Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

both firefox and internet explorer have trouble loading pages

This is a discussion on both firefox and internet explorer have trouble loading pages within the Resolved HJT Threads forums, part of the Tech Support Forum category. Both firefox and internet explorer have trouble loading pages. I am connected to the internet, not using a proxy, and


 
 
Thread Tools Search this Thread
Old 10-30-2016, 07:59 AM   #1
Registered Member
 
Join Date: May 2016
Posts: 15
OS: Windows 7, Windows Vista



Both firefox and internet explorer have trouble loading pages. I am connected to the internet, not using a proxy, and my firewall shouldn't be the issue because they don't even load google most of the time. Here are the 'dds.txt' contents:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16811 BrowserJavaVersion: 11.111.2
Run by Morand at 10:31:03 on 2016-10-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2046.550 [GMT -4:00]
.
AV: Avast Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/?gfe_rd=cr&ei=J0eOV7-yCorGgAT-raq4Bg&gws_rd=ssl
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_26&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCzzzz0ByD0FyC0D0CyEtCyBtAyCtN0D0Tzu0StCyCyEtDtN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0C0Fzz0EtDtCtAtGtA0C0DzztGyByDzztBtGtDyE0ByEtGyE0AtBtDyCyC0CyCyByC0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtAtByE0EtCtDzztG0EyByE0CtGyE0DyB0BtGzy0DyE0BtGzy0BtAzz0FtBzzyEtAyD0FtC2QtN0A0LzuyE%26cr%3D1827379996%26a%3Dwbf_beri_16_26%26os_ver%3D6%26os%3DWindows%2BVista%2B(TM)%2BHome%2BPremium
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_111\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_111\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{156BCEDB-2755-4426-AE2D-51A280D52544} : DHCPNameServer = 192.168.2.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\morand\appdata\roaming\mozilla\firefox\profiles\pv5veiaq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Powered
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/?gfe_rd=cr&ei=6e8UWNr4FMuYzAK94oroAQ
FF - prefs.js: keyword.URL - true
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_23_0_0_205.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2016-5-21 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [2016-5-21 295840]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2015-5-25 60424]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswvmm.sys [2015-5-25 224752]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-3-22 35096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2015-5-25 735488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2015-5-25 433768]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-5-25 92256]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2016-8-30 197128]
R2 avast! Firewall;Avast Firewall;c:\program files\avast software\avast\afwServ.exe [2016-8-30 223600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2015-5-23 21504]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2015-8-24 184592]
S3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-5-25 34008]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="c:\program files\avast software\szbrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-10-29 19:04:25 -------- d-----w- c:\users\morand\appdata\local\Microsoft Games
2016-10-21 20:44:28 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-10-05 20:58:43 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2016-10-29 01:42:45 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-10-29 01:42:45 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-10-13 21:34:49 224752 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-09-13 19:55:40 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-08-30 17:19:43 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-08-30 17:19:43 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-08-30 17:19:43 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-08-30 17:19:43 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-08-30 17:19:36 53208 ----a-w- c:\windows\avastSS.scr
2016-08-30 17:19:33 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-08-30 17:19:27 295840 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
.
============= FINISH: 10:31:49.91 ===============
Attached Files
File Type: txt attach.txt (3.1 KB, 19 views)
steve15 is offline  
Sponsored Links
Advertisement
 
Old 10-30-2016, 08:10 AM   #2
Registered Member
 
Join Date: May 2016
Posts: 15
OS: Windows 7, Windows Vista



Forgot to add, I do not have/have access to a Windows Install disc, or a Boot CD.
steve15 is offline  
Old 10-30-2016, 01:00 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Check for additional security risks:
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 10-30-2016, 01:50 PM   #4
Registered Member
 
Join Date: May 2016
Posts: 15
OS: Windows 7, Windows Vista



Thank you so much for all your advice.

