Cannot access Antivirus Sites/Google/Avast etc.

xrmxrm · 24-04-2009, 12:08 PM

I can now run HiJackThis, here is the log, i still cant run Combofix for some unknown reason

Code:

Logfile of HijackThis v1.99.1
Scan saved at 2:34:32 PM, on 4/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Soul Circus\Desktop\hijackthis_199\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

also i can view antivirus sites but still im receiving various 0x000076 things and stuffs like x0045640 or whatever they are.

**bakuryu** · 24-04-2009, 02:36 PM

Quote:

also i can view antivirus sites but still im receiving various 0x000076 things and stuffs like x0045640 or whatever they are.

You mean you are receiving BSOD's ? You need to note down the exact STOP error and create a different thread. This thread is not for solving BSOD problems.

Your HijackThis log file is clean, part from few Avast service files missing. Re-installing Avast should solve the problem.

Have you tried renaming ComboFix to something else (anything) and then run it ?

Pablo B · 26-04-2009, 04:37 AM

hi gurus ! i am new at techtalkz. I hope you can help with this problem. I am trying to fix my dad`s computer but don`t know what to do.
we have AVG installed but the update connection failed. i canot access AVG, avast etc. websites...
Reading the previous posts i run hijackthis and this is the log, hope you can help me !

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:29, on 25/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\sm56hlpr.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\PJB\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\TEMP\B752.tmp
C:\WINDOWS\system32\igfxsrvc.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Huracán golpea a Tigre en Victoria
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iplan.com.ar:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Archivos de programa\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PJB\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZN
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1182499831593
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DCE507E-0359-4FF4-9E01-3B5197920D0D}: NameServer = 200.63.155.192 200.63.155.64
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe

Pablo B from Argentina

MaToMaStEr · 26-04-2009, 08:00 AM

Hello
I was wondering if someone could help me with the following problems

- A while ago, I got infected through an USB stick. Since then, everytime I start windows Explorer automatically opens. Also when I inster an USB stick or a SD Card, I get a lot of weird errors.

- I tried installing an AV but i can't upgrade the Virus definitions cause i can't log into antivirus sites or servers.

Ater reading through this Forum, I tried the following:

+ Scaned my Pc with Spybot S&D and fixed some of the problems in Safe Mode
+ scanned with ComboFIX

I couldn't deactivate the recovery System though. I cant see the option anywhere, and i can't access microsoft support website for instructions.

Here's my HijackThis Log File:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:09, on 25/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\EzButton\CplBCL50.EXE
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll60.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Busca 7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CplBCL50] C:\Archivos de programa\EzButton\CplBCL50.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Archivos de programa\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [Hotfix-KB5504305] C:\WINDOWS\system32\rundll60.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Hotfix-KB5504305] C:\WINDOWS\system32\rundll60.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [Hotfix-KB5504305] C:\WINDOWS\system32\rundll60.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix: 
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Archivos de programa\MATLAB71\webserver\bin\win32\matlabserver.exe

--
End of file - 6654 bytes

Please, help a desperate guy

!
Thanks in advance

Matias P.
Chile

**bakuryu** · 26-04-2009, 02:36 PM

@Pablo B::
Download, install and run CCleaner and clean all temporary files.

Disable System Restore, reboot in Safe Mode, Run HijackThis again and fix the following entries :

Quote:

O8 - Extra context menu item: &Search - ?p=ZN
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll

Delete the file C:\WINDOWS\SYSTEM32\crypts.dll using Killbox. Reboot in normal mode and see if you can visit anti virus sites ? If not run ComboFix and post the log file.

**bakuryu** · 26-04-2009, 02:40 PM

@MaToMaStEr ::

Download, install and run CCleaner and clean all temporary files.

