|
|
|
|
|||||||
| Register | Forum Rules | Getting Started! - Guide | Blog | Videos | Gallery | Members List | Social Groups | Mark Forums Read |
 |
|
|
Thread Tools | Display Modes |
17-02-2009, 02:33 PM
|
#401 |
|
ƒ(ψ)=Θº×φ
 
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87
  OS:
 |
Re: Cannot access Antivirus Sites/Google/Avast etc.
Your HijackThis log files looks clean. Run ComboFix and post it's log file too.
__________________
Please don't click here |
|
|
| Thanked Users: | misfit (19-02-2009) |
|
17-02-2009, 07:10 PM
|
#402 |
|
Newbie
Join Date: Feb 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
 OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Hi!
I've seen the many posts and help given in this thread! I need some help. My problems are rather similar including inability to visit antivirus sites(thus i cannot update my database), I cannot run some .exe files but tt was resolved after i rename the file. I am also unable to to a system restore(as in, nothing happens after i click the next button.) not sure if this is also a cause of malware. I have also posted my hijackthis log file below. Any help will be much appreciated. Thanks! Code:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:30:03 PM, on 2/17/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Thunder Network\WebThunder\WebThunder.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm O8 - Extra context menu item: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Æô¶¯WEBѸÀ× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - WEBѸÀ× (file missing) O9 - Extra 'Tools' menuitem: Æô¶¯WEBѸÀ× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - WEBѸÀ× (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files...fosFinder2.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 8109 bytes Last edited by bakuryu; 17-02-2009 at 07:55 PM.. |
|
|
|
|
17-02-2009, 07:58 PM
|
#403 |
|
ƒ(ψ)=Θº×φ
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
@@Qazutar :
Do you remember which file you ran that fixed the errors ? You HijackThis log file is ok, run ComboFix and post a log file also. |
|
|
|
|
17-02-2009, 08:50 PM
|
#404 |
|
Newbie
Join Date: Feb 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Ermm.. I just rename the hijackthis and killbox and also combofix .exe files to some random names and successfully execute them..
anw, i ran combofix and the following isthe log. I can access the website now. maybe u can tell me if u can see any other errors? Code:
ComboFix 09-02-15.01 - Zhi Zhong 2009-02-17 23:49:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.751.438 [GMT 8:00]
Running from: c:\documents and settings\Zhi Zhong\Desktop\cf.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Zhi Zhong\Application Data\inst.exe
C:\test.txt
c:\windows\system32\28463
c:\windows\system32\28463\akv.cfg
c:\windows\system32\28463\AKV.exe
c:\windows\system32\28463\JKNE.001
c:\windows\system32\28463\JKNE.002
c:\windows\system32\28463\key.bin
c:\windows\system32\drivers\TDSSpaxt.sys
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxq.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsihc.dll
c:\windows\system32\TDSStkdv.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.
2009-02-17 22:36 . 2009-02-17 22:36 <DIR> d-------- C:\!KillBox
2009-02-17 22:29 . 2009-02-17 22:29 <DIR> d-------- c:\program files\Trend Micro
2009-02-17 22:23 . 2009-02-17 22:26 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-17 21:08 . 2009-02-17 21:08 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-17 21:08 . 2009-02-17 21:08 <DIR> d-------- c:\program files\AVG
