Results 1 to 3 of 3
  1. #1
    Member
    Join Date
    Aug 2009
    Posts
    1
    Points
    0

    Default Posting this because cant open valid sites

    From about a week ago using either IE or Mozilla (latest versions) my computer running XP (fully up todate) on a wi-fi link to my router on a fast internet fixed line stopped being able to access a couple of valid sites (book reviews, book clubs, free ebook and book recommendations - BookArmy and Issuu - You Publish) I have tried everything the experts have told me including resetting router, running scans, setting IP in TCP/IP, etc etc to no avail. ISSUU site times out and bookarmy returns their logo from their site but fails to fully open. These sites are not blocked, (I have checked the list) and even if I close down McAfee and windows defender the sites still dont open....

    The weird thing is if I connect (same computer) via a plug in USB 3G device linking over a SIM card (mobile phone network) from the same computer I can access these sites perfectly normally.

    here are the results of my scan:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:15:32, on 10/08/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Archivos de programa\a-squared Free\a2service.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Archivos de programa\Archivos comunes\GtFlashSwitch\GtFlashSwitch.exe
    C:\Archivos de programa\Java\jre6\bin\jqs.exe
    C:\Archivos de programa\McAfee\Common Framework\FrameworkService.exe
    C:\Archivos de programa\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Archivos de programa\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\StkASv2K.exe
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\McAfee\Common Framework\UdaterUI.exe
    C:\Archivos de programa\McAfee\Common Framework\McTray.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Archivos de programa\Java\jre6\bin\jusched.exe
    C:\Archivos de programa\Binatone Internet Phone\BinatoneInternetPhone.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Archivos de programa\Shrink Pic\shrink_pic.exe
    C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Archivos de programa\Mozilla Firefox\firefox.exe
    C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =

    Internet Explorer Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =

    Search Assistant
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    Internet Explorer Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    Search Assistant
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de

    programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

    {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

    Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Archivos de

    programa\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión -

    {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft

    Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} -

    C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos

    de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

    C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de

    programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Archivos de programa\McAfee\VirusScan

    Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\McAfee\Common

    Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader

    9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Archivos de programa\ANI\ANIWZCS2

    Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware

    7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S1A2.tmp"

    /EF "HKCU"
    O4 - HKCU\..\Run: [BinatoneInternetPhone] C:\Archivos de programa\Binatone Internet

    Phone\BinatoneInternetPhone.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO

    LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de

    red')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Shrink Pic.lnk = C:\Archivos de programa\Shrink Pic\shrink_pic.exe
    O4 - Global Startup: AutorunsDisabled
    O8 - Extra context menu item: Add to Google Photos Screensa&ver -

    res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append to existing PDF - res://C:\Archivos de

    programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Archivos de

    programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Archivos de

    programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Archivos de

    programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Archivos de

    programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Archivos de

    programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Archivos de

    programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Archivos de

    programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de

    programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Archivos de programa\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.adl.es
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

    http://cdn.scan.onecare.live.com/res...scbase8300.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

    C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: bacbfdebbefae - C:\WINDOWS\
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Archivos de

    programa\a-squared Free\a2service.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Archivos de

    programa\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de programa\Grisoft\AVG

    Anti-Spyware 7.5\guard.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de

    programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GtFlashSwitch - OptionNV - C:\Archivos de programa\Archivos

    comunes\GtFlashSwitch\GtFlashSwitch.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de

    programa\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

    C:\Archivos de programa\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Archivos de

    programa\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Archivos de

    programa\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Archivos de

    programa\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Archivos de

    programa\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. -

    C:\WINDOWS\System32\StkASv2K.exe

    --
    End of file - 11321 bytes

  2. #2
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default

    Please read and follow the instructions given here SPYWARE FORUM CLOSED temporarily for summer vacations . In addition, you are running two anti virus programs. Running two can cause problems, so it is recommended to uninstall one of them. Your AVG is an old version and should be uninstalled anyway, use their uninstall tool AVG Removal tool . If McAfee is up-to-date keep it, if not, suggest you uninstall this too as it is a major resource hog. We suggest the free versions of either Avast or Avira AntiVir .


  3. #3
    Member MrDarn's Avatar
    Join Date
    Jul 2007
    Location
    South East Northumberland
    Posts
    2,949
    Points
    557

    Default

    Here is a quote from another Malware removal site:
    According to researchers contacted by Security Fix, recent versions of the ubiquitous "Zlob" Trojan (also known as DNSChanger) will check to see if the victim uses a wireless or wired hardware router. If so, it tries to guess the password needed to administer the router by consulting a built-in list of default router username/password combinations. If successful, the malware alters the victim's domain name system (DNS) records so that all future traffic passes through the attacker's network first.
    Make sure your helper is aware of the fact you connect through a router.

    Also, turn off word wrap when copying your log by clicking format on the top row, then unchecking the WordWrap option. it makes it easier to read
    Always remember you're unique.


    ...Just like everyone else!
    If your problem is solved, here's how to say thanks!

    Windows XP
    Windows Vista
    Windows 7