cannot display google nor facebook pages, must hard coded DNS entries

[Raj]

I am trying to troubleshooting my sister's Windows XP desktop remotely, the PC's browsers (IE8 and FF) would not allow to access to google.com and facebook.com pages. It has no problem access yahoo.com and etc.. This PC was working fine previously.

After much troubleshooting, the workaround I found was to hard coded DNS servers onto TCP/IP properties, removing this entries to auto-detect DNS server (from adsl router) caused the access problem to return.

nslookup returned correct entries for google.com but random ip address for facebook.com.

Other PCs on the same wireless network did not exhibit the same problem.

I had scanned using Malwarebytes and Symantec Corporate Antivirus, and Spybot scanner with nothing found.

I have captured HiJackThis, DDS, and gmer log files. But I have not enough knowledge to interpret these logs.

Be appreiciated if someone will assist to nail down this problem.

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

[Raj]

<p>Thanks for looking into this topic screen317.</p>

<p> </p>

<p>Here is the dds.txt</p>

<p> </p>

<p> </p>

<div>.</div>

<div>DDS (Ver_2011-08-26.01) - NTFSx86 </div>

<div>Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21</div>

<div>Run by User at 15:35:54 on 2012-08-09</div>

<div>Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.735 [GMT 8:00]</div>

<div>.</div>

<div>AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}</div>

<div>FW: Symantec Client Firewall *Enabled* </div>

<div>.</div>

<div>============== Running Processes ===============</div>

<div>.</div>

<div>C:\WINDOWS\system32\svchost -k DcomLaunch</div>

<div>svchost.exe</div>

<div>C:\WINDOWS\System32\svchost.exe -k netsvcs</div>

<div>svchost.exe</div>

<div>svchost.exe</div>

<div>C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe</div>

<div>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe</div>

<div>C:\WINDOWS\Explorer.EXE</div>

<div>C:\Program Files\Common Files\Symantec Shared\ccProxy.exe</div>

<div>C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe</div>

<div>C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe</div>

<div>C:\WINDOWS\system32\spoolsv.exe</div>

<div>svchost.exe</div>

<div>C:\Program Files\BUFFALO\Backup_Utility\BUService.exe</div>

<div>C:\Program Files\BUFFALO\Backup_Utility\BUVSSServiceXP.exe</div>

<div>C:\Program Files\BUFFALO\SLManagerEasy\Bufssvr.exe</div>

<div>C:\Program Files\BUFFALO\SLManagerEasy\Inputps.exe</div>

<div>C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe</div>

<div>C:\Program Files\Java\jre6\bin\jqs.exe</div>

<div>C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe</div>

<div>C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</div>

<div>C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe</div>

<div>C:\WINDOWS\system32\svchost.exe -k imgsvc</div>

<div>C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe</div>

<div>C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe</div>

<div>C:\WINDOWS\System32\svchost.exe -k HTTPFilter</div>

<div>C:\WINDOWS\RTHDCPL.EXE</div>

<div>C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe</div>

<div>C:\Program Files\Common Files\Symantec Shared\ccApp.exe</div>

<div>C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe</div>

<div>C:\Program Files\Brother\ControlCenter3\brccMCtl.exe</div>

<div>C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe</div>

<div>C:\Program Files\BUFFALO\BuffaloTools\BuffaloTools.exe</div>

<div>C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe</div>

<div>C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe</div>

<div>C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe</div>

<div>C:\WINDOWS\system32\ctfmon.exe</div>

<div>C:\Program Files\Logitech\Logitech Vid\vid.exe</div>

<div>C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe</div>

<div>C:\Program Files\Mozilla Firefox\firefox.exe</div>

<div>C:\Program Files\Mozilla Firefox\plugin-container.exe</div>

<div>C:\Program Files\TeamViewer\Version7\TeamViewer.exe</div>

<div>C:\Program Files\TeamViewer\Version7\tv_w32.exe</div>

<div>c:\program files\teamviewer\version7\TeamViewer_Desktop.exe</div>

<div>.</div>

<div>============== Pseudo HJT Report ===============</div>

<div>.</div>

<div>uStart Page = hxxp://thestar.com.my/</div>

<div>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll</div>

<div>BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll</div>

<div>BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File</div>

<div>BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll</div>

<div>BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll</div>

<div>uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe</div>

<div>uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode</div>

<div>mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32</div>

<div>mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC</div>

<div>mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC</div>

<div>mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName</div>

<div>mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"</div>

<div>mRun: [RTHDCPL] RTHDCPL.EXE</div>

<div>mRun: [Alcmtr] ALCMTR.EXE</div>

<div>mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot</div>

<div>mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"</div>

<div>mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini</div>

<div>mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN</div>

<div>mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun</div>

<div>mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"</div>

<div>mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe</div>

<div>mRun: [pdfFactory Pro Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM</div>

<div>mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray</div>

<div>mRun: [buffaloTools] c:\program files\buffalo\buffalotools\BuffaloTools.exe</div>

<div>mRun: [backup Utility TaskTray Tool] "c:\program files\buffalo\backup_utility\BUTray.exe"</div>

<div>mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide</div>

<div>mRun: [Device Detector] DevDetect.exe -autorun</div>

<div>mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k</div>

<div>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200</div>

<div>IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000</div>

<div>IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe</div>

<div>IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe</div>

<div>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab</div>

<div>DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab</div>

<div>DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab</div>

<div>DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab</div>

<div>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab</div>

<div>TCP: DhcpNameServer = 192.168.1.1</div>

<div>TCP: Interfaces\{6D5A81A3-4D75-4384-9575-1190EBACD785} : NameServer = 208.67.222.222,208.67.220.220</div>

<div>TCP: Interfaces\{6D5A81A3-4D75-4384-9575-1190EBACD785} : DhcpNameServer = 192.168.1.1</div>

<div>TCP: Interfaces\{70320C63-277F-494D-BCB0-2E2D3E4E4847} : DhcpNameServer = 128.168.188.8</div>

<div>TCP: Interfaces\{F1564CFB-6E1B-4F84-9273-B242620F230B} : DhcpNameServer = 128.168.188.8</div>

<div>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL</div>

<div>Notify: igfxcui - igfxdev.dll</div>

<div>Notify: NavLogon - c:\windows\system32\NavLogon.dll</div>

<div>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll</div>

<div>SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll</div>

<div>.</div>

<div>================= FIREFOX ===================</div>

<div>.</div>

<div>FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\y60g3djd.default\</div>

<div>FF - prefs.js: browser.startup.homepage - hxxp://www.klse.com.my/website/bm/market_information/|http://www.thestar.com.my|http://www.nst.com.my/</div>

<div>FF - prefs.js: network.proxy.type - 0</div>

<div>FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll</div>

<div>FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll</div>

<div>FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll</div>

<div>FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll</div>

<div>FF - plugin: c:\program files\google\picasa3\npPicasa3.dll</div>

<div>FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll</div>

<div>FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll</div>

<div>FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll</div>

<div>FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll</div>

<div>.</div>

<div>============= SERVICES / DRIVERS ===============</div>

<div>.</div>

<div>R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]</div>

<div>R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]</div>

<div>R2 BFBackupUtilityService;Backup Utility Service;c:\program files\buffalo\backup_utility\buservice.exe -service_execute --> c:\program files\buffalo\backup_utility\BUService.exe -Service_Execute [?]</div>

<div>R2 BFBackupUtilityVSSService;Backup Utility VSS Service for Windows XP;c:\program files\buffalo\backup_utility\buvssservicexp.exe -service_execute --> c:\program files\buffalo\backup_utility\BUVSSServiceXP.exe -Service_Execute [?]</div>

<div>R2 bufssvr;bufssvr;c:\program files\buffalo\slmanagereasy\Bufssvr.exe [2010-3-12 90112]</div>

<div>R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]</div>

<div>R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-7-19 202400]</div>

<div>R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]</div>

<div>R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-5 655944]</div>

<div>R2 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2006-9-27 116464]</div>

<div>R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]</div>

<div>R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-1 106656]</div>

<div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-5 22344]</div>

<div>R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120808.004\naveng.sys [2012-8-9 87928]</div>

<div>R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120808.004\navex15.sys [2012-8-9 1589752]</div>

<div>S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-8-6 116648]</div>

<div>S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-8 250056]</div>

<div>S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-8-6 116648]</div>

<div>S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 113120]</div>

<div>.</div>

<div>=============== Created Last 30 ================</div>

<div>.</div>

<div>2012-08-09 02:11:20<span class="Apple-tab-span" style="white-space:pre"> </span>770384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\msvcr100.dll</div>