Here are the results for ckfiles.txt

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.BPAPJZ
----- EOF -----

And here are the results for AdwCleaner

# AdwCleaner v6.030 - Logfile created 30/10/2016 at 16:38:09
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-30.1 [Server]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Username : Morand - MORAND-PC
# Running from : C:\Users\Morand\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Morand\AppData\Roaming\DriverAgentPlus
[-] Folder deleted: C:\Users\Morand\AppData\Roaming\efo
[-] Folder deleted: C:\ProgramData\App-verifier
[-] Folder deleted: C:\ProgramData\DriverAgentPlus
[#] Folder deleted on reboot: C:\ProgramData\Application Data\App-verifier
[#] Folder deleted on reboot: C:\ProgramData\Application Data\DriverAgentPlus
[-] Folder deleted: C:\Program Files\ByteFence
[#] Folder deleted on reboot: C:\Users\Morand\AppData\Roaming\efo


***** [ Files ] *****

[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
[-] File deleted: C:\Users\Morand\AppData\Roaming\Mozilla\Firefox\Profiles\pv5veiaq.default\searchplugins\yahoo! powered.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-3712992330-4114128423-1307610221-1000\Software\Bitberry
[-] Key deleted: HKU\S-1-5-21-3712992330-4114128423-1307610221-1000\Software\Bitberry Software
[-] Key deleted: HKU\S-1-5-21-3712992330-4114128423-1307610221-1000\Software\eSupport.com
[-] Key deleted: HKU\S-1-5-21-3712992330-4114128423-1307610221-1000\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-3712992330-4114128423-1307610221-1000\Software\csastats
[#] Key deleted on reboot: HKCU\Software\Bitberry
[#] Key deleted on reboot: HKCU\Software\Bitberry Software
[#] Key deleted on reboot: HKCU\Software\eSupport.com
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\csastats
[-] Key deleted: HKLM\SOFTWARE\AppVerifier
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
steve15 is offline  
Old 10-30-2016, 03:42 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello steve15. You're very welcome!

No need to attach logs going forward. Just copy/paste them directly into the Reply to Thread window. Thanks.

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-30-2016, 04:41 PM   #6
Registered Member
 
Join Date: May 2016
Posts: 15
OS: Windows 7, Windows Vista



ComboFix 16-10-23.01 - Morand 30/10/2016 19:26:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2046.1012 [GMT -4:00]
Running from: c:\users\Morand\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: Avast Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-09-28 to 2016-10-30 )))))))))))))))))))))))))))))))
.
.
2016-10-30 23:35 . 2016-10-30 23:35 -------- d-----w- c:\users\Morand\AppData\Local\temp
2016-10-30 23:35 . 2016-10-30 23:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-30 20:33 . 2016-10-30 20:38 -------- d-----w- C:\AdwCleaner
2016-10-29 19:04 . 2016-10-29 19:04 -------- d-----w- c:\users\Morand\AppData\Local\Microsoft Games
2016-10-28 22:32 . 2016-10-28 22:32 -------- d-----w- c:\program files\Mozilla Maintenance Service
2016-10-21 20:44 . 2016-10-21 20:44 -------- d-----w- c:\program files\Common Files\Java
2016-10-21 20:44 . 2016-10-21 20:44 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-10-21 20:43 . 2016-10-21 20:43 -------- d-----w- c:\program files\Java
2016-10-16 23:36 . 2016-10-16 23:36 -------- d-----w- c:\users\Morand\AppData\Roaming\U3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-29 01:42 . 2015-05-25 15:57 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-10-29 01:42 . 2015-05-25 15:57 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-10-13 21:34 . 2015-05-25 16:08 224752 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-09-24 13:59 . 2015-05-25 16:08 433768 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-09-13 19:55 . 2015-05-25 16:08 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-08-30 17:19 . 2015-08-24 19:49 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-08-30 17:19 . 2015-05-25 16:08 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-08-30 17:19 . 2015-05-25 16:08 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-08-30 17:19 . 2015-05-25 16:08 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-08-30 17:19 . 2015-05-25 16:08 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-08-30 17:19 . 2015-05-25 16:08 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-08-30 17:19 . 2016-08-30 17:19 319760 ----a-w- c:\windows\system32\aswBoot.exe
2016-08-30 17:19 . 2016-08-30 17:19 53208 ----a-w- c:\windows\avastSS.scr
2016-08-30 17:19 . 2016-03-23 02:08 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-08-30 17:19 . 2016-05-21 13:50 295840 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-08-30 17:19 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-10-28 9099440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-09-23 587288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-11-01 17:30 2508104 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-03 16:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 08:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-08 05:16 303104 ----a-w- c:\windows\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2016-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-25 01:42]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.ca/?gfe_rd=cr&ei=...4Bg&gws_rd=ssl
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Morand\AppData\Roaming\Mozilla\Firefox\Profiles\pv5veiaq.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/?gfe_rd=cr&ei=6e8UWNr4FMuYzAK94oroAQ
FF - prefs.js: keyword.URL - true
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-GoogleChromeAutoLaunch_22BB8B331163324E8F03E41392AA37D7 - c:\users\Morand\AppData\Local\Chromium\Application\chrome.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2016-10-30 19:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2016-10-30 19:38:27
ComboFix-quarantined-files.txt 2016-10-30 23:38
.
Pre-Run: 220,516,732,928 bytes free
Post-Run: 220,485,320,704 bytes free
.
- - End Of File - - 6E5DEBD1C35583F276E25879CEDD4F10
5C616939100B85E558DA92B899A0FC36
steve15 is offline  
Old 10-30-2016, 05:45 PM   #7
Registered Member
 
