Assistance Needed! - browser can't access web

[jackb]

I am running Windows XP Pro Serv. Pack 2 on my son's dell 6000 laptop. A couple of days ago he was no longer able to access the web (page not found message in Firefox). We can sucessfully Ping the same address. Everything seems to work fine in Safe Mode with Networking. It appears that there is some malware at work. This is a home system with no firewalls or proxies that I am aware of. A desktop system in the same environment (using the same wireless network) works fine. Any help that you could provide would be very much appreciated

Below you will fine the logs requested. There are 2 Malwarebytes logs (the first was a files only scan and the second was everything but the files scan). Next is the "panda" scan log followed by the HiJackThis log. The "panda" log was generated in safe mode, as that is the only way I can access the web. The other logs came from "regular" mode.

I look forward to hearing from you.

Malwarebytes' Anti-Malware 1.31

Database version: 1477

Windows 5.1.2600 Service Pack 2

12/11/2008 4:29:51 PM

mbam-log-2008-12-11 (16-29-51).txt

Scan type: Full Scan (C:\|)

Objects scanned: 67087

Time elapsed: 6 hour(s), 54 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.31

Database version: 1477

Windows 5.1.2600 Service Pack 2

12/11/2008 4:32:04 PM

mbam-log-2008-12-11 (16-32-04).txt

Scan type: Quick Scan

Objects scanned: 37682

Time elapsed: 1 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-11 22:17:50

PROTECTIONS: 1

MALWARE: 21

SUSPECTS: 1

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Norton Antivirus 2005 11.5.6 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack_ballard@atdmt[2].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@tradedoubler[2].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-2529381451-1030215601-1148067712-500\Dc55.txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@tradedoubler[1].txt

00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@centrport[1].txt

00147036 Cookie/Adverserve TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@adverserve[1].txt

00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@landing.domainsponsor[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@ad.yieldmanager[8].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@ad.yieldmanager[3].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@ad.yieldmanager[4].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@ad.yieldmanager[5].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@ad.yieldmanager[6].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-2529381451-1030215601-1148067712-500\Dc39.txt

00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@888[3].txt

00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@888[2].txt

00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@888[5].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-2529381451-1030215601-1148067712-500\Dc54.txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-2529381451-1030215601-1148067712-500\Dc41.txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack_ballard@ads.pointroll[1].txt

00173545 Cookie/Rn11 TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@rn11[2].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@adultfriendfinder[2].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma1p75a2.default\cookies.txt[.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma1p75a2.default\cookies.txt[.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma1p75a2.default\cookies.txt[.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma1p75a2.default\cookies.txt[.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@go[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma1p75a2.default\cookies.txt[.go.com/]

00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Jack Ballard\Cookies\jack ballard@errorsafe[2].txt

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\02036BF9.dll

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\44DA56B2.tmp

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\70853AD4.dll

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7688509B.tmp

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\768B7A98.tmp

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\012544ED.tmp

00581952 Adware/SaveNow Adware No 0 Yes No C:\Documents and Settings\Jack Ballard\My Documents\BSINSTALL.exe

02887531 Cookie/UltimateCleaner TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-2529381451-1030215601-1148067712-500\Dc56.txt

02887532 Cookie/XPAntivirusPro TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-2529381451-1030215601-1148067712-500\Dc57.txt

02909984 Cookie/PCCleaner TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-2529381451-1030215601-1148067712-500\Dc52.txt

02941683 ASF/GetaCodec.A Virus No 0 Yes No C:\My Downloads\birdflu.mp3

03755584 Generic Malware Virus/Trojan No 0 Yes No C:\i386\GTDownDE_87.ocx

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location B

;===============================================================================

================================================================================

=

===================

No C:\RECYCLER\S-1-5-21-2529381451-1030215601-1148067712-1005\Dc1149.exe B

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description B

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:11:51 PM, on 12/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/support/plugins/ebraryRdr.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...226/mcfscan.cab

O24 - Desktop Component 0: Privacy Protection - (no file)

--

End of file - 3085 bytes

[Katana]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully

2. If you don't understand something, stop and ask! Don't keep going on.

3. Please do not run any other tools or scans whilst I am helping you

4. Please continue to respond until I give you the "All Clear"

   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.

Be assured, any links I give are safe

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.

Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following

Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.

• Double click on RSIT.exe to run RSIT.

• Click Continue at the disclaimer screen.

• Once it has finished, two logs will open:
  • log.txt will be opened maximized.

  • info.txt will be opened minimized.

  [*]Please post the contents of both log.txt and info.txt.

[AdvancedSetup]

No response so I'll close this post now