Problem loading websites - possible spyware/virus cause?

BullGuard Antivirus Forum > Virus Removal > Removal Help > Problem loading websites - possible spyware/virus cause?

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Farferello
New Member

Date Joined Sep 2006
Total Posts : 12

Posted 11-18-2007 4:45 (GMT +1)

Over the past week or so, I’ve noticed a problem when it comes to accessing various sites. These sites I never had a problem with in the past, suddenly won’t let me load them properly. Like one hour I’ll load them just fine and a few hours later I can’t access them at all or they take several refreshes to load. (And sometimes they work again the next day) I’ve tried both IE (Newest one) and Firefox 1.5 and though I can sometimes get it to load more on IE I still have the problem. If I go through a proxy site though such as anonymouse.org they load fine. It does fix itself on occasion, at least for the one site I have the main problem with (livejournal.com) but I don’t understand why it’s acting like this when my friends don’t have the problem. (I have them check for me when it's down on my end to make sure it's not just a website error)

I’m wondering, could I have a virus or some sort of spyware/malware that’s causing me access issues? I contacted my ISP but they don’t think it’s anything to do with them and it’s odd that I’m getting problems all of a sudden.

Could some take an issue at my logs and see if I have any problems? It’s really starting to bug me now.

AVG Anti-Spyware Log
This program won’t let me save a log for some reason. I’ve followed all settings and even tried uninstalling and reinstalling the program.

C: Rootlog TXT Log

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
18/11/2007 3:34:51.91

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 03:34:52
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

C:\ComboFix.txt Log

ComboFix 07-11-08.1 - Administrator 2007-11-18 3:37:35.3 - NTFSx86
Running from: C:\Documents and Settings\Administrator\My Documents\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-18 to 2007-11-18 )))))))))))))))))))))))))))))))
.

2007-11-18 02:57 401,720 --a------ C:\Program Files\HiJackThis.exe
2007-11-18 02:05 <DIR> d-------- C:\WINDOWS\LastGood
2007-11-18 02:05 <DIR> d-------- C:\Program Files\Thomson
2007-11-18 02:04 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-11-18 00:53 <DIR> d-------- C:\Program Files\InstallShield Installation Information(2)
2007-11-17 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-15 18:05 <DIR> d-------- C:\Program Files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-18 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-18 01:45 --------- d-----w C:\Program Files\Winamp
2007-11-18 01:44 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2007-11-15 18:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-10-28 05:17 --------- d-----w C:\Program Files\CyberScrub Professional
2007-10-28 05:17 --------- d-----w C:\Program Files\AIM
2007-10-28 05:16 --------- d-----w C:\Program Files\Last.fm
2007-10-21 18:02 --------- d-----w C:\Program Files\mIRC
2007-09-20 10:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2007-09-09 19:06 218,112 ----a-w C:\alternativ.exe
2007-09-09 16:46 177,408 ----a-w C:\rootchk.exe
2007-09-09 16:46 1,484,800 ----a-w C:\ComboFix.exe
2007-08-21 06:25 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot_2007-10-29_20.11.56.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-20 06:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-29 18:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2003-12-08 10:53:58 5,606 ----a-w C:\WINDOWS\LastGood\system32\stci.dll
- 2007-10-26 01:56:29 52,880 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-18 02:08:37 52,880 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-26 01:56:29 380,658 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-18 02:08:37 380,658 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-18 01:46:14 1,765,600 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2003-12-08 10:53:58 5,606 ----a-w C:\WINDOWS\system32\stci.dll
+ 2003-12-08 11:53:58 5,606 ----a-w C:\WINDOWS\system32\stci.dll
- 2007-04-02 14:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-22 18:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 21:48]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 22:22]
"AIMWDInstallFilename"="C:\PROGRA~1\AIM\AIMWDI~1.EXE" [2004-01-12 20:29]
"!AVG Anti-Spyware"="C:\Program Files\Lavasoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 12:00]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-08-10 15:37]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 20:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-28 19:49:58]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-28 22:00:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Lavasoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 03:38:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-18 3:39:57
C:\ComboFix-quarantined-files.txt ... 2007-09-09 19:59
C:\ComboFix2.txt ... 2007-10-29 20:12
C:\ComboFix3.txt ... 2007-09-09 19:59
.
--- E O F ---

Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:41:29, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Lavasoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24D83B48-66FC-4478-864D-6F6DB152795A}: NameServer = 212.139.132.10 212.139.132.11
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Lavasoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 4512 bytes

If anyone can take a look for any problems I'd be grateful.

-Far

Farferello
New Member

Date Joined Sep 2006
Total Posts : 12

Posted 11-18-2007 10:39 (GMT +1)

Been bumped down. :( Can anyone take a look?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14290

Posted 11-18-2007 10:58 (GMT +1)

I suggest You read our rules, especially pkt. 10 while You´re waiting:

http://www.bullguard.com/forum/5/FORUM-RULES-PLEASE-READ-BEFORE_20312.html

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Tuesday, January 06, 2009 2:54 PM (GMT +1)
There are a total of 65.864 posts in 16.165 threads.
In the last 3 days there were 22 new threads and 87 reply posts. View Active Threads