2009-02-17 21:08 . 2009-02-17 21:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-17 21:08 . 2009-02-17 21:08 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-17 21:08 . 2009-02-17 21:08 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-17 21:08 . 2009-02-17 21:08 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-15 14:33 . 2008-02-14 20:47 1,101,824 --ahs---- c:\windows\system32\krnln.fne
2009-02-15 14:33 . 2008-02-14 20:47 146,944 --a------ c:\windows\system32\borCFileName.dll
2009-02-09 07:10 . 2009-02-09 07:10 <DIR> d-------- c:\program files\BulletProof FTP Server v2.3
2009-01-23 23:09 . 2009-01-23 23:09 <DIR> d-------- c:\program files\Red Storm Entertainment
2009-01-23 22:07 . 2009-01-23 22:07 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-01-23 00:42 . 2009-01-23 00:42 <DIR> d-------- c:\program files\EA GAMES
2009-01-23 00:42 . 2004-08-18 10:14 442,368 -ra------ c:\windows\system32\vp6vfw.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 23:08 --------- d-----w c:\program files\NJStar Communicator
2009-02-08 16:25 --------- d-----w c:\documents and settings\Zhi Zhong\Application Data\uTorrent
2009-01-21 15:07 --------- d-----w c:\documents and settings\Zhi Zhong\Application Data\Free Download Manager
2009-01-20 23:18 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-20 23:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-07 09:27 --------- d-sh--w c:\documents and settings\All Users\Application Data\thunder_vod_cache
2009-01-07 09:27 --------- d-----w c:\documents and settings\All Users\Application Data\vucache
2009-01-07 09:17 --------- d-----w c:\program files\Thunder Network
2009-01-07 09:17 --------- d-----w c:\program files\Common Files\Thunder Network
2009-01-07 09:17 --------- d-----w c:\documents and settings\All Users\Application Data\Thunder Network
2008-06-14 16:24 47,360 ----a-w c:\documents and settings\Zhi Zhong\Application Data\pcouffin.sys
2008-05-12 12:21 54,200 ----a-w c:\documents and settings\Zhi Zhong\Application Data\GDIPFONTCACHEV1.DAT
2008-08-31 16:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090120080902\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-10-02 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-02 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-12 180269]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-17 1601304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-17 21:08 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 08:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OLPSYNCH]
--a------ 2006-12-08 03:00 36864 c:\program files\Offline Course Player\OlpSynch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-12 01:31 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
--a------ 2008-02-01 13:10 4998448 c:\program files\RapidSolution\Tunebite\Tunebite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
--a------ 2007-08-02 21:08 95504 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebThunder]
--a------ 2008-10-23 16:46 677280 c:\program files\Thunder Network\WebThunder\WebThunder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-12-19 17:53 65024 c:\windows\SOUNDMAN.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Thunder Network\\WebThunder\\WebThunder.exe"=
"c:\\Program Files\\BulletProof FTP Server v2.3\\bpftpserver.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7349:TCP"= 7349:TCP:BitComet 7349 TCP
"7349:UDP"= 7349:UDP:BitComet 7349 UDP
"56029:TCP"= 56029:TCP:PORT_56029
"36121:TCP"= 36121:TCP:PORT_36121
"45704:TCP"= 45704:TCP:PORT_45704
"54294:TCP"= 54294:TCP:PORT_54294
"27290:TCP"= 27290:TCP:PORT_27290
"18997:TCP"= 18997:TCP:PORT_18997
"53006:TCP"= 53006:TCP:PORT_53006
