Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers do not load certain sites


  • This topic is locked This topic is locked
15 replies to this topic

#1 crvlvr

crvlvr

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 22 July 2013 - 08:13 AM

Hi,
 
For the past few weeks my browsers (IE and FF) do not load certain websites. (e.g. depositfiles.com) the URL indicates the website, but the page remains blank. However, the site is visible in google cache.
 
I ran Kaspersky, MAlwarebytes and Combofix. None of them indicate malicious items. I have included related logs below. Any help is appreciated. Thanks.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.02.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.5512
Vivek :: VAIO [administrator]

7/22/2013 6:31:01 PM
mbam-log-2013-07-22 (18-31-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220444
Time elapsed: 1 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
~~~~~~~~~~~~~~~~~~~~~~~~~
 
ComboFix 13-07-02.03 - Vivek 07/22/2013  18:25:22.4.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3039.2582 [GMT 5.5:30]
Running from: c:\documents and settings\Vivek\My Documents\aa\P\zP\ComboFix.exe
FW: Sygate Personal Firewall *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-22 to 2013-07-22  )))))))))))))))))))))))))))))))
.
.
2013-07-06 10:43 . 2013-07-06 10:43    --------    d-----w-    C:\DriveKey
2013-07-05 02:06 . 2013-06-18 14:22    263576    ----a-w-    c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-07-05 02:06 . 2013-06-18 14:21    26520    ----a-w-    c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-07-02 04:47 . 2013-06-18 14:21    92056    ----a-w-    c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-07-02 04:47 . 2013-06-18 14:21    170232    ----a-w-    c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-07-02 04:47 . 2013-06-18 14:21    131480    ----a-w-    c:\program files\Mozilla Firefox\mozglue.dll
2013-07-02 04:47 . 2013-06-18 14:21    193824    ----a-w-    c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2013-07-02 04:47 . 2013-06-18 14:21    117144    ----a-w-    c:\program files\Mozilla Firefox\maintenanceservice.exe
2013-07-02 04:47 . 2013-06-18 14:21    3407256    ----a-w-    c:\program files\Mozilla Firefox\gkmedias.dll
2013-07-02 04:47 . 2013-06-18 14:21    74136    ----a-w-    c:\program files\Mozilla Firefox\breakpadinjector.dll
2013-07-02 04:47 . 2010-03-18 16:15    770384    ----a-w-    c:\program files\Mozilla Firefox\msvcr100.dll
2013-07-02 04:47 . 2010-03-18 16:15    421200    ----a-w-    c:\program files\Mozilla Firefox\msvcp100.dll
2013-06-30 21:53 . 2013-06-30 21:53    --------    d-----w-    c:\program files\Common Files\Java
2013-06-30 21:48 . 2013-06-30 21:48    --------    d-----w-    c:\program files\Dropbox
2013-06-30 21:47 . 2013-06-30 21:47    --------    d-----w-    c:\documents and settings\Vivek\Application Data\Soekw
2013-06-30 21:47 . 2013-06-30 21:47    --------    d-----w-    c:\documents and settings\Vivek\Application Data\Gebeu
2013-06-30 21:45 . 2013-06-30 21:45    --------    d-----w-    c:\program files\PDFReader
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-01 04:06 . 2013-04-03 04:44    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-01 04:06 . 2013-04-03 04:44    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-03-12 22:16 . 2012-03-12 22:16    336    ----a-w-    c:\program files\temp995.bat
2010-11-11 22:34 . 2012-10-02 16:13    201728    ----a-w-    c:\program files\hjsplit.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\Vivek\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\Vivek\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\Vivek\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\Vivek\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Vivek\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2009-05-26 552960]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2008-03-26 217088]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-05-15 534368]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-05-16 315392]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-22 1032192]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]
.
c:\documents and settings\Vivek\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Vivek\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-9 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-08-22 22:46    73728    ----a-w-    c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-13 20:42    483328    ----a-w-    c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08    946352    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirPort Base Station Agent]
2009-11-11 23:17    771360    ----a-w-    c:\program files\AirPort\APAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 09:20    532040    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"EvtEng"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Vivek\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Office\\Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Vivek\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:*:Disabled:Bonjour
"4575:TCP"= 4575:TCP:gfwlbm
.