Disable System Restore, reboot in Safe Mode, Run HijackThis again and fix the following entries :

Quote:

O4 - HKLM\..\Run: [Hotfix-KB5504305] C:\WINDOWS\system32\rundll60.exe
O4 - HKCU\..\Run: [Hotfix-KB5504305] C:\WINDOWS\system32\rundll60.exe
O4 - HKCU\..\RunServices: [Hotfix-KB5504305] C:\WINDOWS\system32\rundll60.exe

Delete the file C:\WINDOWS\system32\rundll60.exe using Killbox. Reboot in normal mode and see if you can visit anti virus sites ? If not run ComboFix and post the log file.

MaToMaStEr · 26-04-2009, 10:57 PM

Hi, and thanks for the quick answer.

- somewhow i can't access your links to any microsoft.com site neither.
I found in internet some instructions on disabling the System Resotre function, but i can't find the "System Restore" Tab on the system properties. I disabled it through the Registry Editor with the "DisableSR" value and a "start" value somewhere. I hope i'm not screwing things up.

- Is it possible to do this maintenance without having SR disabled ?

I'll try doing what you said now, with the SR disabled through the registry, hope it works

Thanks again

MaToMaStEr · 26-04-2009, 11:31 PM

Hello again

I had the following problems doing what you said:

- Couldn't find the System Resotre tab, and had to disable it through the registry Editor.

- I couldn't reboot in Safe Mode. When starting i got this Blue Screen with an error, and had to restart the computer. I got this error with and without the SR disabled.

I did what you sugested though, but in Normal Mode, and the problem persists...hmmmm.

Here's the ComboFIX log

Code:

ComboFix 09-04-25.A3 - Administrador 26/04/2009 13:51.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.34.3082.18.511.234 [GMT -4:00]
Running from: c:\documents and settings\Administrador\Escritorio\Fix.exe
.

(((((((((((((((((((((((((   Files Created from 2009-05-26 to 2009-4-26  )))))))))))))))))))))))))))))))
.

2009-04-26 17:45 . 2009-04-26 17:45    --------    d-----w    C:\!KillBox
2009-04-26 17:28 . 2009-04-26 17:28    --------    d-----w    c:\archivos de programa\CCleaner
2009-04-26 02:01 . 2009-04-26 02:01    --------    d-----w    c:\archivos de programa\Trend Micro
2009-04-26 00:55 . 2009-04-26 00:55    --------    d-----w    c:\windows\system32\xircom
2009-04-26 00:55 . 2009-04-26 00:55    --------    d-----w    c:\windows\system32\restore
2009-04-26 00:55 . 2009-04-26 00:55    --------    d-----w    c:\windows\system32\oobe
2009-04-26 00:55 . 2009-04-26 00:55    --------    d-----w    c:\windows\srchasst
2009-04-26 00:55 . 2009-04-26 00:55    --------    d-----w    c:\windows\msagent
2009-04-26 00:55 . 2009-04-26 00:55    --------    d-----w    c:\archivos de programa\microsoft frontpage
2009-04-26 00:16 . 2009-04-26 17:31    --------    d-----w    c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2009-04-26 00:16 . 2009-04-26 00:30    --------    d-----w    c:\archivos de programa\Spybot - Search & Destroy
2009-04-25 23:09 . 2009-04-25 23:09    --------    d-----w    c:\documents and settings\All Users\Datos de programa\Uniblue
2009-04-25 22:55 . 2009-04-25 23:31    --------    d-----w    c:\archivos de programa\Uniblue
2009-04-25 22:48 . 2009-04-25 23:09    --------    d-----w    c:\documents and settings\Administrador\Datos de programa\Uniblue
2009-04-25 22:44 . 2009-04-25 23:04    --------    d-----w    c:\archivos de programa\Enigma Software Group
2009-04-23 23:24 . 2009-04-23 23:25    --------    d-----w    C:\WinAVR-20090313
2009-04-23 02:42 . 2009-04-25 22:28    --------    d-----w    c:\documents and settings\All Users\Datos de programa\Avira
2009-04-22 19:52 . 2006-10-18 18:29    102400    ----a-w    c:\windows\system32\wdapi811.dll
2009-04-22 19:52 . 2002-01-05 16:37    344064    ------w    c:\windows\system32\msvcr70.dll
2009-04-22 19:52 . 2006-11-28 11:33    3653632    ----a-w    c:\windows\system32\BCGCBPRO94080.dll
2009-04-22 19:52 . 2005-03-21 17:05    110592    ----a-r    c:\windows\system32\wd_utils.dll
2009-04-22 19:52 . 2002-04-29 12:28    69632    ----a-r    c:\windows\system32\RWUXThemeS.dll
2009-04-22 19:52 . 2002-04-09 10:45    290904    ----a-r    c:\windows\system32\vc6-re200l.dll
2009-04-22 19:52 . 2009-04-22 19:52    --------    d-----w    c:\archivos de programa\Atmel
2009-04-22 19:51 . 2009-04-22 19:51    --------    d-----w    c:\documents and settings\Administrador\Datos de programa\InstallShield
2009-04-15 00:16 . 2009-04-15 00:16    54156    ---ha-w    c:\windows\QTFont.qfn
2009-04-15 00:16 . 2009-04-15 00:16    1409    ----a-w    c:\windows\QTFont.for

