Unable to browse to internet security websites

[funky11111]

Hi,

For the last few days, I have been unable to browse to any website even remotely associated with Security, i.e., Anti Virus/Malware websites, online anti-virus scanners or even help forums. This is such a problem that I had to use Tor to browse to this website. Please note that browsing to other sites remains completely unaffected. This led me to believe that my system may be infected so I had a go at a clean up effort using my Symantec anti-virus. I also scanned with the online scanner at Trend Micro using Tor. I have scanned with Malwarebytes as well as Spybot. Nothing has turned up and the problem remains.

I am attaching the Hijackthis log below. Can someone kindly give me a clue as to what is going on and help me clean the system up? Any help will be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:49:47 AM, on 7/22/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://imasty.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=79.135.207.155:3128

O1 - Hosts: 80.18.46.96 msnfix.changelog.fr

O1 - Hosts: 80.18.46.96 www.incodesolutions.com

O1 - Hosts: 80.18.46.96 virusinfo.prevx.com

O1 - Hosts: 80.18.46.96 download.bleepingcomputer.com

O1 - Hosts: 80.18.46.96 www.dazhizhu.cn

O1 - Hosts: 80.18.46.96 foro.noticias3d.com

O1 - Hosts: 80.18.46.96 www.spybotupdates.com

O1 - Hosts: 80.18.46.96 club.myce.com

O1 - Hosts: 80.18.46.96 www.k7computing.com

O1 - Hosts: 80.18.46.96 softwaresecuritysolutions.com

O1 - Hosts: 80.18.46.96 www.nabble.com

O1 - Hosts: 80.18.46.96 lurker.clamav.net

O1 - Hosts: 80.18.46.96 lexikon.ikarus.at

O1 - Hosts: 80.18.46.96 research.sunbelt-software.com

O1 - Hosts: 80.18.46.96 www.virusdoctor.jp

O1 - Hosts: 80.18.46.96 www.elitepvpers.de

O1 - Hosts: 80.18.46.96 guru.avg.com

O1 - Hosts: 80.18.46.96 downloads.sophos.com

O1 - Hosts: 80.18.46.96 share.skype.com

O1 - Hosts: 80.18.46.96 myantispyware.com

O1 - Hosts: 80.18.46.96 www.computerhilfen.de

O1 - Hosts: 80.18.46.96 www.superuser.co.kr

O1 - Hosts: 80.18.46.96 ntfaq.co.kr

O1 - Hosts: 80.18.46.96 v.dreamwiz.com

O1 - Hosts: 80.18.46.96 cit.kookmin.ac.kr

O1 - Hosts: 80.18.46.96 forums.whatthetech.com

O1 - Hosts: 80.18.46.96 forum.hijackthis.de

O1 - Hosts: 80.18.46.96 avg.vo.llnwd.net

O1 - Hosts: 80.18.46.96 ftp.drweb.com

O1 - Hosts: 80.18.46.96 www.zonealarm.com

O1 - Hosts: 80.18.46.96 smadaver.com

O1 - Hosts: 80.18.46.96 support.emsisoft.com

O1 - Hosts: 80.18.46.96 psychoski.blogspot.com

O1 - Hosts: 80.18.46.96 www.huaifai.go.th

O1 - Hosts: 80.18.46.96 www.mostz.com

O1 - Hosts: 80.18.46.96 www.krupunmai.com

O1 - Hosts: 80.18.46.96 www.cddchiangmai.net

O1 - Hosts: 80.18.46.96 forum.malekal.com

O1 - Hosts: 80.18.46.96 tech.pantip.com

O1 - Hosts: 80.18.46.96 sapcupgrades.com

O1 - Hosts: 80.18.46.96 www.elguruinformatico.com

O1 - Hosts: 80.18.46.96 forums.avg.com

O1 - Hosts: 80.18.46.96 zastita.com

O1 - Hosts: 80.18.46.96 foro.msgpluslive.es

O1 - Hosts: 80.18.46.96 www.247fixes.com

O1 - Hosts: 80.18.46.96 forum.sysinternals.com

O1 - Hosts: 80.18.46.96 forum.telecharger.01net.com

O1 - Hosts: 80.18.46.96 foros.softonic.com

O1 - Hosts: 80.18.46.96 avast-home.uptodown.com

O1 - Hosts: 80.18.46.96 dr-web-cureit.softonic.com

O1 - Hosts: 80.18.46.96 heavenward.ru

O1 - Hosts: 80.18.46.96 forum.smadav.net

O1 - Hosts: 80.18.46.96 www.dl4all.com

O1 - Hosts: 80.18.46.96 www.chkrootkit.org

O1 - Hosts: 80.18.46.96 diamondcs.com.au