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [4/13/2011 11:09 AM 6878848]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [5/2/2013 7:32 PM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/18/2012 12:19 AM 701512]
S2 mthld;Driver Security;c:\windows\system32\svchost.exe -k netsvcs [8/5/2004 12:30 AM 14336]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4/7/2011 9:03 PM 3857408]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [4/19/2013 3:14 PM 161384]
S2 ttctmrc;Driver Installer;c:\windows\system32\svchost.exe -k netsvcs [8/5/2004 12:30 AM 14336]
S2 vjmkddava;Driver Server;c:\windows\system32\svchost.exe -k netsvcs [8/5/2004 12:30 AM 14336]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [8/5/2004 12:30 AM 14336]
S2 zjkjweg;Universal Update;c:\windows\system32\svchost.exe -k netsvcs [8/5/2004 12:30 AM 14336]
S3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [2/2/2011 11:39 AM 71296]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/2/2011 11:38 AM 1684736]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [12/12/2011 12:41 PM 16512]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/19/2009 12:28 AM 11336]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/18/2012 12:19 AM 22856]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [9/8/2011 8:08 PM 18432]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/4/2011 7:44 PM 16896]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
*NewlyCreated* - PXHELP20
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs    REG_MULTI_SZ       yksvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ttctmrc
zjkjweg
vjmkddava
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-02 21:05]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-02 21:05]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{36D4ED43-3F21-4F45-8955-40D739E5FDBA}: NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{3FAD6A81-318E-4D46-8874-2CE7D30EE95C}: NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{985FEA44-A793-44A2-95FD-4D64665FF4BB}: NameServer = 8.8.8.8,8.8.8.4
FF - ProfilePath - c:\documents and settings\Vivek\Application Data\Mozilla\Firefox\Profiles\5lrczewd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-22 18:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mthld]
"ServiceDll"="c:\windows\system32\fpnqkbtx.dll.old"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ttctmrc]
.
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vjmkddava]
.
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zjkjweg]
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(1168)
c:\documents and settings\Vivek\Application Data\Dropbox\bin\DropboxExt.19.dll
.
Completion time: 2013-07-22  18:29:24
ComboFix-quarantined-files.txt  2013-07-22 12:59
ComboFix2.txt  2013-07-02 16:48
ComboFix3.txt  2013-06-24 05:06
ComboFix4.txt  2013-06-16 06:51
.
Pre-Run: 43,266,445,312 bytes free
Post-Run: 43,222,351,872 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5AC80E79F6C992BEA8CB8A5CA4D86AC2
8F558EB6672622401DA993E1E865C861

Edit: Moved topic from Web Browsing/Email and Other Internet Applications to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:43 AM

Posted 24 July 2013 - 09:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check..

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 crvlvr

crvlvr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 24 July 2013 - 10:10 AM

Hi nasdaq. Thanks for offering to help me. I have followed your instructions. The problem is not yet remedied. Logs are posted below.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v2.306 - Logfile created 07/24/2013 at 20:23:02
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Vivek - VAIO
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Vivek\My

Documents\aa\P\zP\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Vivek\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Vivek\Application Data\DSite
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet

Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted :

HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\Default Tab
Key Deleted :

HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Com

ponents\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Vivek\Application

Data\Mozilla\Firefox\Profiles\5lrczewd.default\prefs.js

C:\Documents and Settings\Vivek\Application

Data\Mozilla\Firefox\Profiles\5lrczewd.default\user.js ... Deleted !

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663",

true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445530228833",

true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338",

true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "7-3-2012");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Wed Mar 07 2012

23:25:55 GMT+0530 (India Standard[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "7-3-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload",

"hxxp://www.yahoo.com/");
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT3072253.InstalledDate", "Wed Mar 07 2012 23:25:54

GMT+0530 (India Standard Time)");
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Wed Mar 07 2012

23:25:58 GMT+0530 (India Standard [...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LastLogin_3.9.0.3", "Wed Mar 07 2012 23:25:58

GMT+0530 (India Standard Time)");
Deleted : user_pref("CT3072253.LatestVersion", "3.9.0.3");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl",

"hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT3072253.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized

Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload",

"chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Wed Mar 07 2012

23:25:58 GMT+0530 (India Standar[...]
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Wed Mar 07 2012

23:25:53 GMT+0530 (India Standard Ti[...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Wed Mar 07 2012

23:25:53 GMT+0530 (India Standard Time[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1330471245");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Wed Mar 07

2012 23:25:53 GMT+0530 (India Stand[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.Uninstall", true);
Deleted : user_pref("CT3072253.UserID", "UN55535046956722361");
Deleted : user_pref("CT3072253.ValidationData_Toolbar", 0);
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime",

"576564204D617220303720323031322032333A32353A35392[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Wed Mar 07

2012 23:25:55 GMT+0530 (India St[...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.revertSettingsEnabled", true);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Wed Mar 07

2012 23:25:54 GMT+0530 (India Sta[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Wed Mar 07

2012 23:25:58 GMT+0530 (India Sta[...]
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled",

"3.9.0.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId",

"b5d76670-da3a-4421-947f-34ee4f534116");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable",

true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted :

user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime",

"Wed Mar 07 2012 23:25:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime",

"Wed Mar 07 2012 23:26:06 GMT+053[...]
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed

Mar 07 2012 23:25:53 GMT+0530 (I[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime",

"1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin",

300);
Deleted : user_pref("CommunityToolbar.notifications.userId",

"1628be38-9aa7-4063-baf9-6a312dd2efaa");
Deleted : user_pref("CommunityToolbar.originalHomepage",

"hxxp://www.yahoo.com/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine",

"chrome://browser-region/locale/region.properties[...]

*************************

AdwCleaner[S1].txt - [10391 octets] - [24/07/2013 20:23:02]

########## EOF - C:\AdwCleaner[S1].txt - [10452 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Microsoft Windows XP x86
Ran by Vivek on Wed 07/24/2013 at 20:27:31.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Vivek\Application Data\mozilla\firefox\profiles\5lrczewd.default\prefs.js

user_pref("browser.search.searchEnginesURL", "");
Emptied folder: C:\Documents and Settings\Vivek\Application Data\mozilla\firefox\profiles\5lrczewd.default\minidumps [6 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/24/2013 at 20:30:22.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ComboFix 13-07-24.02 - Vivek 07/24/2013  20:32:12.5.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3039.2530 [GMT 5.5:30]
Running from: c:\documents and settings\Vivek\Desktop\ComboFix.exe
FW: Sygate Personal Firewall *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-24 to 2013-07-24  )))))))))))))))))))))))))))))))
.
.
2013-07-24 14:57 . 2013-07-24 14:57    --------    d-----w-    c:\windows\ERUNT
2013-07-06 10:43 . 2013-07-06 10:43    --------    d-----w-    C:\DriveKey
2013-07-05 02:06 . 2013-06-18 14:22    263576    ----a-w-    c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-07-05 02:06 . 2013-06-18 14:21    26520    ----a-w-    c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-07-02 04:47 . 2013-06-18 14:21    92056    ----a-w-    c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-07-02 04:47 . 2013-06-18 14:21    170232    ----a-w-    c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-07-02 04:47 . 2013-06-18 14:21    131480    ----a-w-    c:\program files\Mozilla Firefox\mozglue.dll
2013-07-02 04:47 . 2013-06-18 14:21    193824    ----a-w-    c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2013-07-02 04:47 . 2013-06-18 14:21    117144    ----a-w-    c:\program files\Mozilla Firefox\maintenanceservice.exe
2013-07-02 04:47 . 2013-06-18 14:21    3407256    ----a-w-    c:\program files\Mozilla Firefox\gkmedias.dll
2013-07-02 04:47 . 2013-06-18 14:21    74136    ----a-w-    c:\program files\Mozilla Firefox\breakpadinjector.dll
2013-07-02 04:47 . 2010-03-18 16:15    770384    ----a-w-    c:\program files\Mozilla Firefox\msvcr100.dll
2013-07-02 04:47 . 2010-03-18 16:15    421200    ----a-w-    c:\program files\Mozilla Firefox\msvcp100.dll
2013-06-30 21:53 . 2013-06-30 21:53    --------    d-----w-    c:\program files\Common Files\Java
2013-06-30 21:48 . 2013-06-30 21:48    --------    d-----w-    c:\program files\Dropbox
2013-06-30 21:47 . 2013-06-30 21:47    --------    d-----w-    c:\documents and settings\Vivek\Application Data\Soekw
2013-06-30 21:47 . 2013-06-30 21:47    --------    d-----w-    c:\documents and settings\Vivek\Application Data\Gebeu
2013-06-30 21:45 . 2013-06-30 21:45    --------    d-----w-    c:\program files\PDFReader
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-01 04:06 . 2013-04-03 04:44    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-01 04:06 . 2013-04-03 04:44    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-03-12 22:16 . 2012-03-12 22:16    336    ----a-w-    c:\program files\temp995.bat
2010-11-11 22:34 . 2012-10-02 16:13    201728    ----a-w-    c:\program files\hjsplit.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\Vivek\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\Vivek\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\Vivek\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\Vivek\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Vivek\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2009-05-26 552960]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2008-03-26 217088]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-05-15 534368]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-05-16 315392]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-22 1032192]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]
.
c:\documents and settings\Vivek\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Vivek\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-9 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-08-22 22:46    73728    ----a-w-    c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-13 20:42    483328    ----a-w-    c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08    946352    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirPort Base Station Agent]
2009-11-11 23:17    771360    ----a-w-    c:\program files\AirPort\APAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 09:20    532040    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"EvtEng"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Vivek\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Office\\Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Vivek\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:*:Disabled:Bonjour
"4575:TCP"= 4575:TCP:gfwlbm
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [5/2/2013 7:32 PM 418376]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4/7/2011 9:03 PM 3857408]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [8/5/2004 12:30 AM 14336]
R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [2/2/2011 11:39 AM 71296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/18/2012 12:19 AM 22856]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [4/13/2011 11:09 AM 6878848]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/4/2011 7:44 PM 16896]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/18/2012 12:19 AM 701512]
S2 mthld;Driver Security;c:\windows\system32\svchost.exe -k netsvcs [8/5/2004 12:30 AM 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [4/19/2013 3:14 PM 161384]
S2 ttctmrc;Driver Installer;c:\windows\system32\svchost.exe -k netsvcs [8/5/2004 12:30 AM 14336]
S2 vjmkddava;Driver Server;c:\windows\system32\svchost.exe -k netsvcs [8/5/2004 12:30 AM 14336]
S2 zjkjweg;Universal Update;c:\windows\system32\svchost.exe -k netsvcs [8/5/2004 12:30 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/2/2011 11:38 AM 1684736]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [12/12/2011 12:41 PM 16512]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/19/2009 12:28 AM 11336]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [9/8/2011 8:08 PM 18432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs    REG_MULTI_SZ       yksvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ttctmrc
zjkjweg
vjmkddava
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-02 21:05]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-02 21:05]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{36D4ED43-3F21-4F45-8955-40D739E5FDBA}: NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{3FAD6A81-318E-4D46-8874-2CE7D30EE95C}: NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{985FEA44-A793-44A2-95FD-4D64665FF4BB}: NameServer = 8.8.8.8,8.8.8.4
FF - ProfilePath - c:\documents and settings\Vivek\Application Data\Mozilla\Firefox\Profiles\5lrczewd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-24 20:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mthld]
"ServiceDll"="c:\windows\system32\fpnqkbtx.dll.old"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ttctmrc]
.
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vjmkddava]
.
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zjkjweg]
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(1820)
c:\documents and settings\Vivek\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
.