"31885:TCP"= 31885:TCP:PORT_31885
"24241:TCP"= 24241:TCP:PORT_24241
"40041:TCP"= 40041:TCP:PORT_40041
"25918:TCP"= 25918:TCP:PORT_25918
"43366:TCP"= 43366:TCP:PORT_43366
"53875:TCP"= 53875:TCP:PORT_53875
"32125:TCP"= 32125:TCP:PORT_32125
"52619:TCP"= 52619:TCP:PORT_52619
"57704:TCP"= 57704:TCP:PORT_57704
"31706:TCP"= 31706:TCP:PORT_31706
"6052:TCP"= 6052:TCP:PORT_6052
"44004:TCP"= 44004:TCP:PORT_44004
"6404:TCP"= 6404:TCP:PORT_6404
"34843:TCP"= 34843:TCP:PORT_34843
"46673:TCP"= 46673:TCP:PORT_46673
"7634:TCP"= 7634:TCP:PORT_7634
"7411:TCP"= 7411:TCP:PORT_7411
"56720:TCP"= 56720:TCP:PORT_56720
"43696:TCP"= 43696:TCP:PORT_43696
"64618:TCP"= 64618:TCP:PORT_64618
"24024:TCP"= 24024:TCP:PORT_24024
"22373:TCP"= 22373:TCP:PORT_22373
"43184:TCP"= 43184:TCP:PORT_43184
"61813:TCP"= 61813:TCP:PORT_61813
"7649:TCP"= 7649:TCP:PORT_7649
"54113:TCP"= 54113:TCP:PORT_54113
"47066:TCP"= 47066:TCP:PORT_47066
"58790:TCP"= 58790:TCP:PORT_58790
"15356:TCP"= 15356:TCP:PORT_15356
"29641:TCP"= 29641:TCP:PORT_29641
"42563:TCP"= 42563:TCP:PORT_42563
"26813:TCP"= 26813:TCP:PORT_26813
"8540:TCP"= 8540:TCP:PORT_8540
"18993:TCP"= 18993:TCP:PORT_18993
"41113:TCP"= 41113:TCP:PORT_41113
"16172:TCP"= 16172:TCP:PORT_16172
"33477:TCP"= 33477:TCP:PORT_33477
"52188:TCP"= 52188:TCP:PORT_52188
"16794:TCP"= 16794:TCP:PORT_16794
"8446:TCP"= 8446:TCP:PORT_8446
"9168:TCP"= 9168:TCP:PORT_9168
"14865:TCP"= 14865:TCP:PORT_14865
"60266:TCP"= 60266:TCP:PORT_60266
"44134:TCP"= 44134:TCP:PORT_44134
"56016:TCP"= 56016:TCP:PORT_56016
"42751:TCP"= 42751:TCP:PORT_42751
"14906:TCP"= 14906:TCP:PORT_14906
"21456:TCP"= 21456:TCP:PORT_21456
"16829:TCP"= 16829:TCP:PORT_16829
"41762:TCP"= 41762:TCP:PORT_41762
"15020:TCP"= 15020:TCP:PORT_15020
"20176:TCP"= 20176:TCP:PORT_20176
"51391:TCP"= 51391:TCP:PORT_51391
"23402:TCP"= 23402:TCP:PORT_23402
"33149:TCP"= 33149:TCP:PORT_33149
"14188:TCP"= 14188:TCP:PORT_14188
"45551:TCP"= 45551:TCP:PORT_45551
"59158:TCP"= 59158:TCP:PORT_59158
"54641:TCP"= 54641:TCP:PORT_54641
"37613:TCP"= 37613:TCP:PORT_37613
"58188:TCP"= 58188:TCP:PORT_58188
"24254:TCP"= 24254:TCP:PORT_24254
"59696:TCP"= 59696:TCP:PORT_59696
"56242:TCP"= 56242:TCP:PORT_56242
"19856:TCP"= 19856:TCP:PORT_19856
"43060:TCP"= 43060:TCP:PORT_43060
"23063:TCP"= 23063:TCP:PORT_23063
"64000:TCP"= 64000:TCP:PORT_64000
"55332:TCP"= 55332:TCP:PORT_55332
"12063:TCP"= 12063:TCP:PORT_12063
"65430:TCP"= 65430:TCP:PORT_65430
"37298:TCP"= 37298:TCP:PORT_37298
"20265:TCP"= 20265:TCP:PORT_20265
"54319:TCP"= 54319:TCP:PORT_54319
"27578:TCP"= 27578:TCP:PORT_27578
"47227:TCP"= 47227:TCP:PORT_47227
"14566:TCP"= 14566:TCP:PORT_14566
"51250:TCP"= 51250:TCP:PORT_51250
"18516:TCP"= 18516:TCP:PORT_18516
"49066:TCP"= 49066:TCP:PORT_49066
"9563:TCP"= 9563:TCP:PORT_9563
"43864:TCP"= 43864:TCP:PORT_43864
"26504:TCP"= 26504:TCP:PORT_26504
"49770:TCP"= 49770:TCP:PORT_49770
"53079:TCP"= 53079:TCP:PORT_53079
"60915:TCP"= 60915:TCP:PORT_60915
"44485:TCP"= 44485:TCP:PORT_44485
"13758:TCP"= 13758:TCP:PORT_13758
"41520:TCP"= 41520:TCP:PORT_41520
"21270:TCP"= 21270:TCP:PORT_21270
"19788:TCP"= 19788:TCP:PORT_19788
"57620:TCP"= 57620:TCP:PORT_57620
"16883:TCP"= 16883:TCP:PORT_16883
"60504:TCP"= 60504:TCP:PORT_60504
"11868:TCP"= 11868:TCP:PORT_11868
"17922:TCP"= 17922:TCP:PORT_17922
"55098:TCP"= 55098:TCP:PORT_55098
"17610:TCP"= 17610:TCP:PORT_17610
"64438:TCP"= 64438:TCP:PORT_64438
"61862:TCP"= 61862:TCP:PORT_61862
"5938:TCP"= 5938:TCP:PORT_5938
"12372:TCP"= 12372:TCP:PORT_12372
"51833:TCP"= 51833:TCP:PORT_51833
"8906:TCP"= 8906:TCP:PORT_8906
"60321:TCP"= 60321:TCP:PORT_60321
"32481:TCP"= 32481:TCP:PORT_32481
"44719:TCP"= 44719:TCP:PORT_44719
"64540:TCP"= 64540:TCP:PORT_64540
