Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some Websites Won't Load


  • Please log in to reply
16 replies to this topic

#1 adam654321

adam654321

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 05 February 2013 - 03:25 AM

I am having trouble loading certain websites in all browsers. I keep getting messages that say the connection timed out. Certain websites like google and hotmail will load. others like wikipedia will not. yahoo.com loads sometimes and not at others. I called my ISP and they say I have malware. I do not understand how they know this. I have run a scan using malwarebytes and no malicious items were detected. Please help me. I work from home and everyday I cannot work is a day's wages lost

Edited by adam654321, 05 February 2013 - 03:30 AM.


BC AdBot (Login to Remove)

 


#2 adam654321

adam654321
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 05 February 2013 - 03:57 AM

The computer in question has a router and all computers that connect to the internet via this router have the same problem. I have one computer that can reach a different wi-fi connection and it does not experience this problem

#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:09 PM

Posted 05 February 2013 - 04:58 AM

Hello adam........ and Welcome -

Please download Farbar Service Scanner and run it on the computer with the issue.
•Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
•Press "Scan".
•It will create a log (FSS.txt) in the same directory the tool is run.
•Please copy and paste the log to your reply.

Download Security Check by Screen317 from HERE or HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

Please download AdwCleaner by Xplode onto your desktop.
If you are prompted, please disable your Antivirus - Information (temp disable) HERE
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
AdwCleaner is a reliable removal tool for adware, toolbar and potentially unwanted programs.
AdwCleaner is a tool that deletes : Adwares (software ads) ETC.

Thank You -

#4 adam654321

adam654321
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 05 February 2013 - 07:20 PM

The computer didnt restart after I ran AdwCleaner, but I did get a text file.

Farbar Service Scanner Version: 30-01-2013
Ran by Daphne (administrator) on 05-02-2013 at 18:11:38
Running from "C:\Users\Daphne\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****






Results of screen317's Security Check version 0.99.57
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.63 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (18.0.1)
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````








# AdwCleaner v2.111 - Logfile created 02/05/2013 at 18:12:00
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Daphne - DAPHNE-PC
# Boot Mode : Normal
# Running from : C:\Users\Daphne\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Users\Daphne\AppData\Local\Temp\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Daphne\AppData\Roaming\Mozilla\Firefox\Profiles\xfuhhtg0.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Daphne\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3213 octets] - [05/02/2013 18:12:00]

########## EOF - C:\AdwCleaner[R1].txt - [3273 octets] ##########

#5 adam654321

adam654321
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 05 February 2013 - 07:42 PM

I don't understand how malware could be causing my problem. Why are all of my computers affected?

#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:09 PM

Posted 05 February 2013 - 08:01 PM

Why are all of my computers affected?

Hi -
Please Reboot if the program did not auto reboot after running -
For a start, we are only looking at this one and the results may show a common download that is causing this (How many are affected ?)

Windows 7 Home Premium (X64)Out of date service pack!! < Is there a reason why you do not have Windows7 SP1 installed ??
Are Windows Updates working, or do you check on a weekly basis for updates ??

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
List devices >>(Problem only)<<
•List Users, Partitions and Memory size.
•List Minidump Files
Click Go and copy / paste the result (Result.txt) in your next reply -
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Thank You -

#7 adam654321

adam654321
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 05 February 2013 - 09:35 PM

I don't know Windows7 SP1 isn't installed. Is that something I need to do right away?

Also, I tried plugging an unaffected laptop directly into the ethernet cable and it started to experience the same issue. I think the problem might be with my modem.


MiniToolBox by Farbar Version:10-01-2013
Ran by Daphne (administrator) on 05-02-2013 at 20:17:16
Running from "C:\Users\Daphne\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Daphne-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.tx.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.tx.comcast.net.
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 90-E6-BA-14-E9-F6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4092:4fd7:8fe5:b459%11(Preferred)
IPv4 Address. . . . . . . . . . . : 98.196.16.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Tuesday, February 05, 2013 8:12:39 PM
Lease Expires . . . . . . . . . . : Saturday, February 09, 2013 3:21:46 AM
Default Gateway . . . . . . . . . : 98.196.16.1
DHCP Server . . . . . . . . . . . : 69.252.216.72
DHCPv6 IAID . . . . . . . . . . . : 234890776
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-6F-02-50-90-E6-BA-14-E9-F6
DNS Servers . . . . . . . . . . . : 75.75.76.76
75.75.75.75
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.tx.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.tx.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . : hsd1.tx.comcast.net.
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:62c4:100c::62c4:100c(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 75.75.76.76
75.75.75.75
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1069:15d7:9d3b:eff3(Preferred)
Link-local IPv6 Address . . . . . : fe80::1069:15d7:9d3b:eff3%12(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 2607:f8b0:4002:c01::65
74.125.140.101
74.125.140.100
74.125.140.113
74.125.140.138
74.125.140.139
74.125.140.102


