[dacuso]

I did not change any of the default OTL settings. I need to step away for a while, will be back later - thanks again.
The search engines (Google...) still not working, this is what I get:

The website declined to show this webpage
HTTP 403
Most likely causes:
•This website requires you to log in.

What you can try:
Go back to the previous page.



Here are the results from the OTL text file:


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45011CF5-E4A9-4F13-9093-F30A784EB9B2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45011CF5-E4A9-4F13-9093-F30A784EB9B2}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1606980848-1972579041-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Dave\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dave\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Dave
->Java cache emptied: 0 bytes

User: Default User

User: John Cusumano

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Dave
->Flash cache emptied: 44356 bytes

User: Default User

User: John Cusumano
->Flash cache emptied: 562 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04212013_152807

Edited by dacuso, 21 April 2013 - 05:14 PM.

[Advertisements]

how are things doing now?


gringo

[gringo_pr]

how are things doing now?


gringo

[dacuso]

Search engines (Google, Bing, Live Search...) still not working:

The website declined to show this webpage
HTTP 403
Most likely causes:
•This website requires you to log in.

What you can try:
Go back to the previous page.

More information

This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.

For more information about HTTP errors, see Help.

Edited by dacuso, 21 April 2013 - 05:19 PM.

[gringo_pr]

Hello dacuso

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

• Start Internet Explorer.
• click on "safety"
• click on "Delete Browsing History"
• make sure all boxes are checked
• click on "Delete"
• click on "Tools",
• click "Internet Options".
• On the "Advanced" tab, click "Reset"
• put a check mark next to "Delete Personal Settings"
• click "Reset" to confirm
• when complete click the "Close" button
• restart IE

Gringo

[dacuso]

I have reset IE8 and deleted all the saved info and files as requested (yep, even my PW for this communication).

I still can not search the WEB with Bing, Live Search, or Google; but I can search for images via Google Images. Same message as before when attempting to Google search:


The website declined to show this webpage
HTTP 403
Most likely causes:
•This website requires you to log in.

What you can try:
Go back to the previous page.

More information

This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.

For more information about HTTP errors, see Help.


Now what should I do?

Edited by dacuso, 23 April 2013 - 12:04 PM.

[dacuso]

I was prompted to update Firefox so I did, I am now at 20.0.1 version. I still can not use search engines in FF either.
I get this:

403 Forbidden
nginx

[gringo_pr]

Hello dacuso

I want you to reset firefox back to defaults, this will remove everything from Firefox

I will let you keep your bookmarks so to do that you can go here - Export BookMarks

Now to reset firefox do the following.

• At the top of the Firefox window, click the "Firefox" button,
• go over to the "Help" sub-menu
  
  • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
• Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
• click "Reset Firefox" in the confirmation window that opens.
• Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo

[dacuso]

OK, I did it again; I just did this 3 days ago on the 20th. Search engines still do not work. Everything seems to be running slower now too (program openings and screen popups). Search engines used to work, albiet with popups, now they do not. Do you know what we did for this to happen?

I just tried Google Chrome and had some sucess using Delta Search which looks like it redirected to Yahoo. This did work

http://www.delta-sea...000000cf1d9a003

Google and Bing does not work with this either.

Edited by dacuso, 23 April 2013 - 06:06 PM.

[gringo_pr]

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo

[dacuso]

Here it is:



Windows IP Configuration



Host Name . . . . . . . . . . . . : D-P4-2-8GH-1GB

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-0C-F1-D9-A0-03

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Server: home
Address: 192.168.1.254

Name: google.com
Address: 64.125.87.101

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 206.190.36.45, 98.138.253.109, 98.139.183.24



Pinging google.com [64.125.87.101] with 32 bytes of data:



Reply from 64.125.87.101: bytes=32 time=84ms TTL=43

Reply from 64.125.87.101: bytes=32 time=82ms TTL=43



Ping statistics for 64.125.87.101:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 82ms, Maximum = 84ms, Average = 83ms



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=126ms TTL=47

Reply from 206.190.36.45: bytes=32 time=102ms TTL=47



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 102ms, Maximum = 126ms, Average = 114ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c f1 d9 a0 03 ...... Intel® PRO/100 VE Network Connection - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None

[gringo_pr]

After you have run these steps - you need to let me know how the computer is doing

Resetting Router

• This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
• Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
• If you don’t know the router's default password, you can look it up. Here
• You also need to reconfigure any security settings you had in place prior to the reset.
• You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

• click on Start
• select run
• enter cmd and hit enter
• a black window will open.
• please enter the following text into that window and hit enter:
  
  
  ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo

[dacuso]

Everything is still the same - Google or Bing does not work in IE or FF. It took me a while to remember how I setup the router to act as an Access Point with my AT&T Gateway.






Windows IP Configuration



Host Name . . . . . . . . . . . . : D-P4-2-8GH-1GB

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-0C-F1-D9-A0-03

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Server: home
Address: 192.168.1.254

Name: google.com
Address: 92.123.68.97

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24, 206.190.36.45, 98.138.253.109



Pinging google.com [92.123.68.97] with 32 bytes of data:



Reply from 92.123.68.97: bytes=32 time=83ms TTL=43

Reply from 92.123.68.97: bytes=32 time=82ms TTL=43



Ping statistics for 92.123.68.97:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 82ms, Maximum = 83ms, Average = 82ms



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=397ms TTL=47

Reply from 98.139.183.24: bytes=32 time=437ms TTL=47



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 397ms, Maximum = 437ms, Average = 417ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c f1 d9 a0 03 ...... Intel® PRO/100 VE Network Connection - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None

[gringo_pr]

Hello dacuso


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
• Put a checkmark beside loaded modules.
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.
• Click the Start Scan button.
• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.
• If malicious objects are found, they will show in the Scan results
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  
  Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it
  
  If the forum still complains about it being to long send me everything that is at the end of the report after where it says
  
  ==================
  Scan finished
  ==================
  

and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo

[gringo_pr]

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

[dacuso]

I need a little more time please. I've been gone this weekend.