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2004-06-04 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-17 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-17 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-17 298264]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe []
2009-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]
2009-02-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-REGSHAVE - c:\program files\REGSHAVE\REGSHAVE.EXE
MSConfigStartUp-UVS11 Preload - c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
MSConfigStartUp-WarBoard - c:\program files\Cyber Snipa WarBoard 1.00\WarBoard.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: ʹÓÃWEBѸÀ×ÏÂÔØ - c:\program files\Thunder Network\WebThunder\GetUrl.htm
IE: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - c:\program files\Thunder Network\WebThunder\GetAllUrl.htm
IE: {{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} - hxxp://support.packardbell.com/files/activex/InfosFinder2.CAB
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 23:56:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1727305680-3387058233-319847586-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D5725629-EE60-F013-687E-B75903A56161}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbdokcodogaadlmfgobaifflhfflklcdchabicfn"=hex:6b,61,62,62,63,67,6b,65,6c,6e,
65,6b,6b,6f,6b,6c,69,6c,70,6a,68,68,00,7c
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
.
**************************************************************************
.
Completion time: 2009-02-18 0:00:50 - machine was rebooted [Zhi Zhong]
ComboFix-quarantined-files.txt 2009-02-17 16:00:37
Pre-Run: 11,443,552,256 bytes free
Post-Run: 11,461,832,704 bytes free
307 --- E O F --- 2009-02-17 11:56:42
|
|
|
|
|
18-02-2009, 01:30 AM
|
#405 |
|
ƒ(ψ)=Θº×φ
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
That's great, now that you can access antivirus sites once again.
You should delete this file too using Killbox : c:\windows\system32\krnln.fne Also you have a lot of ports open and allowed through firewall. have you opened them manually ? if not close the ports. Did you open all the ports for BitTorrent clients like uTorrent ? You should open a single port for uTorrent connections and also uncheck Randomize port option from uTorrent preferences. type or copy paste the code to close all the opened ports. Code:
for %i in (56029 36121 45704 54294 27290 18997 53006 31885 24241 40041 25918 43366 53875 32125 52619 57704 31706 6052 44004 6404 34843 46673 7634 7411 56720 43696 64618 24024 22373 43184 61813 7649 54113 47066 58790 15356 29641 42563 26813 8540 18993 41113 16172 33477 52188 16794 8446 9168 14865 60266 44134 56016 42751 14906 21456 16829 41762 15020 20176 51391 23402 33149 14188 45551 59158 54641 37613 58188 24254 59696 56242 19856 43060 23063 64000 55332 12063 65430 37298 20265 54319 27578 47227 14566 51250 18516 49066 9563 43864 26504 49770 53079 60915 44485 13758 41520 21270 19788 57620 16883 60504 11868 17922 55098 17610 64438 61862 5938 12372 51833 8906 60321 32481 44719 64540) do netsh firewall set portopening protocol=TCP port=%i mode=DISABLE profile=ALL scope=ALL |
|
|
|
|
18-02-2009, 08:43 AM
|
#406 |
|
Junior Member (25+)
Join Date: Jan 2009
Posts: 47
Thanks: 3
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
bakuryu:
I am back in town and just ran ESET. Below is the logfile: see anything interesting? THANKS |
|
|
|
|
18-02-2009, 12:27 PM
|
#407 |
|
ƒ(ψ)=Θº×φ
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
hmmm ... nothing in the SysInspector, but did you run any rootkits finders ?
http://technet.microsoft.com/hi-in/s...8en-us%29.aspx GMER Download Panda Anti-Rootkit 1.08.00 Sophos Anti-Rootkit - Free rootkit detection and removal |
|
|
|
|
18-02-2009, 01:10 PM
|
#408 |
|
Newbie
Join Date: Feb 2009
Posts: 7
Thanks: 5
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Hi! It's me again, and fortunately, I can now access antivirus sites after i ran combofix.
Here's my log: Code:
ComboFix 09-02-17.01 - oriwad 2009-02-18 16:00:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.167 [GMT 8:00]
Running from: c:\documents and settings\oriwad\Desktop\Fix.exe
Command switches used :: c:\documents and settings\oriwad\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: avast! antivirus 4.8.1296 [VPS 090217-0] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\drivers\UACxsicqwfk.sys
c:\windows\system32\UACdxnhnogw.dll
c:\windows\system32\UACilwpamgx.dat
c:\windows\system32\UACiurluuxa.dll
c:\windows\system32\UACodlrvowk.dll
c:\windows\system32\UACpeieuipy.log
c:\windows\system32\UACrckjendf.dll
c:\windows\system32\UACsmwavwvy.log
c:\windows\system32\UACyojuniql.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))))))
.
2009-02-17 15:33 . 2009-02-17 16:34 <DIR> d-------- c:\program files\Opera
2009-02-17 13:25 . 2009-02-17 13:25 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-17 13:25 . 2009-02-17 14:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-13 16:00 . 2009-02-18 08:01 5,068 --a------ c:\windows\system32\uacinit.dll
2009-02-06 13:42 . 2009-02-10 16:29 <DIR> d-------- c:\windows\system32\NtmsData
2009-01-28 11:12 . 2009-01-28 11:20 <DIR> d-------- c:\program files\Free PDF to Word Converter
2009-01-24 02:26 . 2009-02-13 15:34 <DIR> d-------- c:\program files\ABC 3GP Converter
2009-01-24 02:26 . 2009-01-24 02:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\VOWSoft
2009-01-19 02:41 . 2009-01-19 05:35 <DIR> d-------- c:\documents and settings\oriwad\Application Data\GetRightToGo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 09:00 --------- d-----w c:\documents and settings\oriwad\Application Data\LimeWire
2009-02-12 05:25 --------- d-----w c:\program files\ABC Amber LIT Converter
2009-02-03 00:49 --------- d-----w c:\program files\PC Alarm Clock
2009-01-20 16:10 --------- d-----w c:\program files\LimeWire
2009-01-16 17:30 --------- d-----w c:\program files\Mobiola Video Studio
2009-01-16 17:07 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-09 23:24 --------- d-----w c:\program files\Canon Creative
2009-01-05 19:46 --------- d-----w c:\program files\yLend
2009-01-05 18:17 --------- d-----w c:\program files\Meteor Share
2009-01-04 18:15 --------- d-----w c:\documents and settings\oriwad\Application Data\Leadertech
2009-01-04 18:14 --------- d-----w c:\documents and settings\All Users\Application Data\HotSync
2009-01-04 18:12 53,248 ---ha-w c:\windows\PalmDevC.dll
2009-01-04 18:12 --------- d-----w c:\documents and settings\oriwad\Application Data\HotSync
2009-01-03 15:56 --------- d-----w c:\program files\Google
2008-12-30 19:24 --------- d--h--w c:\program files\SweetIM
2008-12-30 19:23 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM
2008-12-30 00:29 --------- d--h--w c:\documents and settings\oriwad\Application Data\PlayFirst
2008-12-30 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-29 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\PaperlessPrinter Data
2008-12-23 01:05 118,784 ----a-w c:\windows\system32\MobiolaExt.dll
2008-12-23 01:05 118,784 ----a-w c:\windows\system32\MobiolaDriveExt.dll
.
