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-08 15:35:33 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-08 15:35:27 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-08 15:35:26 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-08 15:34:38 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-10-08 15:34:35 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-10-08 15:34:31 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-10-08 15:34:17 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-10-08 15:34:10 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-10-08 15:34:07 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-10-08 15:32:56 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-10-08 15:31:58 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-10-08 15:30:59 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2011-10-08 15:29:58 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-10-08 15:28:54 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-10-08 15:27:56 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2011-10-08 15:26:47 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-10-08 15:25:59 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2011-10-08 15:24:59 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2011-10-08 15:23:59 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2011-10-08 15:22:58 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2011-10-08 15:21:58 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-10-08 15:21:54 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-10-08 15:21:41 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-10-08 15:21:39 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-10-08 15:21:32 2065792 -c--a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-10-08 15:21:28 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-10-08 15:21:23 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-10-08 15:21:20 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-10-08 15:21:18 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-10-08 15:21:13 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-10-08 15:21:10 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-08 15:21:02 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-10-08 15:21:00 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-10-08 15:19:35 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-08 15:19:30 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-08 15:19:17 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-08 15:19:15 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-08 15:18:46 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-08 15:18:42 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-08 15:18:31 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-10-08 15:18:22 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-10-08 15:18:12 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-10-08 15:18:00 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-10-08 15:16:55 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-10-08 15:15:56 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2011-10-08 15:15:54 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2011-10-08 15:15:53 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2011-10-08 15:15:51 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2011-10-08 15:15:50 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2011-10-08 15:15:50 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2011-10-08 15:15:42 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2011-10-08 15:15:40 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2011-10-08 15:15:38 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2011-10-08 15:15:36 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2011-10-08 15:15:34 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-10-08 15:15:31 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2011-10-08 15:13:18 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-10-08 15:13:16 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2011-10-08 15:13:14 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2011-10-08 15:13:12 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2011-10-08 15:13:10 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2011-10-08 15:13:08 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2011-10-08 15:13:06 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2011-10-08 15:13:04 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-10-08 15:13:02 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2011-10-08 15:13:00 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2011-10-08 15:11:57 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2011-10-08 15:10:58 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2011-10-08 15:09:57 18503 -c--a-w- c:\windows\system32\dllcache\epro4.sys
2011-10-08 15:08:53 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2011-10-08 15:07:58 14720 -c--a-w- c:\windows\system32\dllcache\dac960nt.sys
2011-10-08 15:06:59 45696 -c--a-w- c:\windows\system32\dllcache\cirrus.sys
2011-10-08 15:05:50 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-10-08 15:04:59 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll
2011-10-08 15:03:10 2188928 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-10-08 03:38:04 -------- d-----w- c:\documents and settings\jim\application data\SUPERAntiSpyware.com
2011-10-08 03:38:04 -------- d-----w- c:\documents and settings\all users.windows\application data\SUPERAntiSpyware.com
2011-10-08 02:48:08 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-10-08 02:48:08 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-10-08 02:48:06 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2011-10-08 02:48:05 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2011-10-08 02:48:05 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2011-10-08 02:46:52 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-10-08 02:45:59 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll
2011-10-08 02:44:57 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2011-10-08 02:39:01 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-10-08 02:34:23 40704 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys
2011-10-08 02:34:23 40704 ----a-w- c:\windows\system32\drivers\es1371mp.sys
2011-10-08 02:29:39 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-10-08 02:29:39 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-10-08 02:29:39 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-10-08 02:29:39 13312 ----a-w- c:\windows\system32\irclass.dll
2011-10-08 02:29:19 16535 ----a-r- c:\windows\SET112.tmp
2011-10-08 02:29:15 1088840 ----a-r- c:\windows\SET106.tmp
2011-10-08 02:29:12 1296669 ----a-r- c:\windows\SET103.tmp
2011-10-03 21:28:05 -------- d-sh--w- C:\found.000
2011-09-30 23:19:04 -------- d-----w- C:\bd_logs
2011-09-30 23:14:08 105472 ----a-w- C:\HAL.DLL
2011-09-29 22:28:40 -------- d-----w- c:\windows\Dell
2011-09-27 02:27:04 -------- d-----w- C:\TDSSKiller_Quarantine
2011-09-26 23:22:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-26 23:22:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-25 20:10:32 19569 ----a-w- c:\windows\000001_.tmp
2011-09-25 20:05:35 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-09-25 16:01:01 -------- d-----w- c:\program files\Support Tools
2011-09-24 20:45:40 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2011-09-24 03:37:28 388096 ------r- c:\documents and settings\jim\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-22 01:01:40 -------- d-----w- c:\documents and settings\jim\application data\Wise Disk Cleaner
2011-09-22 00:52:54 -------- d-----w- c:\program files\Wise Disk Cleaner
2011-09-22 00:50:19 -------- d-----w- c:\documents and settings\jim\application data\Wise Registry Cleaner
2011-09-22 00:50:05 -------- d-----w- c:\program files\Wise Registry Cleaner
.
==================== Find3M ====================
.
2011-09-26 01:09:32 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-23 02:44:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-24 23:55:49 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-24 23:55:49 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-24 23:55:48 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-24 23:55:48 29568 ----a-w- c:\windows\system32\LMIport.dll
2003-08-27 19:19:18 36963 ------w- c:\program files\common files\SM1updtr.dll
.
============= FINISH: 20:25:23.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:24 AM

Posted 16 October 2011 - 04:34 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 JimDaniels

JimDaniels
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 16 October 2011 - 10:43 AM

I am unable to access web pages using any type of browser; however, I can access my AIM chat application, and I can ping Internet websites like yahoo.com and my local router from a command prompt, but I cannot access the router's management gui through a brower. However, I am able to access web pages while in Safe Mode, which leads me to believe it's a possible infection.

I have a Windows XP system SP3 32bit OS, and have run a Windos Repair and then reinstalled IE8. I have also run SuperAntiSpyware and MalwareBytes scans as well as things like Winsock fixes and CompleteInternetRepair utilities.

Here are the OTL logs for your review, thanks again.

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:24 AM

Posted 16 October 2011 - 01:53 PM

Hi,

do you use a router? What happens when you try to use a browser?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 JimDaniels

JimDaniels
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 16 October 2011 - 05:11 PM

Yes, I use a DSL Wireless Modem/Router from Netgear. I know the router works because I can connect to the Internet from other computers either by directly connecting with a cable to the modem/router or through a wireless connection.

I am also able to connect to the router's management interface if I am in Safe mode with networking turned on. I can also browse the Internet with IE8 or Chrome if I boot with Safe Mode with Networking.

However, when I boot normally and try to connect to web sites or try to access the router's management interface, the browser will try to connect and then after a few minutes display that the address is not valid. But I know I am connected to the Internet because I can go to a command prompt and ping yahoo.com and other websites and I can also ping the IP address of my modem/router.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:24 AM

Posted 16 October 2011 - 05:26 PM

Hi,

what firewall do you use? You could try resetting it to see if that helps. Also try resetting the windows firewall: http://www.winxptutor.com/sp2/resetfw.htm

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 JimDaniels

JimDaniels
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 17 October 2011 - 08:02 PM

I only use the Windows Firewall. I tried resetting it, but it did not correct the problem.

#8 JimDaniels

JimDaniels
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 18 October 2011 - 03:55 PM

I believe I resolved this issue. When this problem first arose about two weeks ago, I was getting Internet access from my browser but only 5 minutes and then it would stop. This started happening after I had removed various software applications and an AT&T dial up network connection I hadn't used in years.

I remembered researching the issue and finding some articles saying that it could be a Zone Alarm installation that was not completely uninstalled. Since I don't recall ever having installed Zone Alarm on my PC, I did not pursue this solution. Instead, I came at it from a malware point of view.

Short story, after your last message about which Firewall I use and resetting the windows firewall, I decided I decided I would downland and run a Zone Alarm removal tool. I rebooted and again have full access to the Internet from any broswer and for more then 5 minutes.

It is possible that Zone Alarm was installed a long time ago when this PC was part of a corporate environment or perhaps was part of an antivirus installation like Panda Security or AVG that were on my PC at one time or another.

Anyway, thanks for the help. Consider the case closed.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:24 AM

Posted 18 October 2011 - 04:21 PM

Hi,

thanks for letting me know! Happy to hear you had this solved :)

You can remove the tools we used by starting OTL and clicking on "clean up". I'd also recommend considering to switch Adobe Reader 9 for the latest version.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:24 AM

Posted 22 October 2011 - 02:04 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users