Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

IE can't connect to Internet, Chrome works

(In Progress)
(!)

nlsriram's Avatar
nlsriram nlsriram is offline
Junior Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2011
26-Mar-2011, 01:09 PM #1
IE can't connect to Internet, Chrome works
IE stopped working, and I even went back to SP2, unistalled IE8, and IE7, but even with the original IE6, Internet Explorer will not connect to any website. Running network diagnostics gives the message to check firewall settings for http, https and ftp, but even with Windows firewall disabled, it is the same. The AT&T U-verse modem box seems to have a firewall, not sure how to disable that, but other computers connected to the same box are running fine. The following is the log from HijackThis, any advice would be greatly appreciated.

Chrome works without any problems, but Firefox does not open at all, with cpu usage at 100%, so I have to kill the task to recover.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:09:02 PM, on 3/26/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\silex technology\SX Virtual Link\Connect.exe
C:\Program Files\Apoint\Apntex.exe
D:\Profiles\rf\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\rf\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\rf\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\rf\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\rf\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\rf\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Profiles\rf\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 antispy.microsoft.com
O1 - Hosts: 209.44.111.62 antiaware-pro.com
O1 - Hosts: 209.44.111.62 www.antiaware-pro.com
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [CSCLogonInfo] C:\WINDOWS\UsrLogon.exe
O4 - HKLM\..\Run: [CSCAdvantage] "C:\Program Files\Help Desk\CSCAdv.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [atipta] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [adobe reader speed launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [adaptecdirectcd] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [acrobat assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SX Virtual Link.lnk = C:\Program Files\silex technology\SX Virtual Link\Connect.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\Browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McciServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciServiceHost.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Uwin Master (UWIN_MS) - Unknown owner - C:\usr\etc\ums.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8560 bytes

Last edited by nlsriram; 26-Mar-2011 at 01:17 PM..
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,317 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
26-Mar-2011, 02:36 PM #2
Your Hosts file is showing evidence of a malware infestation.

I would click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. The malware removal experts are very busy! You should get an answer within the next 48 hours.
__________________

• Please read instructions and questions carefully, and reply in a timely manner... Thank you.

• Why don't you just Google it?
• If your problem is solved, please click on the Mark Solved button.
nlsriram's Avatar
nlsriram nlsriram is offline
Junior Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2011
26-Mar-2011, 11:12 PM #3
Malwarebytes indicated some problems, but correcting them did not solve the issue. The attached zip file has the text files and log, I have requested that the thread be moved.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,307 posts.
 
Join Date: Mar 2001
Location: Bradford, England
28-Mar-2011, 06:22 PM #4
Hiya

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
nlsriram's Avatar
nlsriram nlsriram is offline
Junior Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2011
28-Mar-2011, 07:09 PM #5
I have Symantec Endpoint Protection, but even after disabling it, the ComboFix program says that it is still running! The icon has the red circle and diagonal bar, but when I open the SEP, the Proactive Threat Protection is still ON, I don't see any way of turning it OFF. If I try to change its settings, the Intrusion Protection tab has three items - Intrusion Prevention, Denial of service detection, and Port scan detection, all of which are enabled, but grayed out.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,307 posts.
 
Join Date: Mar 2001
Location: Bradford, England
28-Mar-2011, 07:17 PM #6
I'm assuming ComboFix didn't run all the way thru and produce a log

Okay, lets have a look at this for now, and we'll look at the Symantec problem later

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

eddie
nlsriram's Avatar
nlsriram nlsriram is offline
Junior Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2011
28-Mar-2011, 08:17 PM #7
Text files attached.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,307 posts.
 
Join Date: Mar 2001
Location: Bradford, England
31-Mar-2011, 05:53 PM #8
Please run the MGA Diagnostic Tool and post back the report it shall produce:
  1. Download MGADiag to your desktop.
  2. Double-click on MGADiag.exe to launch the program
  3. Click "Continue"
  4. Ensure that the "Windows" tab is selected (it should be by default).
  5. Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  6. Paste the MGA Diagnostic Report back here in your next reply.


eddie
nlsriram's Avatar
nlsriram nlsriram is offline
Junior Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2011
01-Apr-2011, 09:42 AM #9
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-9GY7D-4B8R3-Q4B3G
Windows Product Key Hash: ONblB3zWEm/xbqbq5QO77c9fttE=
Windows Product ID: 55274-640-0782981-23163
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: {B48CE662-FC77-4AF5-A58B-5235D82E2B6D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: D:\Profiles\rf\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B48CE662-FC77-4AF5-A58B-5235D82E2B6D}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-Q4B3G</PKey><PID>55274-640-0782981-23163</PID><PIDType>1</PIDType><SID>S-1-5-21-1621821889-2008434891-2973179415</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Precision M20 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="3"/><Date>20051002000000.000000+000</Date></BIOS><HWID>F2163007018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>1</stat><msppid></msppid><name>Computer Sciences Corporation</name><model>Windows XP Professional SOE</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>2A3EAAC5612D00</Val><Hash>2MaYpR22WdJAJd4ajWy/mnLQ+zs=</Hash><Pid>73931-640-3762325-57275</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 17B86ell Inc|17B86:Microsoft Corporation
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A


This pc was originally on a domain, and got switched to a workgroup later, would that have caused any issues with policies, etc.?
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,307 posts.
 
Join Date: Mar 2001
Location: Bradford, England
01-Apr-2011, 12:02 PM #10
It shouldn't cause a problem, but is this a work's computer?

Can you run this one as well, forgot to add it before..

Please download and run WVCheck.
  • Double-click WVCheck.exe.
  • As indicated by the prompt, this program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the Notepad file as a reply.
nlsriram's Avatar
nlsriram nlsriram is offline
Junior Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2011
01-Apr-2011, 01:37 PM #11
It used to be one, but is personal now. Log from WVCheck is as follows:

Windows Validation Check
Version: 1.9.11.5
Log Created On: 1233_01-04-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 2
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Do not download or install updates automatically.
-----------------------
Last Success Time for Update Detection: 2011-03-26 22:35:23
Last success time for Automatic Updates for 'Detect', 'Download' and 'Install' could not be found.


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
Line: 209.44.111.62 antispy.microsoft.com
Matched: *microsoft.com*
-----------------------


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b409909f6e2e8a7067076ed748abf1e7


-------- End of File, program close at 1234_01-04-2011 --------
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,307 posts.
 
Join Date: Mar 2001
Location: Bradford, England
02-Apr-2011, 07:21 PM #12
Okay, can you firstly do this for me:

Download the HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Afterwards, can you post a fresh OTL log. It will only produce the one, so don't worry when two don't pop up this time

eddie
nlsriram's Avatar
nlsriram nlsriram is offline
Junior Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2011
02-Apr-2011, 07:50 PM #13
I don't know what Hosts files are, so ignored the

Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

OTL file is attached.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,307 posts.
 
Join Date: Mar 2001
Location: Bradford, England
04-Apr-2011, 01:15 PM #14
Just going back to this part:

Quote:
I have Symantec Endpoint Protection, but even after disabling it, the ComboFix program says that it is still running
Did ComboFix run all the way thru, or did it stop? The log will be in your C drive, called ComboFix.txt

eddie
nlsriram's Avatar
nlsriram nlsriram is offline
Junior Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2011
05-Apr-2011, 09:05 PM #15
There was a warning message about the pc getting damaged and not being able to reboot if I continued, so I did not run the program.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