[pimentointhesky]

Okay, so there is one specific website that will not work for me: www.ninjavideo.net. I have probably gotten all errors possible from it and tried everything humanly possible to remedy this. I really need help! Here are the basic issues:
For a while, when I accessed the website, it would either:
-Redirect me to an unwanted page (porn, ad sites, etc.)
or
-Say it was loading for a really long time and then say "Done" in the left bottom corner when all it was showing me was a blank white page.

I then posted to this website on this forum and tried every remedy offered:
http://forums.techguy.org/web-email/...te-issues.html

After none of that worked, I got frustrated and Googled like hell. Somewhere it said that it could be a result of my antivirus, so I immediately uninstalled my trial version of avast! I was then able to access the website. Yay! I watched an episode of Glee and then the following happened:
I tried to click on a link to another TV show and was either
-Given a '404 not found' error
or
-Told that the connection was interrupted.

I then went and Googled those issues extensively and tried everything that was suggested (within what I could understand because I'm probably at the "Computers for Dummies" level).

I don't know what caused it, but I was able to watch another episode. Then, as soon as I was done watching it and went to click another link, I got 404s and "connection interrupted"s again. I decided the leave the site alone for awhile.

I tried again today and was re-directed to an ad website. Back to the drawing board!

Please help, this is more annoying than any other technology issue I've ever dealt with.

Thanks!

[pimentointhesky]

I just got it to work again like an hour ago after installing AVG and wiping out all my bad cookies and such. Maybe that helped? Either way it worked for like an hour and then when I tried to open another video it kept loading and then spazzing... Like in the bottom left-hand corner where it says "Loading such and such" it was like "Loading, Waiting, Stopped" but over and over again really fast and ultimately nothing would happen on the page.

So I still need help! Please reply!

[dotty999]

AVG isn't as reliable as Avast, rather than the trial version, you'd be better just using the free version, it's far more accurate than AVG.
I take it you've done malware scans? Malwarebytes is one of the best if you haven't already tried it, you should also run a virus scan, there are several online scans to choose from if you don't want to use Avast, I'd still recommend getting rid of AVG though

[Phantom010]

Do you recognize these IP addresses?

O17 - HKLM\System\CCS\Services\Tcpip\..\{C966F92B-F884-40CE-8096-7E5FAFC26918}: NameServer = 85.255.112.211,85.255.112.149
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2BCF821-38A1-4B93-8A08-CC25C122FAC5}: NameServer = 85.255.112.211,85.255.112.149
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.211,85.255.112.149
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.211,85.255.112.149
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.211,85.255.112.149


Are you familiar with RIPE Network Coordination Centre?

[pimentointhesky]

Sorry, but I don't really know how to check whether or not I recognize those IPs or not? And no I'm not familiar with RIPE.

Sorry, I'm not hopeless, I promise, I've just never worked with IPs before.

[Phantom010]

I don't trust those 017 entries as the IP addresses point to RIPE in Amsterdam. This could have been added by malware to redirect you to another server.

I would click on the Report button and kindly ask for a malware removal expert's advice.

[pimentointhesky]

it says that that function isn't supposed to be used for help with technical issues. i did it anyway, but that probably hinders my chances of getting a response.

[dvk01]

Download to Desktop: DDS by sUBs from one of these locations:

http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

double click DDS.scr to run

When complete, DDS.txt will open.

Click Yes for Optional Scan.
Save both reports to your desktop.
DDS.txt
Attach.txt

Attach the contents of both logs back here.

=====
GMER:
=====

Download GMER Rootkit Scanner from here or here.

Ensure you have uninstalled any CD Emulation programs before you run GMER as outlined here

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe.
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  
• Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[pimentointhesky]

Whenever I open DDS, the window shows up for like 5 seconds and then closes itself.

[pimentointhesky]

I did the rootkit thing though.

[dvk01]

post the rootkit report then

[pimentointhesky]

Whenever I try to save my results, it says it is saved successfully. I then look for it on my Desktop (where I saved it) and it is not there. I then click the Windows icon and search the file name and it does not come up. What is wrong with my computer?

[dvk01]

without logs I can't do much but try this


Please download Malwarebytes' Anti-Malware to your desktop
from HERE or HERE

Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please include this log in your next reply.

It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert)
If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot

[pimentointhesky]

Yay! This one worked!

Quote:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6001 Service Pack 1

11/23/2009 3:45:04 PM
mbam-log-2009-11-23 (15-45-04).txt

Scan type: Quick Scan
Objects scanned: 94443
Time elapsed: 8 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 9
Folders Infected: 3
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\gxvxc (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conv ert2Play (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gxvxcserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameS erver (Trojan.DNSChanger) -> Data: 85.255.112.211,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\{c966f92b-f884-40ce-8096-7e5fafc26918}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.211,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\{e2bcf821-38a1-4b93-8a08-cc25c122fac5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.211,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServe r (Trojan.DNSChanger) -> Data: 85.255.112.211,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interface s\{c966f92b-f884-40ce-8096-7e5fafc26918}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.211,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interface s\{e2bcf821-38a1-4b93-8a08-cc25c122fac5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.211,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServe r (Trojan.DNSChanger) -> Data: 85.255.112.211,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interface s\{c966f92b-f884-40ce-8096-7e5fafc26918}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.211,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interface s\{e2bcf821-38a1-4b93-8a08-cc25c122fac5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.211,85.255.112.149 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Convert2Play (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Lena (is awesome)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convert2Play (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Lena (is awesome)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Convert2Play\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\gxvxccounter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

[dvk01]

now try dds & gmer so we can see what else is there