99 replies to this topic

[captarheel]

Good morning.

I have been using Firefox.

I started OTL from my desktop and clicked the Scan All Users box. The scan was humming along and then just seemed to crash when it got to 'scanning Chrome settings'.

I got an error message that did not stay on screen long but sadi something like "File List out of bounds"

Now the scan seems to just be stuck.

[captarheel]

I stopped OTL and re-ran. The same message appeared:

LIst index out of bounds 433

[MrCharlie]

OK, OTL doesn't like your system, here's what seems to fix the ip blocking problem.

Uninstall Firefox and any related file/folders and reinstall.

Let me know, MrC

[captarheel]

will try right now.

[captarheel]

I have removed both Firefox and Chrome from the Control Panel - Remove a Program, and run OTL from the desktop, but still get the same Linst Index Out of Bounds - 433 message when it gets to 'scanning Chrome settings'

[MrCharlie]

OK, I didn't mean that it would fix the OTL problem, rather it would fix your original problem of:

being attacked by 208.73.210.29


Reinstall Chrome and /or FF and see what happens.

MrC

[captarheel]

I removed FF yesterday and reinstalled and the problem remains. Would you like me to reinstall again?

I did not remove all of my FF personal settings and bookmarks when I uninstalled.

[MrCharlie]

Quote

I did not remove all of my FF personal settings and bookmarks when I uninstalled.

That's where the problem may be, old bookmarks and RSS feeds.

Let me know, MrC

[captarheel]

so reinstall FF, then remove all?

[captarheel]

Ok. Reinstalled FF, then did a complete uninstall. Problem remains.

also, tried to re-run OTL, and it still got stuck at scanning Chrome settings and gave the List index out of bounds messge.

[captarheel]

I reinstalled Chrome then uninstalled it again. After the second uninstall, i ran OTL and was able to get a full scan. Txt file attached

[captarheel]

also realized you might want the Extras report from OTL as well. Attached:

[MrCharlie]

OK, I'm working off my backup machine cause my main computer died!

Like I said before, I saw someone say a week or so ago that this infection was caused by a bookmark or RSS feed in Firefox, I was reading another post on this forum this morning and it looks like that's exactly what the problem was.
So take a look at your bookmarks in FF and delete any strange ones.

Here's the link to the post I was referring to:

http://forums.malwar...ndpost&p=547206

=============================

For OTL.....

Please do this:
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  [2011/11/22 06:43:04 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\BaammH66sW
  [2011/11/22 06:42:54 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\nSSS11ivD
  [2011/11/22 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\O6dWW77fL9gXjYe
  [2011/11/22 07:16:07 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\OfEELL9gTZqjC
  [2011/11/22 06:43:03 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\OPPP0uucS1ib3oG
  [2011/11/22 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\oxA00vv2ibFpGaQ
  [2011/11/22 06:42:53 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\wNttxxA0ucS2b
  :Commands
  [EMPTYJAVA]
  [emptytemp]
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Reboot and let me know, MrC

[captarheel]

Thanks. I have completely uninstalled FF and all personal settings. There is no application to open or bookmarks to check.

I opened OTL and pasted the fix you asked me to run. Here are the results:



OTL by OldTimer - Version 3.2.42.1 log created on 04292012_134702
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

[captarheel]

I was asked to reboot and did so.

The MBAM pop up box is still occasionally appearing saying MBAM blocked access to a potentially malicious site with the same IP address -- 208.73.210.29

Sorry to hear about your main machine -- hopefully it can be resurrected!

[MrCharlie]

Looks like you didn't enter the code correctly:

Here it is:

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2011/11/22 06:43:04 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\BaammH66sW
[2011/11/22 06:42:54 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\nSSS11ivD
[2011/11/22 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\O6dWW77fL9gXjYe
[2011/11/22 07:16:07 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\OfEELL9gTZqjC
[2011/11/22 06:43:03 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\OPPP0uucS1ib3oG
[2011/11/22 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\oxA00vv2ibFpGaQ
[2011/11/22 06:42:53 | 000,000,000 | ---D | M] -- C:\Users\Craig Parker\AppData\Roaming\wNttxxA0ucS2b
:Commands
[EMPTYJAVA]
[emptytemp]

MrC

[captarheel]

oops. Ok. Re-ran. Here is the log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

File PTYJAVA] not found.
File ptytemp] not found.

OTL by OldTimer - Version 3.2.42.1 log created on 04292012_135937
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

[captarheel]

MBAM pop up box still appearing -- man, you weren't kidding when you said this was hard to get rid of!

[MrCharlie]

Did you look at the FF bookmarks as I asked??

MrC

[captarheel]

I just reinstalled Firefox, but there are absolutely no bookmarks or anything else left after I uninstalled everything yesterday.