Join Date: May 2016
Posts: 15
OS: Windows 7, Windows Vista



So far the problem seems to be resolved. Both firefox and internet explorer have been loading pages successfully. Thank you so much for all your help.
steve15 is offline  
Old 10-30-2016, 06:20 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, steve15. You're very welcome! Glad to hear it. Let's make sure no remnants remain.

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-31-2016, 05:12 PM   #9
Registered Member
 
Join Date: May 2016
Posts: 15
OS: Windows 7, Windows Vista



Here is the MBAM log (ESET reported no threats):

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 31/10/2016
Scan Time: 5:42:20 PM
Logfile: malware log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.31.10
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Morand

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 277194
Time Elapsed: 12 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D846BCF7-5265-4EF8-94E1-BEDD75F85283}, Delete-on-Reboot, [dbeb9e018515a69016e307ac11f309f7],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered ronel, Delete-on-Reboot, [972fc9d66d2d8da95d9d3e759a6a7b85],
PUP.Optional.WinYahoo, HKU\S-1-5-21-3712992330-4114128423-1307610221-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT, Quarantined, [93331b84c7d3c670bca9f707bd46ed13],

Registry Values: 2
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D846BCF7-5265-4EF8-94E1-BEDD75F85283}|Path, \Yahoo! Powered ronel, Delete-on-Reboot, [dbeb9e018515a69016e307ac11f309f7]
PUP.Optional.WinYahoo, HKU\S-1-5-21-3712992330-4114128423-1307610221-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT|filename, C:\Users\Morand\AppData\Roaming\{49C17F7A-6C93-120C-07A5-35DEDB77C8E0}\productupdate.exe, Quarantined, [93331b84c7d3c670bca9f707bd46ed13]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.WinYahoo, C:\Windows\System32\Tasks\Yahoo! Powered ronel, Quarantined, [8e387629693156e0f00bcfe4d52f28d8],

Physical Sectors: 0
(No malicious items detected)


(end)
steve15 is offline  
Old 10-31-2016, 05:52 PM   #10
Registered Member
 
Join Date: May 2016
Posts: 15
OS: Windows 7, Windows Vista



My browsers have continued to load pages successfully. Thank you very much.
steve15 is offline  
Old 11-01-2016, 08:04 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, steve15. You're very welcome. Glad to hear it.

Is System Restore working on your machine? There were no restore points listed in your initial log.

Create a Restore Point for Windows 7 or Vista’s System Restore

Were you able to create a restore point?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-10-2016, 06:34 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
url:mal virus
I am in need of expert assistance in removal the nemesis virus "url:mal" . I've also seen pop up from Avast blocking "url:mal2". I tried running gmr and something prevents it from completion, so I'm not sure if it will give you the data you need:sad: Thanks in advance.:bang head: Dell...
Larry Crooms Resolved HJT Threads 35 01-14-2014 04:16 AM
FBI.Cybercrime lock-out
Hello and thank you in advance for helping me. I am locked out of my computer with a notice from "FBI.Cybercrime" to pay a fine or the FBI will be here to haul me off to prison. I received a suggestion that through Bleeping Computers I would find the instructions to follow for self help removal...
Cathy95820 Resolved HJT Threads 34 05-06-2013 03:49 AM
Re: My PC is running very slow!
See original threads https://www.techsupportforum.com/forums/f100/trojan-horse-generic_r-bat-660143.html www.techsupportforum.com/forums/f112/my-pc-is-running-very-slow-660313.html Thanks for the reply. I downloaded the DDS and GMER software and ran the scans as instructed. All the scans went...
Hairymartin1966 Virus/Trojan/Spyware Help 20 08-22-2012 04:37 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:11 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts