Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

traffixeng.com


  • This topic is locked This topic is locked
23 replies to this topic

#1 evaporator

evaporator

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester UK
  • Local time:08:39 AM

Posted 09 June 2012 - 03:07 AM

Hi
New member needing help. hello everyone.

My Kaspersky has started blocking malicious URL's on a regular basis recently, I'm talking every ten mins or so or even more, also my internet explorer history is filling up with a site that is called
traffixeng.com. I clear the history and then it starts to fill up again. it never actually connects to this site just appears in the history.

I have run a full scan with Kaspersky. nothing found

I have run a full scan with Malwarebytes, nothing found.

I am using windows explorer 8

I have installed firefox just to try but kaspersky still popping up with dodgy URL's. these sometime say quicklah?

Any help appreciated. thanks Ps as I have typed this 8 more web sites have appeared in my history that I'm not connected to Agggh

Edited by hamluis, 09 June 2012 - 07:05 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 evaporator

evaporator
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester UK
  • Local time:08:39 AM

Posted 09 June 2012 - 04:47 AM

This is the sort of thing coming up in Kaspersky

c49f1e86 Denied: hxxp://cdn1.quicklah.com/2rn/c49f1e86 (analysis using the database of suspicious URLs) 09/06/2012 10:44:40

I am unable to boot PC in safemode either

Edited by Orange Blossom, 19 December 2012 - 06:11 AM.
Deactivated link. ~ OB


#3 evaporator

evaporator
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester UK
  • Local time:08:39 AM

Posted 09 June 2012 - 02:26 PM

Ok 150 veiws and nobody has any idea's? In 20 years of browsing I have never come accross this. I'm sitting here not even with my browser open watching my kypersky blocking web sites and my browser now has hundreds of failed site conections in the history, if I clear them it all starts again, Somebody must be having this problem and know what to do. Please somebody help.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:39 AM

Posted 09 June 2012 - 08:34 PM

Hello, the 2 replies to yourself make it appear as you have help.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Next run Superantisypware (SAS):

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 evaporator

evaporator
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester UK
  • Local time:08:39 AM

Posted 10 June 2012 - 04:55 AM

Ok Thanks

Here is toolbox result
MiniToolBox by Farbar Version: 09-06-2012
Ran by doug (administrator) on 10-06-2012 at 10:52:41
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Atheros AR8131 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : home-30cd8cfa16

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller

Physical Address. . . . . . . . . : 6C-F0-49-53-A9-11

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : 10 June 2012 10:26:29

Lease Expires . . . . . . . . . . : 11 June 2012 10:26:29

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.34.96, 173.194.34.102, 173.194.34.103, 173.194.34.100
173.194.34.105, 173.194.34.98, 173.194.34.97, 173.194.34.99, 173.194.34.104
173.194.34.101, 173.194.34.110



Pinging google.com [173.194.34.102] with 32 bytes of data:



Reply from 173.194.34.102: bytes=32 time=17ms TTL=56

Reply from 173.194.34.102: bytes=32 time=29ms TTL=55



Ping statistics for 173.194.34.102:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 29ms, Average = 23ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=166ms TTL=47

Reply from 209.191.122.70: bytes=32 time=143ms TTL=47



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 143ms, Maximum = 166ms, Average = 154ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...6c f0 49 53 a9 11 ...... Atheros AR8131 PCI-E Gigabit Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.2 192.168.1.2 20
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 D:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\System32\mswsock.dll

Catalog5 04 D:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/09/2012 02:22:45 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (06/09/2012 02:22:44 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (06/09/2012 01:56:57 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (06/09/2012 01:33:36 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (06/09/2012 01:31:48 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (06/09/2012 01:29:16 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (06/09/2012 01:22:58 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (06/09/2012 00:54:59 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005

Error: (06/09/2012 00:50:27 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005

Error: (06/09/2012 00:50:07 PM) (Source: MsiInstaller) (User: doug)doug
Description: Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Error 2004. Method GetFontCacheDataFolder failed. HRESULT: 0x80004005.


System errors:
=============
Error: (06/10/2012 10:27:53 AM) (Source: Service Control Manager) (User: )
Description: The SPCtl service terminated with the following error:
%%126

Error: (06/10/2012 10:27:53 AM) (Source: Service Control Manager) (User: )
Description: The Mhndrv service terminated with the following error:
%%126

Error: (06/10/2012 10:27:53 AM) (Source: Service Control Manager) (User: )
Description: The Amfilter service terminated with the following error:
%%126

Error: (06/10/2012 10:27:53 AM) (Source: Service Control Manager) (User: )
Description: The Ibmasrex service terminated with the following error:
%%126

Error: (06/10/2012 10:27:53 AM) (Source: Service Control Manager) (User: )
Description: The Amdk7 service terminated with the following error:
%%2

Error: (06/10/2012 10:27:53 AM) (Source: Service Control Manager) (User: )
Description: The FET5X86V service terminated with the following error:
%%126

Error: (06/10/2012 10:27:53 AM) (Source: Service Control Manager) (User: )
Description: The EUSBMSD service terminated with the following error:
%%126

Error: (06/10/2012 10:27:53 AM) (Source: Service Control Manager) (User: )
Description: The S217unic service terminated with the following error:
%%126

Error: (06/10/2012 10:27:53 AM) (Source: Service Control Manager) (User: )
Description: The ROB_V service terminated with the following error:
%%126

Error: (06/10/2012 10:27:53 AM) (Source: Service Control Manager) (User: )
Description: The ET5Drv service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (06/09/2012 02:22:45 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (06/09/2012 02:22:44 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422

Error: (06/09/2012 01:56:57 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422

Error: (06/09/2012 01:33:36 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422

Error: (06/09/2012 01:31:48 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422

Error: (06/09/2012 01:29:16 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422

Error: (06/09/2012 01:22:58 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (06/09/2012 00:54:59 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005
System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (06/09/2012 00:50:27 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005
WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (06/09/2012 00:50:07 PM) (Source: MsiInstaller)(User: doug)doug
Description: Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Error 2004. Method GetFontCacheDataFolder failed. HRESULT: 0x80004005.(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

7-Zip 9.20
Ad Muncher v4.92 Build 32700
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Reader 9.5.1 (Version: 9.5.1)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.23)
Bonjour (Version: 3.0.0.10)
Browser Configuration Utility (Version: 1.1.11.0)
Canon MP560 series MP Drivers
CCleaner (Version: 3.12)
CDBurnerXP (Version: 4.4.0.3018)
CloneDVD2
Core Temp 1.0 RC3 (Version: 1.0)
DivX Setup (Version: 2.6.0.34)
EasySaver B9.0610.1 (Version: 1.00.0000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
KaraFun Player (Version: 1.20.86.771)
Kaspersky Anti-Virus 2012 (Version: 12.0.0.374)
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.4763.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NewsLeecher v4.0 Final
Newzbin2 Client 1.0.0.345 (Version: 1.0.0.345)
Nokia Connectivity Cable Driver (Version: 7.1.45.0)
Nokia Ovi Suite (Version: 3.1.1.90)
Nokia Ovi Suite Software Updater (Version: 02.07.004.45780)
NVIDIA Control Panel 275.27 (Version: 275.27)
NVIDIA Graphics Driver 275.27 (Version: 275.27)
NVIDIA Install Application (Version: 2.275.76.0)
NVIDIA nView 135.85 (Version: 135.85)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Update 1.3.4 (Version: 1.3.4)
NVIDIA Update Components (Version: 1.3.4)
OpenOffice.org 3.3 (Version: 3.3.9567)
Ovi Desktop Sync Engine (Version: 1.5.266.0)
OviMPlatform (Version: 2.7.72.0)
PC Connectivity Solution (Version: 11.4.21.0)
Photo Story 3 for Windows (Version: 3.0.1115.11)
QuickPar 0.9 (Version: 0.9)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: 5.10.0.5874)
RoboForm 7-6-9 (All Users) (Version: 7-6-9)
Rosetta Stone Version 3 (Version: 3.3.5.2)
SopCast 3.2.9 (Version: 3.2.9)
Spell Checker For OE 2.1
SUPERAntiSpyware (Version: 5.0.1150)
The Walking Dead © 3 version 1 (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Veetle TV (Version: 0.9.19)
VLC media player 2.0.1 (Version: 2.0.1)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 3326.42 MB
Available physical RAM: 2395.75 MB
Total Pagefile: 5205.53 MB
Available Pagefile: 4270.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.8 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:461.82 GB) NTFS
3 Drive d: () (Fixed) (Total:149.04 GB) (Free:65.83 GB) NTFS
4 Drive e: (VRMPOEM_EN) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
5 Drive f: (FREECOM HDD) (Fixed) (Total:232.88 GB) (Free:92.98 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-30CD8CFA16

Administrator ASPNET doug
Guest HelpAssistant lynne
SUPPORT_388945a0 UpdatusUser


**** End of log ****

#6 evaporator

evaporator
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester UK
  • Local time:08:39 AM

Posted 10 June 2012 - 10:43 AM

Sorry I accidently cleared first scan which found 57 infected items. However as soon as scan was finished and I opened my IE explorer. the failed website attemps poored into my browser history almost imediately. I have discovered that this is happening even if Ive not even got the browser open. Here is a second scan done almost straight away after the first. Only one item detected. And also the Avast scan below. while I have typed this over 50 attempts to connect me to sites have landed in my history !!!!!!!!!