------- Sigcheck -------
2008-05-21 03:10 502272 6225f14b8ce08ccba8b25ad27843c674 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-27 81000]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-31 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-29 49152]
"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 99840]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-29 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-27 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-11 61440]
"PC Alarm Clock"="c:\program files\PC Alarm Clock\pcalarmclock.exe" [2006-02-03 1254400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-11-18 111928]
c:\documents and settings\oriwad\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2008-11-21 3656]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2009-01-08 2367488]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MoRUN.net\\Sticker Lite\\sticker.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-05-20 17920]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-03 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-03 20560]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-05-20 428160]
S3 dump_wmimmc;dump_wmimmc;\??\e:\cabal online (ph)\GameGuard\dump_wmimmc.sys --> e:\cabal online (ph)\GameGuard\dump_wmimmc.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c84f03f-a9ef-11dd-998c-001921165d2b}]
\Shell\AutoRun\command - SilentSoftech.exe
\Shell\explore\command - SilentSoftech.exe
\Shell\open\command - SilentSoftech.exe
\Shell\var1\command - SilentSoftech.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abf79f94-33f1-11dd-98bf-001921165d2b}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL DXGDIALOG.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2ae8f4a-4929-11dd-98f3-001921165d2b}]
\Shell\AutoRun\command - F:\xmnm2.cmd
\Shell\explore\Command - F:\xmnm2.cmd
\Shell\open\Command - F:\xmnm2.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2ae8f4b-4929-11dd-98f3-001921165d2b}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe uragon.txt.js "%1"
\Shell\E&xplore\command - wscript.exe uragon.txt.js "%1"
\Shell\verb\command - wscript.exe uragon.txt.js "%1"
.
Contents of the 'Scheduled Tasks' folder
2008-09-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-20 07:53]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Messenger (Yahoo!) - ~c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo!
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\oriwad\Application Data\Mozilla\Firefox\Profiles\8c66yz3t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 16:03:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?9????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-02-18 16:04:41
ComboFix-quarantined-files.txt 2009-02-18 08:04:34
Pre-Run: 28,712,017,920 bytes free
Post-Run: 29,846,921,216 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
176 --- E O F --- 2008-08-01 22:18:08
So is my computer virus-free now? God, I hope so... Last edited by bakuryu; 18-02-2009 at 09:21 PM.. Reason: to be more accurate |
|
|
|
|
18-02-2009, 09:30 PM
|
#409 |
|
ƒ(ψ)=Θº×φ
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
yes the system looks clean, just delete some remaining registry entries. open command prompt and type :
Code:
reg delete "HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c84f03f-a9ef-11dd-998c-001921165d2b}" /f
reg delete "HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{abf79f94-33f1-11dd-98bf-001921165d2b}" /f
reg delete "HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2ae8f4a-4929-11dd-98f3-001921165d2b}" /f
reg delete "HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2ae8f4b-4929-11dd-98f3-001921165d2b}" /f
SilentSoftech.exe DXGDIALOG.EXE uragon.txt.js and delete these files too : c:\windows\system32\uacinit.dll F:\xmnm2.cmd |
|
|
|
| Thanked Users: | misfit (19-02-2009) |
|
19-02-2009, 07:11 AM
|
#410 |
|
Newbie
Join Date: Feb 2009
Posts: 7
Thanks: 5
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Hi Bakuryu:
I didn't find the following files (by using the search function): SilentSoftech.exe DXGDIALOG.EXE uragon.txt.js and neither did I find this one: F:\xmnm2.cmd but I was able to delete this file: c:\windows\system32\uacinit.dll Does this mean that my computer is now all set? Thanks for your help!  |
|
|
|
|
| Tags |
| antivirus, cleanup, infection, virus, virus removal |
| Thread Tools | |
| Display Modes | |
|
|
< Home - Windows Help - MS Office Help - Hardware Support >
| New To Site? | Need Help? |
Linear Mode