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 23:09 . 2008-04-02 16:49    --------    d-----w    c:\documents and settings\Administrador\Datos de programa\uTorrent
2009-04-22 20:35 . 2008-12-08 19:53    --------    d-----w    c:\archivos de programa\Trojan Remover
2009-04-22 19:52 . 2008-04-02 02:51    --------    d--h--w    c:\archivos de programa\InstallShield Installation Information
2009-04-22 19:08 . 2008-10-20 14:30    --------    d-----w    c:\archivos de programa\Digilent
2009-04-22 19:08 . 2008-10-20 14:30    --------    d-----w    c:\archivos de programa\Archivos comunes\Digilent
2009-04-16 21:24 . 2008-04-24 19:03    --------    d-----w    c:\documents and settings\Administrador\Datos de programa\Dev-Cpp
2009-04-14 23:40 . 2008-06-02 04:59    --------    d-----w    c:\archivos de programa\FTP Commander
2009-03-29 20:09 . 2008-04-08 00:53    --------    d-----w    c:\archivos de programa\Last.fm
2009-03-15 19:47 . 2001-08-24 16:00    81758    ----a-w    c:\windows\system32\perfc00A.dat
2009-03-15 19:47 . 2001-08-24 16:00    463286    ----a-w    c:\windows\system32\perfh00A.dat
2009-03-10 17:09 . 2009-03-10 17:09    90112    --sha-r    c:\windows\system32\uehrvm.dll
2009-03-09 01:36 . 2009-03-09 01:36    --------    d-----w    c:\archivos de programa\7-Zip
2009-03-08 23:37 . 2008-10-27 22:23    --------    d-----w    c:\archivos de programa\DOSBox-0.72
2009-03-08 20:54 . 2008-04-02 13:21    21192    ----a-w    c:\documents and settings\Administrador\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
2009-03-08 20:53 . 2009-03-08 20:53    --------    d-----w    c:\documents and settings\All Users\Datos de programa\FLEXnet
2009-03-08 20:44 . 2009-03-08 20:44    --------    d-----w    c:\archivos de programa\QuickTime
2009-03-08 20:43 . 2009-03-08 20:43    --------    d-----w    c:\archivos de programa\Bonjour
2009-03-08 20:43 . 2008-04-02 12:56    --------    d-----w    c:\archivos de programa\Archivos comunes\Adobe
2009-03-08 20:35 . 2009-03-08 20:35    --------    d-----w    c:\archivos de programa\Archivos comunes\Macrovision Shared
2009-02-26 04:52 . 2008-05-27 19:50    --------    d-----w    c:\archivos de programa\PokerStars
2008-12-02 05:52 . 2008-12-02 05:52    332    ----a-w    c:\documents and settings\Administrador\Configuración local\Datos de programa\DelUnist.bat
2008-06-24 05:29 . 2008-06-24 01:45    0    ----a-w    c:\documents and settings\Administrador\dataexchange.tmp
2008-04-15 17:40 . 2008-04-15 17:40    32    ----a-w    c:\documents and settings\All Users\Datos de programa\ezsid.dat
2008-04-10 00:47 . 2008-04-10 00:47    142    ----a-w    c:\documents and settings\Administrador\Configuración local\Datos de programa\fusioncache.dat
2008-08-21 04:42 . 2008-10-04 00:15    22528    --sha-w    c:\windows\system32\afido.exe
.

------- Sigcheck -------

[-] 2007-07-29 12:46    579072    237FB93C6B4330D8EE7D2448CF71C5ED    c:\windows\system32\user32.dll

[-] 2007-07-29 12:46    668160    F83EA3CC10363E54AA27DF3F1A291DBC    c:\windows\ie7\wininet.dll
[-] 2007-04-25 08:26    823808    3F87B114C97989298D809A44664F8A29    c:\windows\system32\wininet.dll
[-] 2007-04-25 08:26    823808    3F87B114C97989298D809A44664F8A29    c:\windows\system32\dllcache\wininet.dll

[-] 2007-07-29 23:08    360576    C79DF4477C0D82BB045CBC50E2B677E9    c:\windows\system32\drivers\tcpip.sys

[-] 2007-07-29 12:46    2061824    FDA9504C4993043EF75AD2F59CD6DABA    c:\windows\system32\ntkrnlpa.exe

[-] 2007-07-29 12:46    2184576    61BDB2667827D484604C9A09248D6223    c:\windows\system32\ntoskrnl.exe

[-] 2007-07-29 12:45    953856    E9C19FD131D46EB3EF52B7A31EF33A90    c:\windows\explorer.exe
[-] 2007-07-29 12:45    1035776    DBB6B75CC6CB2CF8EC0BAFCA08AED6BE    c:\windows\XPize\Backup\explorer.exe

[-] 2004-08-19 13:42    30208    84AD8E1B758C1ABEA80CFCC087BE0ED3    c:\windows\system32\ctfmon.exe
[7] 2004-08-19 13:42    15360    25ECFA69AF1563FDE8DFD31F9954497A    c:\windows\XPize\Backup\ctfmon.exe

[-] 2007-07-29 12:46    57856    AD3D9D191AEA7B5445FE1D82FFBB4788    c:\windows\system32\spoolsv.exe

[-] 2007-07-29 12:45    1039360    E5BEBAE61A1EBFE320300F0A327543DC    c:\windows\system32\kernel32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 30208]
"TaskSwitchXP"="c:\archivos de programa\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"AlcoholAutomount"="c:\archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]
"SpybotSD TeaTimer"="c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-02-10 335872]
"CplBCL50"="c:\archivos de programa\EzButton\CplBCL50.EXE" [2004-03-02 401408]
"SynTPLpr"="c:\archivos de programa\Synaptics\SynTP\SynTPLpr.exe" [2004-01-09 98304]
"SynTPEnh"="c:\archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2004-01-09 491520]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"UnlockerAssistant"="c:\archivos de programa\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\Soundman.exe [2003-12-19 78848]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-07-25 88363]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 30208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-04-25 124928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Hotfix-KB5504305    REG_SZ             c:\windows\system32\rundll60.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    schannel.dll, digest.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"opesys"=c:\windows\system32\afido.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"c:\\Archivos de programa\\uTorrent\\utorrent.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17780:TCP"= 17780:TCP:RegisteredCommon GlobalizationL2S
"62161:UDP"= 62161:UDP:RegisteredCommon CalendarGallery
"55963:TCP"= 55963:TCP:RegisteredCommon MovieWorks
"58830:UDP"= 58830:UDP:RegisteredCommon ResourcesCollaboration