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/10/2012 at 04:02 PM

Application Version : 5.0.1150

Core Rules Database Version : 8710
Trace Rules Database Version: 6522

Scan type : Complete Scan
Total Scan Time : 00:38:55

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 412
Memory threats detected : 0
Registry items scanned : 35902
Registry threats detected : 0
File items scanned : 98218
File threats detected : 1

Adware.Tracking Cookie
D:\Documents and Settings\doug\Cookies\SQZTR5VG.txt [ /ads1.zenoviaexchange.com ]


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 15:20:14
-----------------------------
15:20:14.734 OS Version: Windows 5.1.2600 Service Pack 3
15:20:14.734 Number of processors: 2 586 0x170A
15:20:14.734 ComputerName: HOME-30CD8CFA16 UserName: doug
15:20:32.765 Initialize success
15:20:58.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-e
15:20:58.546 Disk 0 Vendor: ST3500418AS CC38 Size: 476938MB BusType: 3
15:20:58.546 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19
15:20:58.546 Disk 1 Vendor: SAMSUNG_HD161HJ JF100-20 Size: 152627MB BusType: 3
15:20:58.562 Disk 0 MBR read successfully
15:20:58.562 Disk 0 MBR scan
15:20:58.562 Disk 0 Windows XP default MBR code
15:20:58.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
15:20:58.562 Disk 0 scanning sectors +976752000
15:20:58.640 Disk 0 scanning D:\WINDOWS\system32\drivers
15:21:03.703 Service scanning
15:21:08.578 Service KL1 D:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
15:21:08.593 Service kl2 D:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
15:21:08.656 Service klim5 D:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
15:21:08.671 Service klmouflt D:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
15:21:17.703 Modules scanning
15:21:22.421 Disk 0 trace - called modules:
15:21:22.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:21:22.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae99ab8]
15:21:22.437 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000066[0x8af009e8]
15:21:22.437 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-e[0x8adec940]
15:21:22.437 Scan finished successfully
15:21:43.703 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\doug\Desktop\MBR.dat"
15:21:43.703 The log file has been saved successfully to "D:\Documents and Settings\doug\Desktop\aswMBR.txt"

#7 evaporator

evaporator
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester UK
  • Local time:08:39 AM

Posted 10 June 2012 - 10:52 AM

Hi Boopme

I've just come accross this. This is what I have, But I can't get rid of it and think this site is probably there to rip me off. What do you think??

http://digg.com/newsbar/Technology/redirected_to_traffixeng_com_how_to_remove_traffixeng_com_quickly_tee_support_blog

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:39 AM

Posted 10 June 2012 - 12:57 PM

Hello.. Yes those regisret itens need ti be renoved if there,
I am trying to do it with tools unless you feel comfortable editing the registry???


This is missing from the Mini log
•List content of Hosts

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 evaporator

evaporator
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester UK
  • Local time:08:39 AM

Posted 10 June 2012 - 02:00 PM

Another strange thing thats happened is no links that I click work. I have however got all the things you requested and have run them all.I am happy to have a go at removing Items from registry manually If I know what to remove.





Database version: v2012.06.10.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
doug :: HOME-30CD8CFA16 [administrator]

10/06/2012 19:50:02
mbam-log-2012-06-10 (19-50-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249165
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

This log file is located at D:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 10/06/2012 at 19:47:40.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\rundll32.exe
D:\WINDOWS\System32\runonce.exe


Rkill completed on 10/06/2012 at 19:47:45.



TDSSKiller found nothing. Unable to copy and paste report.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:39 AM

Posted 10 June 2012 - 02:34 PM

You did tun Rkill ,then MBAm?

This is missing from the Mini log
•List content of Hosts

Rerun Minitoolbox with that checked,only that.


is no links that I click workER


Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 evaporator

evaporator
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester UK
  • Local time:08:39 AM

Posted 10 June 2012 - 02:34 PM

At this moment in time its behaving itself. It did this for a while last night after running TDSS killer and I thought I'd cracked it, but then all of a sudden bang, back it came. I'll let you know what happens. Thanks.

#12 evaporator

evaporator
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester UK
  • Local time:08:39 AM

Posted 10 June 2012 - 02:36 PM

MiniToolBox by Farbar Version: 09-06-2012
Ran by doug (administrator) on 10-06-2012 at 20:36:06
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
Hosts file not detected in the default directory

**** End of log ****
This is with just that ticked

#13 evaporator

evaporator
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester UK
  • Local time:08:39 AM

Posted 10 June 2012 - 02:41 PM

exeHelper by Raktor
Build 20100414
Run at 20:39:35 on 06/10/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--exeHelper by Raktor
Build 20100414
Run at 20:39:35 on 06/10/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 21:15:39 on 06/10/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--



Oh crap its back, getting bombarded again

Edited by evaporator, 10 June 2012 - 03:16 PM.


#14 evaporator

evaporator
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester UK
  • Local time:08:39 AM

Posted 10 June 2012 - 02:46 PM

error downloading updates for online scanner, asking is proxy configured?

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:39 AM

Posted 10 June 2012 - 03:25 PM

Did you run Rkill before MBAm/ Malwarebytes?

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.



Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users