O1 - Hosts: 80.18.46.96 www.rootkit.nl

O1 - Hosts: 80.18.46.96 www.sysinternals.com

O1 - Hosts: 80.18.46.96 z-oleg.com

O1 - Hosts: 80.18.46.96 espanol.dir.groups.yahoo.com

O1 - Hosts: 80.18.46.96 ftp01net.telechargement.fr

O1 - Hosts: 80.18.46.96 modelayu.com

O1 - Hosts: 80.18.46.96 vaksin.com

O1 - Hosts: 80.18.46.96 sf.tapuz.co.il

O1 - Hosts: 80.18.46.96 www.castlecrops.com

O1 - Hosts: 80.18.46.96 www.misec.net

O1 - Hosts: 80.18.46.96 safecomputing.umn.edu

O1 - Hosts: 80.18.46.96 www.antirootkit.com

O1 - Hosts: 80.18.46.96 www.greatis.com

O1 - Hosts: 80.18.46.96 ar.answers.yahoo.com

O1 - Hosts: 80.18.46.96 www.elhacker.org

O1 - Hosts: 80.18.46.96 research.pandasecurity.com

O1 - Hosts: 80.18.46.96 www.tpu.ro

O1 - Hosts: 80.18.46.96 www.pinoyden.com

O1 - Hosts: 80.18.46.96 forum.avira.de

O1 - Hosts: 80.18.46.96 www.tanya-it.com

O1 - Hosts: 80.18.46.96 www.rootkit.com

O1 - Hosts: 80.18.46.96 www.pctools.com

O1 - Hosts: 80.18.46.96 www.pcsupportadvisor.com

O1 - Hosts: 80.18.46.96 www.resplendence.com

O1 - Hosts: 80.18.46.96 www.personal.psu.edu

O1 - Hosts: 80.18.46.96 foro.ethek.com

O1 - Hosts: 80.18.46.96 foro.elhacker.net

O1 - Hosts: 80.18.46.96 download.zonealarm.com

O1 - Hosts: 80.18.46.96 spywarehammer.com

O1 - Hosts: 80.18.46.96 www.codelain.com

O1 - Hosts: 80.18.46.96 www.thaicert.org

O1 - Hosts: 80.18.46.96 vil.nail.com

O1 - Hosts: 80.18.46.96 search.mcafee.com

O1 - Hosts: 80.18.46.96 wwww.mcafee.com

O1 - Hosts: 80.18.46.96 download.nai.com

O1 - Hosts: 80.18.46.96 wwww.experts-exchange.com

O1 - Hosts: 80.18.46.96 www.bakunos.com

O1 - Hosts: 80.18.46.96 www.darkclockers.com

O1 - Hosts: 80.18.46.96 www2.gmer.net

O1 - Hosts: 80.18.46.96 ariefew.com

O1 - Hosts: 80.18.46.96 www.emsisoft.com

O1 - Hosts: 80.18.46.96 forum.romeonet.ro

O1 - Hosts: 80.18.46.96 www.arenajunkies.com

O1 - Hosts: 80.18.46.96 www.Merijn.org

O1 - Hosts: 80.18.46.96 www.spywareinfo.com

O1 - Hosts: 80.18.46.96 www.spybot.info

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{D39005E5-2C63-4820-8E59-6B67848890F1}: NameServer = 203.99.163.240,203.99.163.243

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 10156 bytes

[Maniac]

Hello funky11111! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

• The process of cleaning your system may take some time, so please be patient.
  
• Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  
• Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• If you don't know or can't understand something please ask.
  
• Do not install or uninstall any software or hardware, while work on.
  
• Keep me informed about any changes.
  

Please follow the instructions and post all logs if you can:

http://forums.malwarebytes.org/index.php?showtopic=9573

[funky11111]

Hello Borislav,

Thank you for your help.

I will follow the steps in the link you provided and post the results here.

Before I got your reply, in my travels, I found a microsoft support article about the hosts file and how it could reset/block websites. The advice there was to reset the hosts file to default. I followed that procedure and reset the hosts file. This resolved the issue of blocked websites for about 3 to 4 hours. Now, the blockage is back so I guess whatever is infecting my system is back doing its work. Anyway, I'll follow your advice and post as soon as possible.

Thanks again.

[AdvancedSetup]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.