Pinging google.com [74.125.137.101] with 32 bytes of data:
Reply from 74.125.137.101: bytes=32 time=32ms TTL=48
Reply from 74.125.137.101: bytes=32 time=46ms TTL=48

Ping statistics for 74.125.137.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 32ms, Maximum = 46ms, Average = 39ms
Server: cdns02.comcast.net
Address: 75.75.76.76

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=807ms TTL=50
Reply from 98.139.183.24: bytes=32 time=730ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 730ms, Maximum = 807ms, Average = 768ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...90 e6 ba 14 e9 f6 ......NVIDIA nForce 10/100 Mbps Ethernet
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 98.196.16.1 98.196.16.12 20
98.196.16.0 255.255.252.0 On-link 98.196.16.12 276
98.196.16.12 255.255.255.255 On-link 98.196.16.12 276
98.196.19.255 255.255.255.255 On-link 98.196.16.12 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 98.196.16.12 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 98.196.16.12 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:953c:1069:15d7:9d3b:eff3/128
On-link
15 1025 2002::/16 On-link
15 281 2002:62c4:100c::62c4:100c/128
On-link
11 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::1069:15d7:9d3b:eff3/128
On-link
11 276 fe80::4092:4fd7:8fe5:b459/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

=========================== Installed Programs ============================

Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Activate Norton Online Backup (Version: 1.1.20.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.63)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader XI (11.0.01) (Version: 11.0.01)
AIM 7
AVG Free 9.0
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center (Version: 1.1.2)
Canon MP160
Citrix online plug-in (Web) (Version: 11.2.0.31560)
Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)
CyberLink DVD Suite Deluxe (Version: 6.0.3101)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
Download Updater (AOL LLC)
Facebook Plug-In
Google Chrome (Version: 24.0.1312.57)
Google Update Helper (Version: 1.3.21.123)
Hardware Diagnostic Tools (Version: 6.0.5205.31)
HiJackThis (Version: 1.0.0)
Homepage Protection (Version: )
HP Advisor (Version: 3.2.8946.3086)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Games (Version: 1.0.0.71)
HP Odometer (Version: 2.10.0000)
HP Remote Solution (Version: 1.1.9.0)
HP Setup (Version: 1.2.3220.3079)
HP Support Assistant (Version: 4.2.8.3)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.001.000.014)
HPAsset component for HP Active Support Library (Version: 3.0.1.0)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 33 (Version: 6.0.330)
LabelPrint (Version: 2.5.1901)
LightScribe System Software (Version: 1.18.5.1)
Logitech QuickCam (Version: 11.00.1217)
LSI PCI-SV92EX Soft Modem (Version: 2.2.96)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
McAfee SiteAdvisor (Version: 3.6.187)
Microsoft Live Search Toolbar (Version: 3.0.560.0)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 60 day trial
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft OneNote 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 2.0.31005.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1)
Mozilla Maintenance Service (Version: 18.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers (Version: 1.5)
OpenOffice.org 3.2 (Version: 3.2.9502)
PDF Settings CS6 (Version: 11.0)
PictureMover (Version: 3.3.1.19)
Power2Go (Version: 6.0.3101)
PowerDirector (Version: 7.0.3101)
PowerRecover (Version: 5.5.1923)
Realtek High Definition Audio Driver (Version: 6.0.1.5882)
Skype Toolbars (Version: 5.3.7280)
Skype™ 5.3 (Version: 5.3.116)
Video Mover
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 2942.49 MB
Available physical RAM: 1943.9 MB
Total Pagefile: 5883.13 MB
Available Pagefile: 4613.31 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.12 MB

========================= Partitions: =====================================

1 Drive c: (COMPAQ) (Fixed) (Total:454.76 GB) (Free:394.74 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.9 GB) (Free:2.02 GB) NTFS
4 Drive f: (VASS) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32

========================= Users: ========================================

User accounts for \\DAPHNE-PC

Administrator Daphne Guest

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:09 PM

Posted 05 February 2013 - 10:12 PM

I don't know Windows7 SP1 isn't installed. Is that something I need to do right away?

Hi -
Most of us did this months ago, and it also came in normal Windows Updates. That is why I mentioned "do you have Updates enabled"
The updates from Windows are always important and should be installed whenever presented to you.

A few minor items first -
Close all open programs and Re run Adaware Cleaner but this time hit the Delete button and it will reboot -

Delete Java™ 6 Update 33 (Version: 6.0.330) from Programs and Features and see if you have a Java icon in Control Panel
If you do - Open Java and hit the Second Tab (Update) Current version is about 7 Update 13 (from memory)

Run this M/soft FixIt for Windows7 Hosts file restore as yours has been deleted, this can be due to a minor infection
http://go.microsoft.com/?linkid=9668866 < Hit Run and follow any prompts given -

Thank You -

#9 adam654321

adam654321
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 05 February 2013 - 10:34 PM

I have just discovered an email from comcast saying one of my computers is infected with a bot. It offers "do it yourself" instructions. Should I continue with your instructions?