Completion time: 2013-07-24  20:37:58
ComboFix-quarantined-files.txt  2013-07-24 15:07
ComboFix2.txt  2013-07-22 12:59
ComboFix3.txt  2013-07-02 16:48
ComboFix4.txt  2013-06-24 05:06
ComboFix5.txt  2013-07-24 15:01
.
Pre-Run: 42,429,759,488 bytes free
Post-Run: 42,412,597,248 bytes free
.
- - End Of File - - 3CACDE13910056F839F9A1D4F386B1A7
8F558EB6672622401DA993E1E865C861



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:43 AM

Posted 24 July 2013 - 10:26 AM

Open Internet Explorer Tools menu > Internet Options > Advanced tab.
Reset the internet settings, click the reset button and if required click the apply button.
Restart that computer normally.

If the problem persists run this scan.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List installed programs
  • Click Go and copy/paste the log (Result.txt) into your next post.

    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#5 crvlvr

crvlvr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 24 July 2013 - 10:41 AM

Hi nasdaq:

 

I reset IE settings. problem not resolved.  MiniToolBox log below:

 

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Vivek (administrator) on 24-07-2013 at 21:09:45
Running from "C:\Documents and Settings\Vivek\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® WiFi Link 5100 AGN = Wireless Network Connection 6 (Connected)
Bluetooth LAN Access Server Driver = Bluetooth Network (Media disconnected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 6"

set address name="Wireless Network Connection 6" source=dhcp
set dns name="Wireless Network Connection 6" source=static addr=8.8.8.8 register=PRIMARY
add dns name="Wireless Network Connection 6" addr=8.8.8.4 index=2
set wins name="Wireless Network Connection 6" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=8.8.8.8 register=PRIMARY
add dns name="Local Area Connection" addr=8.8.8.4 index=2
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Bluetooth Network"

set address name="Bluetooth Network" source=dhcp
set dns name="Bluetooth Network" source=dhcp register=PRIMARY
set wins name="Bluetooth Network" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : vaio

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection 6:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN

        Physical Address. . . . . . . . . : 00-24-D6-70-FF-58

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 10.0.0.2

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 10.0.0.1

        DHCP Server . . . . . . . . . . . : 10.0.0.1

        DNS Servers . . . . . . . . . . . : 8.8.8.8

                                            8.8.8.4

        Lease Obtained. . . . . . . . . . : Wednesday, July 24, 2013 8:25:20 PM

        Lease Expires . . . . . . . . . . : Thursday, July 25, 2013 9:56:42 AM



Ethernet adapter Local Area Connection:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller

        Physical Address. . . . . . . . . : 00-24-BE-BE-09-AC



Ethernet adapter Bluetooth Network:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver

        Physical Address. . . . . . . . . : 60-38-0E-10-0E-38

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google.com
Addresses:  74.125.236.130, 74.125.236.133, 74.125.236.128, 74.125.236.137
      74.125.236.134, 74.125.236.129, 74.125.236.136, 74.125.236.135, 74.125.236.142
      74.125.236.131, 74.125.236.132



Pinging google.com [74.125.236.130] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 74.125.236.130:

    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  98.139.183.24, 98.138.253.109, 206.190.36.45



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=351ms TTL=48

Reply from 98.139.183.24: bytes=32 time=337ms TTL=48



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 337ms, Maximum = 351ms, Average = 344ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 d6 70 ff 58 ...... Intel® WiFi Link 5100 AGN - Packet Scheduler Miniport
0x3 ...00 24 be be 09 ac ...... Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
0x10005 ...60 38 0e 10 0e 38 ...... Bluetooth LAN Access Server Driver - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.2      1
         10.0.0.0    255.255.255.0         10.0.0.2        10.0.0.2      25
         10.0.0.2  255.255.255.255        127.0.0.1       127.0.0.1      25
   10.255.255.255  255.255.255.255         10.0.0.2        10.0.0.2      25
     98.139.73.55  255.255.255.255         10.0.0.1        10.0.0.2      1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
     208.71.44.31  255.255.255.255         10.0.0.1        10.0.0.2      1
     216.39.55.13  255.255.255.255         10.0.0.1        10.0.0.2      1
  216.115.100.102  255.255.255.255         10.0.0.1        10.0.0.2      1
        224.0.0.0        240.0.0.0         10.0.0.2        10.0.0.2      25
  255.255.255.255  255.255.255.255         10.0.0.2               3      1
  255.255.255.255  255.255.255.255         10.0.0.2           10005      1
  255.255.255.255  255.255.255.255         10.0.0.2        10.0.0.2      1
Default Gateway:          10.0.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/12/2013 09:47:24 PM) (Source: Application Hang) (User: )
Description: Hanging application uTorrent.exe, version 3.1.2.26821, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/11/2013 04:26:08 PM) (Source: Application Error) (User: )
Description: Faulting application gom.exe, version 2.1.33.5071, faulting module gsfu.ax, version 0.0.0.0, fault address 0x00026e82.