R2 wuaumgmt;Manager Policy;c:\windows\system32\svchost.exe [2004-08-19 14336]
R3 DmodUsb;DmodUsb;c:\windows\system32\DRIVERS\dmodusb.sys [2006-08-28 17408]
R3 USB188;USB PC Camera 188;c:\windows\system32\Drivers\usb188.sys [2005-11-10 391120]
S3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\Drivers\WBSD.SYS [2003-03-20 25856]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
wuaumgmt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80bb6010-91a9-11dd-bec7-000e35a2c095}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL afido.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f25e81a0-9178-11dd-bec6-000e35a2c095}]
\Shell\AutoRun\command - G:\dll32.exe
\Shell\open\command - G:\dll32.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.busca7.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\53eop7ms.default\
FF - component: c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\53eop7ms.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 13:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuaumgmt]
"ServiceDll"="c:\windows\system32\uehrvm.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(2896)
c:\windows\System32\cscui.dll
c:\archiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-26 13:54
ComboFix-quarantined-files.txt  2009-04-26 17:54
ComboFix2.txt  2009-04-26 01:53
ComboFix3.txt  2009-04-26 01:44
ComboFix4.txt  2009-04-26 00:25

Pre-Run: 5.258.506.240 bytes libres
Post-Run: 5.249.884.160 bytes libres

198

Thanks ! I hope there's a solution for my problem.

Matias

MaToMaStEr · 27-04-2009, 07:10 AM

Hi again !!

Browsing for solutions and ideas, i found a Conficker Removal Tool, ran it and now I have access again to those somehow blocked sites.

Thanks for your help.

-Is there anything I should still fix, based on the logs you saw?
-Was this "conficker" also responsable for my problems with the USB, and windows explorer openning at the beggining ?

**bakuryu** · 27-04-2009, 02:52 PM

Since you have run Conflicker removal tool, run ComboFix and post the log file again.

Now that you can access Microsoft sites, install this hotfix : http://www.microsoft.com/technet/sec.../MS08-067.mspx

26-04-2009, 10:57 PM	#617
MaToMaStEr Newbie Join Date: Apr 2009 Age: 25 Posts: 5 Thanks: 3 Thanked 0 Times in 0 Posts Rep Power: 0 OS:	Re: Cannot access Antivirus Sites/Google/Avast etc. Hi, and thanks for the quick answer. - somewhow i can't access your links to any microsoft.com site neither. I found in internet some instructions on disabling the System Resotre function, but i can't find the "System Restore" Tab on the system properties. I disabled it through the Registry Editor with the "DisableSR" value and a "start" value somewhere. I hope i'm not screwing things up. - Is it possible to do this maintenance without having SR disabled ? I'll try doing what you said now, with the SR disabled through the registry, hope it works Thanks again

27-04-2009, 07:10 AM	#619
MaToMaStEr Newbie Join Date: Apr 2009 Age: 25 Posts: 5 Thanks: 3 Thanked 0 Times in 0 Posts Rep Power: 0 OS:	Re: Cannot access Antivirus Sites/Google/Avast etc. Hi again !! Browsing for solutions and ideas, i found a Conficker Removal Tool, ran it and now I have access again to those somehow blocked sites. Thanks for your help. -Is there anything I should still fix, based on the logs you saw? -Was this "conficker" also responsable for my problems with the USB, and windows explorer openning at the beggining ?

27-04-2009, 02:52 PM	#620
bakuryu ƒ(ψ)=Θº×φ Join Date: May 2006 Location: India Age: 24 Posts: 6,621 Thanks: 19 Thanked 649 Times in 605 Posts Rep Power: 87 OS:	Re: Cannot access Antivirus Sites/Google/Avast etc. Since you have run Conflicker removal tool, run ComboFix and post the log file again. Now that you can access Microsoft sites, install this hotfix : http://www.microsoft.com/technet/sec.../MS08-067.mspx

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

New To Site?	Need Help?
Register to Participate Meet our Staff Refer Forum Rules Contact Us	Frequently Asked Questions Did you forget your password?

Cannot access Antivirus Sites/Google/Avast etc.

Computer Security