<div>2012-08-09 02:11:20<span class="Apple-tab-span" style="white-space:pre"> </span>421200<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\msvcp100.dll</div>

<div>2012-08-06 09:22:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Trend Micro</div>

<div>2012-08-04 14:46:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Spybot - Search & Destroy</div>

<div>2012-08-04 14:46:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\Spybot - Search & Destroy</div>

<div>2012-08-04 11:13:05<span class="Apple-tab-span" style="white-space:pre"> </span>711240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\is-KGUNS.exe</div>

<div>.</div>

<div>==================== Find3M ====================</div>

<div>.</div>

<div>2012-08-04 11:07:00<span class="Apple-tab-span" style="white-space:pre"> </span>70344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div>

<div>2012-08-04 11:07:00<span class="Apple-tab-span" style="white-space:pre"> </span>426184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerApp.exe</div>

<div>2012-07-03 05:46:44<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2012-06-13 13:19:59<span class="Apple-tab-span" style="white-space:pre"> </span>1866112<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div>

<div>2012-06-05 15:50:25<span class="Apple-tab-span" style="white-space:pre"> </span>1372672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml6.dll</div>

<div>2012-06-05 15:50:25<span class="Apple-tab-span" style="white-space:pre"> </span>1172480<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml3.dll</div>

<div>2012-06-04 04:32:08<span class="Apple-tab-span" style="white-space:pre"> </span>152576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\schannel.dll</div>

<div>2012-06-02 07:19:44<span class="Apple-tab-span" style="white-space:pre"> </span>22040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wucltui.dll.mui</div>

<div>2012-06-02 07:19:38<span class="Apple-tab-span" style="white-space:pre"> </span>219160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaucpl.cpl</div>

<div>2012-06-02 07:19:38<span class="Apple-tab-span" style="white-space:pre"> </span>15384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaucpl.cpl.mui</div>

<div>2012-06-02 07:19:34<span class="Apple-tab-span" style="white-space:pre"> </span>15384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapi.dll.mui</div>

<div>2012-06-02 07:19:30<span class="Apple-tab-span" style="white-space:pre"> </span>17944<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaueng.dll.mui</div>

<div>2012-05-31 13:22:09<span class="Apple-tab-span" style="white-space:pre"> </span>599040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SET45.tmp</div>

<div>2012-05-31 13:22:09<span class="Apple-tab-span" style="white-space:pre"> </span>599040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\crypt32.dll</div>

<div>2012-05-16 15:08:26<span class="Apple-tab-span" style="white-space:pre"> </span>916992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wininet.dll</div>

<div>2012-05-11 14:42:33<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\licmgr10.dll</div>

<div>2012-05-11 14:42:33<span class="Apple-tab-span" style="white-space:pre"> </span>1469440<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\inetcpl.cpl</div>

<div>2012-05-11 11:38:02<span class="Apple-tab-span" style="white-space:pre"> </span>385024<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\html.iec</div>

<div>2004-03-11 05:27:22<span class="Apple-tab-span" style="white-space:pre"> </span>40960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Uninstall_CDS.exe</div>

<div>.</div>

<div>============= FINISH: 15:36:35.32 ===============</div>

<div> </div>

[Raj]

Just check if those <div> characters are showing up again.

[Raj]

Almost forgotten, here is the MBAM log:

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.09.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

User :: ASPIREM1610 [administrator]

Protection: Enabled

8/9/2012 6:10:36 PM

mbam-log-2012-08-09 (18-10-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 180741

Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[screen317]

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

[Raj]

Hi screen317,

Please be patient whilst I try to run ComboFix on the PC remotely. It seems ComboFix disconnect my Teamviewer session everytime I run it, and my sister on the side of the world still trying to work out my Combofix instructions after 2 days of trying!!!! Will post result once I successful run Combofix.

[screen317]

Hi,

Thanks for the update. ComboFix disconnects the Internet temporarily so it's not surprising that TeamViewer disconnects.

[Raj]

Still trying to get this ComboFix scan going . ....my sister is impossible ...

Any alternative to ComboFix?

[screen317]

What is the issue? Tell her to double-click on it and it will do everything by itself...

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!