Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web Pages Not Loading In IE & Firefox


  • This topic is locked This topic is locked
16 replies to this topic

#1 JRo11

JRo11

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 11 November 2012 - 11:40 AM

First and foremost, a BIG thank you to anyone who helps me, as I know this is a freee service and there are people out there charging good money for this exact same thing! So, yesterday while on the internet (IE) I suddenly noticed that the pages stopped loading and instead were acting as if my connection had given out. This was not the case as my connecton was fine, and I eventually found that Firefox began doing the same thing after a few hours. I realized it wasn't the Firewall either since it did the same when that was disabled. This is when I became a little suspicious and ran MBAM, which couldn't update because of some error that had to do with "user not allowing to connect to internet" or something like that. That was when I realized that it's a likely virus. I still ran MBAM however and even Avast, but neither found anything. Also, I am running Windows XP and this is a desktop computer (I'm posting from a laptop now).



Here is my DDS log:



DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.vu6001.18702 BrowserJavaVersion: 1.6.0_37
Run by Jonathan at 10:11:21 on 2012-11-10
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1512 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ================
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ontarioweather.com/
uURLSearchHooks: Winamp Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Winamp Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\winamp toolbar\winamptb.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SkyTel] SkyTel.EXE
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: bdsripcab - hxxps://media.bdsrealtime.com/components/bdsripcab.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jonathan\application data\mozilla\firefox\profiles\b9t2zp2a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\jonathan\application data\mozilla\firefox\profiles\b9t2zp2a.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefox3Extn.dll
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_37.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\adobe\acrobat 10.0\acrobat\browser\WCFirefoxExtn
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
.
============= SERVICES / DRIVERS ===============
.
R0 58409752;58409752 Boot Guard Driver;c:\windows\system32\drivers\58409752.sys [2011-3-29 37392]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-2-26 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-4 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-4 337880]
R1 setup_9.0.0.722_30.03.2011_04-22[1]drv;setup_9.0.0.722_30.03.2011_04-22[1]drv;c:\windows\system32\drivers\5840975.sys [2011-3-29 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-4 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-4 44768]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2011-3-29 598312]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 WajamUpdater;WajamUpdater;c:\program files\wajam\updater\WajamUpdater.exe [2012-6-14 109064]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2011-10-11 28256]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2011-10-11 28256]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2007-8-30 36864]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [2010-12-18 32384]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-09 04:20:34 -------- d-----w- C:\VA-Self Made Radio - Western Conference 9-2012-MIXFIEND
2012-11-09 04:15:41 -------- d-----w- C:\Audio Push - Inland Empire (Hosted By Don Cannon)-2012-MIXFIEND
2012-11-06 18:09:14 -------- d-----w- C:\ozmo
2012-11-06 02:01:11 -------- d-----w- C:\2012-04-20 - Live Oak, FL - Spirit Of The Suwannee Music Park, Mushroom Stage, P. Funk Covers
2012-10-21 15:21:02 -------- d-----w- C:\Heat
2012-10-19 13:36:02 -------- d-----w- C:\BM 201-210 + others
2012-10-19 13:34:52 -------- d-----w- C:\1970s IWA Wrestling.
==================== Find3M ====================
.
2012-10-15 22:26:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-15 22:26:18 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-24 19:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-07 22:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\SET14B.tmp
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-10-01 20:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 10:11:49.46 ===============

Attached Files


Edited by JRo11, 11 November 2012 - 11:43 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:59 AM

Posted 12 November 2012 - 08:22 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 JRo11

JRo11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 13 November 2012 - 04:13 PM

Thanks for the help m0le! I will definitely be checking this thread at all hours of my day now.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:59 AM

Posted 13 November 2012 - 08:17 PM

Okay, this may be malware but it also may not be. Let's see if we can rule out rootkit activity first

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 JRo11

JRo11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 14 November 2012 - 08:52 AM

Thanks for the response, here is my log:



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-13 21:18:34
-----------------------------
21:18:34.247 OS Version: Windows 5.1.2600 Service Pack 3
21:18:34.247 Number of processors: 2 586 0x602
21:18:34.263 ComputerName: MASI-0DC7B1A437 UserName: Jonathan
21:18:37.466 Initialize success
21:18:38.981 AVAST engine defs: 12110900
21:19:01.153 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-18
21:19:01.153 Disk 0 Vendor: ST31000528AS CC38 Size: 953869MB BusType: 3
21:19:01.153 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-20
21:19:01.169 Disk 1 Vendor: ST3500630AS 3.AAK Size: 476940MB BusType: 3
21:19:01.263 Disk 0 MBR read successfully
21:19:01.263 Disk 0 MBR scan
21:19:01.278 Disk 0 Windows XP default MBR code
21:19:01.309 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953865 MB offset 19
21:19:01.341 Disk 0 scanning sectors +1953516768
21:19:01.575 Disk 0 scanning C:\WINDOWS\system32\drivers
21:19:41.403 Service scanning
21:19:53.684 Modules scanning
21:21:00.700 Disk 0 trace - called modules:
21:21:00.747 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:21:00.747 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac5cab8]
21:21:00.747 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\00000070[0x8ac46f18]
21:21:00.747 5 ACPI.sys[f750e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-18[0x8ac35030]
21:21:08.559 AVAST engine scan C:\WINDOWS
21:24:27.638 AVAST engine scan C:\WINDOWS\system32
21:37:30.372 AVAST engine scan C:\WINDOWS\system32\drivers
21:40:32.278 AVAST engine scan C:\Documents and Settings\Jonathan
22:26:52.622 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jonathan\Desktop\MBR.dat"
22:26:52.638 The log file has been saved successfully to "C:\Documents and Settings\Jonathan\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-13 22:27:21
-----------------------------
22:27:21.294 OS Version: Windows 5.1.2600 Service Pack 3
22:27:21.294 Number of processors: 2 586 0x602
22:27:21.294 ComputerName: MASI-0DC7B1A437 UserName: Jonathan
22:27:22.481 Initialize success
22:27:23.075 AVAST engine defs: 12110900
22:27:25.341 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-18
22:27:25.341 Disk 0 Vendor: ST31000528AS CC38 Size: 953869MB BusType: 3
22:27:25.341 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-20
22:27:25.356 Disk 1 Vendor: ST3500630AS 3.AAK Size: 476940MB BusType: 3
22:27:25.419 Disk 0 MBR read successfully
22:27:25.419 Disk 0 MBR scan
22:27:25.419 Disk 0 Windows XP default MBR code
22:27:25.466 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953865 MB offset 19
22:27:25.497 Disk 0 scanning sectors +1953516768
22:27:25.919 Disk 0 scanning C:\WINDOWS\system32\drivers
22:28:03.591 Service scanning
22:28:14.294 Modules scanning
22:29:17.653 Disk 0 trace - called modules:
22:29:17.700 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:29:17.700 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac5cab8]
22:29:17.716 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\00000070[0x8ac46f18]
22:29:17.716 5 ACPI.sys[f750e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-18[0x8ac35030]
22:29:20.809 AVAST engine scan C:\WINDOWS
22:32:31.044 AVAST engine scan C:\WINDOWS\system32
22:46:40.216 AVAST engine scan C:\WINDOWS\system32\drivers
22:50:20.731 AVAST engine scan C:\Documents and Settings\Jonathan
23:47:41.794 AVAST engine scan C:\Documents and Settings\All Users
23:51:31.669 Scan finished successfully
23:54:10.606 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jonathan\Desktop\MBR.dat"
23:54:10.606 The log file has been saved successfully to "C:\Documents and Settings\Jonathan\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:59 AM

Posted 14 November 2012 - 09:17 PM

That looks fine so please run MBAM and SAS next

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#7 JRo11

JRo11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 15 November 2012 - 02:46 PM

Thanks again for the response, here are the logs:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.15.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jonathan :: MASI-0DC7B1A437 [administrator]

11/15/2012 9:07:28 AM
mbam-log-2012-11-15 (09-07-28).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317118
Time elapsed: 1 hour(s), 24 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)









SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/15/2012 at 00:50 AM

Application Version : 5.6.1014

Core Rules Database Version : 9587
Trace Rules Database Version: 7399

Scan type : Complete Scan
Total Scan Time : 00:58:22

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 634
Memory threats detected : 0
Registry items scanned : 41454
Registry threats detected : 0
File items scanned : 41133
File threats detected : 1

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{28CD0F33-EA7E-49A8-BADF-31B104DE9C6B}\RP242\A0048420.EXE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:59 AM

Posted 15 November 2012 - 08:18 PM

Hmmm, there's not much so far. Please scan with ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.


Now please run TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
Posted Image
m0le is a proud member of UNITE

#9 JRo11

JRo11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 16 November 2012 - 12:04 AM

Thanks again, but the ESET scan is not able to update, saying something like "Can not update, is proxy enabled?". It's something like this that concerns me even more that there might likely be malware activity here. Also, yesterday whle seeing if the wireless connection would work to update MBAM, the computer stalled (upon enabling the wireless connection) and went to the blue screen, so I restarted it. Now the IE is loading the pages normally. I am still concerned though, especially now that ESET won't update.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:59 AM

Posted 16 November 2012 - 09:52 AM

In Internet Explorer: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings".

In Firefox you find the Proxy server settings this like this. In Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection Select "auto-detect Proxy settings for this network"
Posted Image
m0le is a proud member of UNITE

#11 JRo11

JRo11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 16 November 2012 - 05:08 PM

Thanks for the response, but this morning before seeing your response, I decided to uninstall ESET (which was already on my CPU) and reinstalled it. Everything installed fine and it is currently scanning (will likely take a long time, maybe into tommorow) so I'll let you know then.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:59 AM

Posted 16 November 2012 - 10:11 PM

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#13 JRo11

JRo11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 17 November 2012 - 11:42 AM

So the scan finally finished and I also ran the cleaner. The scan didn't find anything after 18 hours. I am now thinking that if there was something, it may just be gone now. Also, maybe there was no malware problem to begin with, but perhaps a different issue. Regardless, everything seems to be running smooth and as it should. Thanks tremendously for the help! If you still think there maay be something in there though, please let me know. Thanks again!

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:59 AM

Posted 17 November 2012 - 02:26 PM

No, I think everything's fine and you have no sign of malware at all.

Do a quick clean up and you're set

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

If you used DeFogger now is the time to enable your CD emulation software again.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#15 JRo11

JRo11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 17 November 2012 - 05:31 PM

Alright, looks like I'm good to go, so thanks very much for all this even if there may not have been any problem to begin with, it's greatly appreciated!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users