Processing media-specific event for [gom.exe!ws!]

Error: (07/06/2013 06:26:49 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 xirrus wi-fi inspector.exe, P2 1.2.1.4, P3 4f7a3ecd, P4 system.windows.forms, P5 2.0.0.0, P6 4333aefa, P7 1508, P8 17, P9 clr20r30, P10 clr20r31.

Error: (07/01/2013 03:24:28 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (07/01/2013 03:20:10 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (06/23/2013 08:13:46 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 xirrus wi-fi inspector.exe, P2 1.2.1.4, P3 4f7a3ecd, P4 system.windows.forms, P5 2.0.0.0, P6 4333aefa, P7 1508, P8 17, P9 clr20r30, P10 clr20r31.

Error: (06/20/2013 09:10:49 AM) (Source: Application Hang) (User: )
Description: Hanging application winamp.exe, version 5.5.1.1763, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/20/2013 08:32:01 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 5.0.1.4205, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/18/2013 10:29:07 PM) (Source: Application Error) (User: )
Description: Faulting application gom.exe, version 2.1.33.5071, faulting module gsfu.ax, version 0.0.0.0, fault address 0x00026e82.
Processing media-specific event for [gom.exe!ws!]

Error: (06/16/2013 10:11:48 PM) (Source: Application Hang) (User: )
Description: Hanging application gdbnt.exe, version 4.3.3.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (07/24/2013 08:25:33 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (07/24/2013 08:25:32 PM) (Source: Service Control Manager) (User: )
Description: The Universal Update service terminated with the following error:
%%2

Error: (07/24/2013 08:25:32 PM) (Source: Service Control Manager) (User: )
Description: The Driver Server service terminated with the following error:
%%2

Error: (07/24/2013 08:25:32 PM) (Source: Service Control Manager) (User: )
Description: The Driver Installer service terminated with the following error:
%%2

Error: (07/24/2013 02:40:58 PM) (Source: 0) (User: )
Description: H:

Error: (07/24/2013 02:30:27 PM) (Source: 0) (User: )
Description: H:

Error: (07/24/2013 01:13:29 PM) (Source: 0) (User: )
Description: G:

Error: (07/24/2013 10:30:34 AM) (Source: 0) (User: )
Description: G:

Error: (07/24/2013 09:56:27 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (07/24/2013 09:55:57 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE


Microsoft Office Sessions:
=========================
Error: (10/18/2011 10:10:26 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 918 seconds with 300 seconds of active time.  This session ended with a crash.


=========================== Installed Programs ============================

 D-Link ADSL USB Router
µTorrent (Version: 3.1.2)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe Acrobat 7.0 Professional (Version: 7.0.0)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
AirPort (Version: 5.5.3.2)
Angry Birds Rio (Version: 1.3.2)
Angry Birds Space (Version: 1.0.0)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoStudio 5.5
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Catalyst Control Center (Version: 2.009.0702.1238)
ATI Display Driver (Version: 8.632-090702a-084279C-Sony)
Audacity 2.0
Canon iP100 series User Registration
Canon MP Navigator 3.0
Canon MP160 User Registration
Canon My Printer
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full Existing (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full New (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Light (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Previews Common (Version: 2009.0702.1239.20840)
Catalyst Control Center Localization All (Version: 2009.0702.1239.20840)
CCC Help Chinese Standard (Version: 2009.0702.1238.20840)
CCC Help Chinese Traditional (Version: 2009.0702.1238.20840)
CCC Help Czech (Version: 2009.0702.1238.20840)
CCC Help Danish (Version: 2009.0702.1238.20840)
CCC Help Dutch (Version: 2009.0702.1238.20840)
CCC Help English (Version: 2009.0702.1238.20840)
CCC Help Finnish (Version: 2009.0702.1238.20840)
CCC Help French (Version: 2009.0702.1238.20840)
CCC Help German (Version: 2009.0702.1238.20840)
CCC Help Greek (Version: 2009.0702.1238.20840)
CCC Help Hungarian (Version: 2009.0702.1238.20840)
CCC Help Italian (Version: 2009.0702.1238.20840)
CCC Help Japanese (Version: 2009.0702.1238.20840)
CCC Help Korean (Version: 2009.0702.1238.20840)
CCC Help Norwegian (Version: 2009.0702.1238.20840)
CCC Help Polish (Version: 2009.0702.1238.20840)
CCC Help Portuguese (Version: 2009.0702.1238.20840)
CCC Help Russian (Version: 2009.0702.1238.20840)
CCC Help Spanish (Version: 2009.0702.1238.20840)
CCC Help Swedish (Version: 2009.0702.1238.20840)
CCC Help Thai (Version: 2009.0702.1238.20840)
CCC Help Turkish (Version: 2009.0702.1238.20840)
ccc-core-preinstall (Version: 2009.0702.1239.20840)
ccc-core-static (Version: 2009.0702.1239.20840)
ccc-utility (Version: 2009.0702.1239.20840)
CDBurnerXP (Version: 4.4.1.3184)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
dBpowerAMP Music Converter
Dropbox (Version: 2.0.22)
DVD Shrink 3.2
Easy-WebPrint
Free Download Manager 3.9.2
Free DVD Ripper Version 2.25
GOM Player (Version: 2.1.33.5071)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.145)
H&R Block Basic + Efile 2011 (Version: 11.02.6901)
H&R Block Basic + Efile 2012 (Version: 12.02.7301)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP USB Disk Storage Format Tool
IrfanView (remove only)
ISO Image Burner 1.1
iTunes (Version: 10.6.1.7)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.0 (Version: 2.1.0)
K-Lite Codec Pack 7.9.0 (Full) (Version: 7.9.0)
LAME v3.99.3 (for Windows)
magicJack (Version: 2.0.6073.4413)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2003 Web Components (Version: 11.0.5614.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Project Professional 2003 (Version: 11.0.5614.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Visio Professional 2003 (Version: 11.0.3216.5614)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.0.60129.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
Mp3tag v2.39 (Version: v2.39)
MPEG2 Codec(libmpeg2/mad)
Native Instruments Audio 8 DJ Driver
Native Instruments Audio 8 DJ Driver (Version: 2.0.10.001)
Native Instruments Controller Editor
Native Instruments Controller Editor (Version: 1.3.5.667)
Native Instruments Guitar Rig 5
Native Instruments Guitar Rig 5 (Version: 5.0.2.2476)
Native Instruments Guitar Rig Session I/O
Native Instruments Guitar Rig Session I/O (Version: 3.0.0.625)
Native Instruments Rig Kontrol 3
Native Instruments Rig Kontrol 3 (Version: 3.0.0.625)
Native Instruments Service Center
Native Instruments Service Center (Version: 2.3.0.853)
Native Instruments Traktor
Native Instruments Traktor (Version: 1.1.2.004)
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: 5.10.0.5886)
Setting Utility Series
Skins (Version: 2009.0702.1239.20840)
Skype™ 6.3 (Version: 6.3.107)
Sony Download Taxi 1.5.0.0
Sony Utilities DLL (Version: 7.0.01.03260)
Sony Visual Communication Camera Ver.6.103.215.0 (Version: 6.103.215.0)
SqrSoft® Advanced Crossfading (remove only)
StreamTransport version: 1.0.2.2171
Sygate Personal Firewall (Version: 5.6.2808)
Synaptics Pointing Device Driver (Version: 10.2.7.0)
System Requirements Lab for Intel (Version: 4.4.24.0)
VAIO Control Center
VAIO Event Service
VAIO Mode Switch (Version: 1.0.00.05150)
VAIO Power Management
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
WIDCOMM Bluetooth Software (Version: 5.5.0.7400)
Winamp (Version: 5.51 )
Windows Driver Package - Marvell (yukonwxp) Net  (06/15/2009 10.70.3.3) (Version: 06/15/2009 10.70.3.3)
Windows Driver Package - Ricoh Company (risdptsk) hdc  (07/09/2008 6.03.02.20) (Version: 07/09/2008 6.03.02.20)
Windows Driver Package - Ricoh Company Memorystick Host Controller (06/25/2008 6.03.00.0054) (Version: 06/25/2008 6.03.00.0054)
Windows Driver Package - UPEK (TcUsb) Biometric  (12/09/2008 1.9.2.0136) (Version: 12/09/2008 1.9.2.0136)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WinZip (Version:  9.0  (6028))
Wireless Switch Setting Utility (Version: 4.1.01.05260)
Xirrus Wi-Fi Inspector (Version: 1.2.1.4)

**** End of log ****



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:43 AM

Posted 24 July 2013 - 12:48 PM

For the past few weeks my browsers (IE and FF) do not load certain websites. (e.g. depositfiles.com) the URL indicates the website, but the page remains blank


Nothing suspicious was found on your last log.

Delete the Cookies associated with that site.
Restart the computer and try to connect.

If that fails,

Go StartBtn.gif > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*

Keep me posted.

#7 crvlvr

crvlvr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 24 July 2013 - 06:29 PM

Hi nasdaq. Deleted cookies and ran ipconfig commands. still not resolved.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:43 AM

Posted 25 July 2013 - 07:28 AM

Reset Firefox to its default value.
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

This topic may also help you find the culprit.
http://forums.mozillazine.org/viewtopic.php?f=38&t=2500067

How is it now?

#9 crvlvr

crvlvr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 26 July 2013 - 11:42 AM

nasdaq, I just checked before resetting firefox and it now works!  Must be the reboot after clearing cookies and clearing ipconfig.. thanks so much for your help and patience. I really appreciate it!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:43 AM

Posted 26 July 2013 - 12:39 PM

Glad we could help.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#11 crvlvr

crvlvr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 26 July 2013 - 09:44 PM

Thank nasdaq. I have uninstalled the programs and will look into installing the protection software. What was the cause of my problem? malware? virus? or a DNS issue?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:43 AM

Posted 27 July 2013 - 07:55 AM

It was caused by 3rd party PUP ((Potentially Unwanted Program) that are installed without your consent. There were removed by the AdwCleaner tool.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#13 crvlvr

crvlvr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 28 July 2013 - 01:34 PM

nasdaq, I am sorry to bother you.
 
But, get this...!!!
 
the past few messages, where i acknowledged that the sites have starting working, was done while I was on the road and using my android phone as a hot spot. I came back home today and now the same websites that "starting working" are not longer accessible on my wi-fi at home!
 
so the problem is back.. But, it appears when I am back to using wi-fi at home? what gives?
 
Help!

Edited by crvlvr, 28 July 2013 - 01:35 PM.


#14 crvlvr

crvlvr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 29 July 2013 - 06:29 AM

nasdaq,

 

upon further research, my ISP is blocking certain websites. That appears to the cause of the problem. I apologize for not properly researching this earlier and really appreciate your help.

 

http://www.medianama.com/2013/06/223-filesharing-sites-uploaded-net-ul-to-stooorage-blog-on-politics-blocked-on-some-isps/



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:43 AM

Posted 29 July 2013 - 06:51 AM

Thank you for the feed back.

This topic will be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users