#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:09 PM

Posted 05 February 2013 - 10:43 PM

Can you Copy and paste that email (just the main body)

How do Comcast know you are infected unless it was a fault that they sent you ??
Do not run the fix yet unless I can see it please -

Thank You -

#11 adam654321

adam654321
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 05 February 2013 - 11:22 PM

Constant Guard™ Alert
Dear XFINITY Customer,

XFINITY identified one or more of your computers may be infected with a bot. You might have already seen an Alert from XFINITY informing you about bot activity.

We strongly recommend you take action to remove malicious software from your computers.

We appreciate your prompt attention to this important security notice.

Sincerely,
Constant Guard from XFINITY




A bot is a malicious form of software that is used to send spam, host a phishing site, or steal your identity by monitoring your keystrokes without your knowledge.

Bot infects your computer

Bot gathers your personal info

Bot passes your info to 3rd party






Constant Guard is a comprehensive online security protection service provided by XFINITY Internet.
We help ensure your online safety with products and services to protect you, your computer and your family.

Constant Guard identifies infected computers by:

Getting data from reputable Internet research groups that specialize in bot identification.
Looking for malicious behavior exhibited by bots (such as spam, distributed denial of service attacks, and repeated connection requests to known 'command and control' channels).
Collecting this data to confirm whether one or more of your computers has been infected.



This is a service related email. Comcast will occasionally send you service-related emails to inform you of service upgrades or new benefits to you Comcast High-Speed Internet service.

Copyright 2012. Comcast. All other trademarks are properties of their respective owners.

Comcast respects your privacy. For a complete description of our privacy policy, click here.

Comcast
One Comcast Center, 10th Floor
1701 JFK Boulevard
Philadelphia, PA 19103-2838

#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:09 PM

Posted 05 February 2013 - 11:37 PM

Download Junkware Removal Tool
Disable your Antivirus program if required
For vista and windows 7 right click on the tool and select run as administrator
After the scan is completed, post the generated log here.

Please download AdwCleaner by Xplode onto your desktop.
If you are prompted, please disable your Antivirus - Information (temp disable) HERE
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.

Please run or Re-run these 2 programs and they should remove any Crawler bot -

Be sure to hit DELETE in the AdwCleaner program - JRT will Auto run in Delete mode -

Post both logs after they finish -

Thanks -

#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:09 PM

Posted 05 February 2013 - 11:47 PM

Just as an added extra, I get several emails on several accounts to say that I need to do something quite often.
Mostly these are Spam and if you click on the given link you will be infected or the Spammers will add you to another Spam list -

Mrs Djeprack from Africa sends me one most days, but I can check the source of the emails very easy.

I would wait a day or 2 and see what happens with these -
EDIT -
After reading the email several times, I noticed some wrongly worded items - Ignore it -

Edited by noknojon, 05 February 2013 - 11:51 PM.


#14 adam654321

adam654321
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 06 February 2013 - 12:43 AM

Comcast/Xfinity is my ISP and the email came to my Comcast email account. That is why I trusted it. Well, as it turned out Comcast was blocking my internet connection (or at least inhibiting it in some way) because they detected malware. I have had this block removed and I personally do not believe I have malware on my system. So, my problem is resolved. I will post the logs anyway though just to hear your opinion on the matter.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by Daphne on Tue 02/05/2013 at 22:47:33.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1056788846-2193317318-2590829735-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{3bd44f0e-0596-4008-aee0-45d47e3a8f0e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{abd3b5e1-b268-407b-a150-2641dab8d898}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{abd3b5e1-b268-407b-a150-2641dab8d898}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.xpt"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/05/2013 at 22:56:15.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






# AdwCleaner v2.111 - Logfile created 02/05/2013 at 22:57:20
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Daphne - DAPHNE-PC
# Boot Mode : Normal
# Running from : C:\Users\Daphne\Desktop\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Daphne\AppData\Roaming\Mozilla\Firefox\Profiles\xfuhhtg0.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Daphne\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3336 octets] - [05/02/2013 18:12:00]
AdwCleaner[R2].txt - [3396 octets] - [05/02/2013 18:12:32]
AdwCleaner[S1].txt - [3514 octets] - [05/02/2013 21:20:17]
AdwCleaner[S2].txt - [999 octets] - [05/02/2013 22:57:20]

########## EOF - C:\AdwCleaner[S2].txt - [1058 octets] ##########

#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:09 PM

Posted 06 February 2013 - 01:18 AM

OK -
There were a few minor items removed there, and these should help you - Here are 2 other check up programs I would like you to run -
Download UNHIDE to your desktop -
Double click on Unhide to start it - Vista and Windows7 users, Right click and select Run as Administrator -
It will produce a log that you can post back

Also Install, Update and run SuperantiSpyware Free and post its log -

Once these are finished please run this Temp File cleaner to empty all unwanted Temp files -

Remove temporary and junk files
To clean out your temporary internet files and temp files.
Download TFC by OldTimer from HERE to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista / Windows7, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
Bo log is produced, but it can take from 2 up to 10 minutes to run -

Thanks -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users