Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Blocking Malware (NEW TOPIC)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet Blocking Malware (NEW TOPIC)

Unread postby luckyguy457321 » July 30th, 2011, 9:42 am

NEW TOPIC, because my old topic replied to improperly here: viewtopic.php?f=11&p=587025#p587025
Internet Blocking Malware
I have tried scanning with Malwarebytes' scanner. The first time it did pick up and clean some viruses, but I'm still getting it's symptoms.
The virus crashes internet explorer, and google chrome cannot navigate to any website. So I'm using a flash drive to transfer the logs and files to the infected computer. I have autorun turned off, and my not infected laptop should be safe... I hope.
Pasting the logs

DDS.txt file
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by BenBen at 18:15:44 on 2011-07-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.3326.1895 [GMT 8:00]
.
AV: ZoneAlarm Security Suite Antivirus *Enabled/Outdated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Documents and Settings\Ben Ben\Application Data\Dropbox\bin\Dropbox.exe
F:\ZLu.exe
C:\WINDOWS\system32\dumprep.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [CAP3ON] c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: e:\docume~1\benben~1\startm~1\programs\startup\dropbox.lnk - e:\documents and settings\ben ben\application data\dropbox\bin\Dropbox.exe
dPolicies-explorer: NoSetFolders = 1 (0x1)
dPolicies-explorer: NoFavoritesMenu = 1 (0x1)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: imslsp.dll
LSP: c:\windows\system32\zonelabs\vetredir.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 1040526406
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{636CF6E5-F379-48A8-90C2-B4F155C14351} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-5-31 21605]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-5-31 15668]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-5-31 114856]
R1 VETMONNT;VET File and Macro Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-5-31 896472]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-31 270672]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-10-17 41272]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]
S4 CAISafe;CA ISafe;c:\windows\system32\zonelabs\isafe.exe [2009-5-31 184320]
S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-4 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
S4 TeamViewer4;TeamViewer 4;"e:\documents and settings\ben ben\temp\teamviewer\version4\teamviewer_service.exe" -service --> e:\documents and settings\ben ben\temp\teamviewer\version4\TeamViewer_Service.exe [?]
.
=============== File Associations ===============
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-07-19 02:27:48 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-07-19 02:22:59 -------- d-----w- c:\windows\system32\bits
2011-07-19 02:21:33 -------- d-----w- c:\windows\ServicePackFiles
2011-07-19 02:21:24 294912 ------w- c:\program files\windows media player\dlimport.exe
2011-07-19 02:21:20 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-07-19 02:19:21 19569 ----a-w- c:\windows\002760_.tmp
2011-07-19 02:19:16 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-07-19 02:17:46 -------- d-----w- c:\windows\EHome
2011-07-19 01:55:57 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-07-19 01:55:57 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-07-19 01:55:57 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-07-19 01:55:57 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-07-19 01:55:56 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-07-19 01:29:37 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-18 15:27:42 208896 ----a-w- c:\windows\MBR.exe
2011-07-18 15:26:37 388608 ----a-w- c:\windows\system32\CF16267.exe
2011-07-18 15:21:22 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-07-17 17:17:51 54016 ----a-w- c:\windows\system32\drivers\lposkj.sys
2011-07-17 13:02:32 -------- d-----w- c:\program files\Object
2011-07-17 12:58:37 17280 ----a-w- c:\windows\system32\roboot.exe
2011-07-15 00:16:34 -------- d-----w- C:\Riot Games
.
==================== Find3M ====================
.
2011-07-06 11:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 11:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2011-05-03 20:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 18:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 18:17:00.53 ===============

attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/31/2009 1:15:45 PM
System Uptime: 7/30/2011 4:24:02 PM (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA770-DS3
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket M2 | 2210/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 22.401 GiB free.
D: is FIXED (NTFS) - 84 GiB total, 65.037 GiB free.
E: is FIXED (NTFS) - 90 GiB total, 48.7 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: nVidia WDM Video Capture (universal)
Device ID: DISPLAY\NVCAP\5&3B8591C7&0&CA000002&01&00
Manufacturer: nVidia
Name: nVidia WDM Video Capture (universal)
PNP Device ID: DISPLAY\NVCAP\5&3B8591C7&0&CA000002&01&00
Service: nvcap
.
==== System Restore Points ===================
.
RP157: 7/16/2011 12:59:33 PM - System Checkpoint
RP158: 7/17/2011 11:36:41 PM - System Checkpoint
RP159: 7/18/2011 11:01:17 AM - Installed Java(TM) 6 Update 26
RP160: 7/19/2011 10:19:25 AM - Installed Windows XP Service Pack 3.
RP161: 7/19/2011 10:24:55 AM - Installed Windows XP KB967715.
.
==== Installed Programs ======================
.
3dsmax ancillary install
7-Zip 9.20
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.2
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Age of Mythology
Apple Software Update
Autodesk 3ds Max 9 32-bit
Autodesk DWF Viewer 7
Backburner
Canon LASER SHOT LBP-1120
Chaotic
DMIView B7.0108.01
Dropbox
Dual-Core Optimizer
ESET Online Scanner v3
Face_Wizard B07.0509.01
Facetheme
FBX Plugin 2006.08 for Max 9.0
Fiesta
FileZilla Client 3.3.2.1
Fraps
Free Download Manager 3.0
Game Maker 8.0
GCFScape 1.7.5
Google Chrome
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Office (KB950278)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
i-Cool
Iron Man
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 24
Junk Mail filter update
League of Legends
Malwarebytes' Anti-Malware version 1.51.1.1800
MapleStory
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.3
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MSVCRT
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
muveeNow 2.1
Notepad++
NVIDIA Drivers
NVIDIA nTune
NVIDIA PhysX
NVIDIA WDM Drivers
OpenAL
Paint.NET v3.5.4
Pando Media Booster
PDF Settings
QuickTime
Realtek High Definition Audio Driver
Segoe UI
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Steam
TeamViewer 4
TortoiseSVN 1.6.10.19898 (32 bit)
Tweak Manager 2.1
Unity Web Player
Unlocker 1.8.7
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows XP (KB967715)
VLC media player 1.1.11
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
XpertVision 6.1
Xvid Video Codec
ZoneAlarm Security Suite
.
==== Event Viewer Messages From Past Week ========
.
7/28/2011 5:53:04 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
.
==== End Of File ===========================

Thank-you for your help!

Edit:
  • Made Sections Easier to spot
  • Removed the 'code' tags around the logs
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia
Advertisement
Register to Remove

Re: Internet Blocking Malware (NEW TOPIC)

Unread postby Carolyn » July 30th, 2011, 2:42 pm

ZB
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 306 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware