Http lop toolbar activity

[smk.bluebird]

hi dear friends,

for past 1 months i am recieving this message whenever i am online ,

my nortan says "a recent attempt to attack your computer wa blocked"

when look for detail it says the following,

"An intrusion attempt by { my computer name } was blocked"

RISK NAME - HTTP LOP TOOL BAR ACTIVITY

RISK LEVEL - HIGH

ATTACKING COMPUTER - { MY COMPUTER NAME}

DESTINATION ADDRESS - Ads.dns-look-up.com(64.34.228.126,80)


i had also attached my hijack this log .


kindly look into this and help me

 

[raybay]

No big worries sighted.
How much memory is installed?

 

[DelJo63]

No big worries sighted.
How much memory is installed?

Hum; beg to differ.
Your system is making an outbound connection on port 80 (an port that is naturally opened for all browser access) to a site at 64.34.228.126

I would be concerned. If you did not click a link and immediately get this message,
then something on your system (including an ActiveX program) made the request.

Which browser and OS version are you running?

 

[smk.bluebird]

thanks for your reply Mr.Ray bay,
my memory installed is 128 gb , with 1 gb ram

 

[smk.bluebird]

thanks for your reply Mr.Jobeard, my os is windows xp media center edition , verison 2002 , i use exporer 7 ,

 

[xxdanielxx]

hey there are somethings we have to do but first looks like you have 2 antivirus apps installed do you

norton
mcafee

also do you know these IP's

125.22.47.125
202.56.250.5

 

[smk.bluebird]

thanks for your reply daniel , i am using only nortan , but when i took hijack log , the superantispyware was running ( used to check for ).

as far as this 2 ADResses , both of them are not useful to me , but one belong to service provider to my ex company and other my companys allotted id ( i found so).

 

[xxdanielxx]

McAfee Uninstaller

• Download McAfee Uninstaller to your desktop
• Run the Uninstaller
• Reboot computer

-----------------------------------------------

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

------------------------------------------------------

Please go HERE to run Panda's TotalScan

• Select the bubble for Full scan
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• Then the scan will begin
• When the scan completes, click the Save button on the right of Scan details
• Save it to a convenient location. Post the contents of the TotalScan report

 

[smk.bluebird]

dear daniel ,

thank you for the reply , i had uninstalled the mcafee.

also had run the malware and panda scan , the following is the log file of teh same.

the problem is still there , thank u.

 

[xxdanielxx]

make sure to delete everything MBAM found.

post a fresh hijackthis log

 

[smk.bluebird]

dear daniel ,

i had deleted as instructed .

this is my fresh hijack log

thank you

 

[xxdanielxx]

We need to get rid of one of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop McAfee Application Installer Cleanup
sc delete McAfee Application Installer Cleanup
del service.cmd and exit

Save it to your desktop as File name: service.cmd
Save as type: All Files

Once done, double click service.cmd to run it. A command window will open briefly, then close. This is quite normal.

run hijackthis and place a check next to the item below

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O23 - Service: McAfee Application Installer Cleanup (0092261186264942) (0092261186264942mcinstcleanup) - Unknown owner - C:\DOCUME~1\Udhayam\LOCALS~1\Temp\009226~1.EXE (file missing)

 

[smk.bluebird]

dear daniel

i had done as instructed , had attached the hijack this log.

( the problem is still there)

thank you

 

[xxdanielxx]

ComboFix

• Download ComboFix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

 

[smk.bluebird]

dear daniel,

as instructed had done the combofix , here is the log attached . for your kind info teh same problem persists.
thank you

 

[xxdanielxx]

Post a fresh hijackthis log

 

[smk.bluebird]

dear daniel , this is fresh hijack this log .
thank you

 

[xxdanielxx]

Your java is out of date please update it this is an easy way to get infected how is your computer running I do not see anything bad in your log,

Update your Java Runtime Environment

First try going to Start -> Control Panel -> double click Java
Select the Update Tab at the top of the Java console
Click the Check for Updates button at the bottom
If it finds the newer version (Java 6 Update 7) Follow the on screen instructions (uncheck the yahoo toolbar option)
After it installs the newest version Go back to Control Panel -> Add/remove programs (programs and features in vista)
Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.
Update your Java Runtime Environment
Click the following link
Java Runtime Environment 6 Update 7
The 5th option down is the one you want (click Download)
Check the box to agree to terms of service
Check the box for your operating system and click 'Download selected'at the bottom
After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_07 folder

-----------------------------------------

TrendMicro™ HouseCall Java Scan

• Please go HERE to run the Trend Micro™ HouseCall Scan.
• Click Scan now. It's free!
• Read and put a Check next to Yes I accept the terms of use.
• Click the Launching HouseCall>> button.
• Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
• You may receive a Security Warning about the TrendMicro Java applet, click YES.
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
• Please be patient while it installs, updates, and scans your system.
• Once the scan is complete, it will take you to the summary page.
• Under Cleanup options, choose clean all detected infections automatically.
• Click the Clean now>> button.
• If anything was found you may be prompted to run the scan again, you can just close the browser window.

 

[smk.bluebird]

dear daniel,

thanks , i am sorry for the delayed reply.

i had done as instructed . teh problem still persists.
thank you

 

[raybay]

Could you please restate your configuration, particularly the memory statement: "...memory installed is 128 gb , with 1 gb ram..." Does this mean you have a 128 GB hard drive with one or two memory modules totalling 1 GB?

Now that the infestation removal didn't change things, perhaps we need to take another look at the problem. Can you restate it, please?
Do you use Internet Explorer, Firefox, Safari, or Opera? Have you blocked popups in whatever you use?
It is possible that you are receiving a marketing attack that could be blocked by using Firefox 2.0 or 3.0?

 

[xxdanielxx]

by problem you mean infection or you can not run the online scan and if you did run the scan can you post a fresh hijackthis.

right click on hijackthis and look at the location it is installed go to that location and rename hijackthis to bobo then copy and past a shortcut to your desktop then run and post a fresh hijackthis log

 

[smk.bluebird]

thank you mr.ray ,
mine is having a C drive of 99 gb , d drive (hp recovery ) 11.6 gb , ram of .99 gb.

as as ram i dont know whether it is one module or two one.

i use windows xp media centre edition, ie 7 , and firefox . i had always used pop up blockers(in fact very strictly).

please let me know if anymore info is needed.

as far as my problem, here goes it,

my nortan says "a recent attempt to attack your computer wa blocked"

when look for detail it says the following,

"An intrusion attempt by { my computer name } was blocked"

RISK NAME - HTTP LOP TOOL BAR ACTIVITY

RISK LEVEL - HIGH

ATTACKING COMPUTER - { MY COMPUTER NAME}

DESTINATION ADDRESS - Ads.dns-look-up.com(64.34.228.126,80)

 

[xxdanielxx]

Download Findlop. Unzip it to your desktop.
Double click findlop.bat. It will open a notepad file.
Copy the content of that file and paste it here in your reply.

 

[smk.bluebird]

dear daniel,

i had done teh java correction , the trend micro scan was also completed. nothing was found by the scan.

please see the attached hijack this log ( did as instructed by you).

also the findlop notepad.

thank you

 

[xxdanielxx]

open hijackthis and place a check next to the item below

O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\settings amok.exe

=========================================

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [b] C:\Documents and Settings\All Users\Application Data\Long slow road itch [/b]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.