Jump to content

Malwarebytes

Something is blocking access to microsoft.com and malwarebytes.org

- - - - -
Started by beeeans, Aug 07 2012 10:16 PM


4 replies to this topic

#1
beeeans
Posted 07 August 2012 - 10:16 PM

    New Member

  • Members
  • Pip
  • 10 posts
Hi,
I've just noticed that something is blocking access to certain sites. I can't even post here from my laptop!

I have got malwarebytes to run on my laptop using chameleon but after finding 5 infected items I still have the problem :(

thanks in advance

Attached Files


#2
Maniac
Posted 08 August 2012 - 06:37 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,123 posts
  • Gender:Male
  • Location:Bulgaria, EU
Hello beeeans! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall this application: µTorrent


Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#3
beeeans
Posted 08 August 2012 - 04:37 PM

    New Member

  • Members
  • Pip
  • 10 posts
Thank you. Here is what you asked for:





ComboFix 12-08-08.01 - Morris Brown 08/08/2012 20:45:09.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.511.49 [GMT 1:00]
Running from: c:\documents and settings\Morris Brown\Desktop\hg.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\18145076
c:\documents and settings\Morris Brown\Application Data\Microsoft\~DFK6c2a8cbe.tmp
c:\documents and settings\Morris Brown\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Morris Brown\Application Data\Microsoft\bass.dll
c:\documents and settings\Morris Brown\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Morris Brown\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Morris Brown\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Morris Brown\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Morris Brown\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\Morris Brown\Local Settings\Application Data\cxbonlgs.log
c:\documents and settings\Morris Brown\Local Settings\Application Data\dhtsofmj.log
c:\documents and settings\Morris Brown\Local Settings\Application Data\fdkmbeqm.log
c:\documents and settings\Morris Brown\Local Settings\Application Data\hiojrqal\plgvcqjy.exe
c:\documents and settings\Morris Brown\Local Settings\Application Data\jodcgnqk.log
c:\documents and settings\Morris Brown\Local Settings\Application Data\mrvnjpkp.log
c:\documents and settings\Morris Brown\Local Settings\Application Data\qrsoupev.log
c:\documents and settings\Morris Brown\Local Settings\Application Data\riacqmis.log
c:\documents and settings\Morris Brown\Local Settings\Application Data\seesqqyg.log
c:\documents and settings\Morris Brown\Local Settings\Application Data\vbnjaiun.log
c:\documents and settings\Morris Brown\My Documents\~WRL0410.tmp
c:\documents and settings\Morris Brown\My Documents\~WRL1950.tmp
c:\documents and settings\Morris Brown\My Documents\~WRL2968.tmp
c:\documents and settings\Morris Brown\My Documents\~WRL3456.tmp
c:\windows\EventSystem.log
c:\windows\help\wmplayer.bak
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 19:21 . 2012-08-08 19:21 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-07 21:50 . 2012-08-08 00:10 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-07-31 23:16 . 2012-07-31 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-07-29 16:18 . 2012-08-08 20:14 -------- d-----w- c:\documents and settings\Morris Brown\Local Settings\Application Data\hiojrqal
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 11:17 . 2012-04-28 19:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-05 11:17 . 2011-06-15 12:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 12:46 . 2011-09-25 19:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 19:23 . 2012-04-28 19:47 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-28 19:23 . 2010-04-23 18:27 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-28 17:50 . 2012-04-28 19:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2008-10-17 09:36 . 2008-10-17 09:36 13998 ----a-w- c:\program files\Common Files\anase.vbs
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 339968]
"Hcontrol"="c:\windows\ATK0100\Hcontrol.exe" [2003-09-19 61440]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-06-29 122880]
"SonyPowerCfg"="c:\program files\sony\vaio power management\SPMgr.exe" [2004-06-29 180224]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-01-19 290816]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\Morris Brown\Local Settings\Application Data\hiojrqal\plgvcqjy.exe"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Morris Brown^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Morris Brown\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [18/08/2004 17:53 118877]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/09/2011 20:54 22344]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [30/10/2002 16:10 71961]
R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\MICHAE~1\LOCALS~1\Temp\wahdfnco.sys --> c:\docume~1\MICHAE~1\LOCALS~1\Temp\wahdfnco.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/10/2008 11:07 655944]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [07/08/2012 22:50 24064]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-PlgVcqjy - c:\documents and settings\Morris Brown\Local Settings\Application Data\hiojrqal\plgvcqjy.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-08 21:13
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3072)
c:\windows\system32\ieframe.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\sony\vaio entertainment\VzTaskScheduler.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\rundll32.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Sony\HotKey Utility\HKWnd.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-08-08 21:27:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 20:26
ComboFix2.txt 2011-05-05 21:54
.
Pre-Run: 2,073,997,312 bytes free
Post-Run: 2,408,624,128 bytes free
.
- - End Of File - - AD4D1E757060622C40F2B552620FE883

#4
Maniac
Posted 09 August 2012 - 07:22 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,123 posts
  • Gender:Male
  • Location:Bulgaria, EU
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\Morris Brown\Local Settings\Application Data\hiojrqal

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#5
Maurice Naggar
Posted 14 August 2012 - 07:44 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,236 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
~Maurice Naggar

I close my threads if there is 5 days without a response.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us