|
|
|
|||||||
| Notices |
 |
|
|
Thread Tools | Display Modes |
04-06-2009, 06:40 PM
|
#671 | |
|
ƒ(ψ)=ΘΊΧφ
 
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 643 Times in 602 Posts
Rep Power: 87
  OS:
 |
Re: Cannot access Antivirus Sites/Google/Avast etc.
@ryuzaki17 ::
Your HijackThis log file is clean. Check this: Conficker Eye Chart Quote:
Reboot and check if you can access all sites. Finally install this security update : http://www.microsoft.com/technet/sec.../MS08-067.mspx
__________________
Please don't click here |
|
|
|
| Thanked Users: | ryuzaki17 (05-06-2009) |
|
05-06-2009, 10:28 AM
|
#672 | |
|
Newbie
Join Date: Jun 2009
Posts: 2
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
 OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Quote:
thx for the help i can access antivirus sites now.... thx for the many help....  |
|
|
|
|
|
05-06-2009, 09:39 PM
|
#673 |
|
Newbie
Join Date: Jun 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
hello,
I'm glad I found this post cause I'm having thje same problems as many people here. I cannot access microsoft sites , liveupdate for norton doesn't work and no anti-virus sites as well. I would be greatful if you can look at my Hijackthis log and my combofix report, thanks. hjt Code:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:02:28, on 05-06-2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Customer\Wireless PCI_CardBus utility V1.01\Wireless PCI_CardBus utility V1.01.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\regedit.exe C:\Documents and Settings\caisse\Bureau\HJT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = My Way R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = My Way R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Wireless PCI_CardBus utility V1.01.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 5421 bytes combofix report Code:
ComboFix 09-06-04.08 - caisse 05-06-2009 15:39.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.510.408 [GMT 1:00]
Lancé depuis: c:\documents and settings\caisse\Bureau\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-05 au 2009-06-05 ))))))))))))))))))))))))))))))))))))
.
2009-06-05 12:33 . 2009-06-05 12:33 -------- d-s---w- c:\documents and settings\caisse\UserData
2009-06-05 12:28 . 2009-06-05 12:28 -------- d-----w- c:\documents and settings\caisse\Local Settings\Application Data\Symantec
2009-06-05 12:23 . 2009-06-05 12:29 -------- d-----w- c:\documents and settings\caisse\Application Data\Symantec
2009-06-05 12:20 . 2009-06-05 12:20 -------- d-----w- c:\program files\Windows Sidebar
2009-06-05 12:19 . 2009-06-05 12:24 -------- d-----w- c:\program files\Norton 360
2009-06-05 12:17 . 2009-06-05 12:22 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-05 12:17 . 2009-06-05 12:22 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-05 12:17 . 2009-06-05 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-05 12:17 . 2009-06-05 12:22 -------- d-----w- c:\program files\Symantec
2009-06-05 12:15 . 2009-06-05 14:11 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 14:02 . 2004-08-19 13:03 64484 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-05 14:02 . 2004-08-19 13:03 446566 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-05 12:22 . 2009-06-05 12:17 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-05 12:22 . 2009-06-05 12:17 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2004-08-05 12:00 . 2004-08-19 13:03 168509 --sha-r- c:\windows\system32\fkfgjexe.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-05_12.51.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-19 13:03 . 2009-06-05 14:02 53436 c:\windows\system32\perfc009.dat
- 2004-08-19 13:03 . 2009-06-05 12:14 53436 c:\windows\system32\perfc009.dat
+ 2004-08-19 13:14 . 2004-08-05 12:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2004-08-19 13:03 . 2009-06-05 14:02 381692 c:\windows\system32\perfh009.dat
- 2004-08-19 13:03 . 2009-06-05 12:14 381692 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Wireless PCI_CardBus utility V1.01.exe.lnk - c:\program files\Customer\Wireless PCI_CardBus utility V1.01\Wireless PCI_CardBus utility V1.01.exe [2008-1-25 913408]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5450:TCP"= 5450:TCP:dgwkqctc
S2 Esdpdx01;Esdpdx01;c:\windows\system32\drivers\ESDPDX01.SYS [19-01-2003 95449]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe [18-02-2008 12:37 149352]
S2 lzyauov;Windows Time;c:\windows\system32\svchost.exe -k netsvcs [19-08-2004 14:03 14336]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [05-06-2009 13:15 109616]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - COMHOST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lzyauov
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.dell.fr/myway
mStart Page = hxxp://www.dell.fr/myway
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-05 15:42
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lzyauov]
"ServiceDll"="c:\windows\system32\fkfgjexe.dll"
.
Heure de fin: 2009-06-05 15:44
ComboFix-quarantined-files.txt 2009-06-05 14:44
ComboFix2.txt 2009-06-05 14:04
ComboFix3.txt 2009-06-05 13:06
ComboFix4.txt 2009-06-05 12:52
Avant-CF: 60 353 724 416 octets libres
Après-CF: 60 345 839 616 octets libres
107
I did run combofix on safe mode and hjt during this session. Last edited by bakuryu; 06-06-2009 at 12:46 AM.. |
|
|
|
|
05-06-2009, 11:32 PM
|
#674 |
|
Newbie
Join Date: Jun 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
hello,
it seems I've solved my problem: I have edited out lzyauov from this key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetSvcs" and I stoped dnscache thru net stop dnscache and all sites are accessible now I'm not sure what I really did , but it works , although lzyauov is still present in the registry and the associated dll file fkfgjexe.dll which I cannot delete or even change it's attributes thru attrib. the system seems fine now but I still want to clean it out if any help, thanks |
|
|
|
|
06-06-2009, 12:45 AM
|
#675 |
|
ƒ(ψ)=ΘΊΧφ
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 643 Times in 602 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Delete the file c:\windows\system32\fkfgjexe.dll using Killbox.
or you can download and run the removal tool : W32.Downadup Removal Tool | Symantec and install this security update : http://www.microsoft.com/technet/sec.../MS08-067.mspx Also enable your firewall and antivirus manually, including Windows Security Center. Last edited by bakuryu; 06-06-2009 at 12:48 AM.. |
|
|
|
|
17-06-2009, 02:05 PM
|
#676 |
|
Newbie
Join Date: Jun 2009
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
hello guyz...
m new here... m facing this problem since many days or months..i dont know... did not bother initially to look after it... m not able to access any of the antivirus websites....m not able to install my kaspersky Internet Security because of that... i formatted my pc 3 times in 2 days... but no positive results... i tried Combofix, Spybot, hijack... and followed suggestions given in previous blogs to other mates in this forum... but its not helping... i really wanna get over this....... please help guyz...  Thank You !! I have included my hijackthis log and Combofix results Here is my Hijack this log Code:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:48:35 PM, on 6/17/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Tushar\Desktop\HJT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{8B85839F-4132-4C3F-8A2B-39235BD8E455}: NameServer = 218.248.255.177 218.248.240.134 -- End of file - 2304 bytes Here is my Combofix log Code:
ComboFix 09-01-21.02 - Tushar 2009-06-17 11:40:50.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.349 [GMT 5.5:30] Running from: c:\documents and settings\Tushar\Desktop\Fix.exe Command switches used :: c:\documents and settings\Tushar\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 ))))))))))))))))))))))))))))))) . 2009-06-17 04:30 . 2009-06-17 04:30 <DIR> d--hs---- C:\Recycled 2009-06-17 03:50 . 2009-06-17 03:50 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-06-17 03:50 . 2009-06-17 03:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-17 03:26 . 2009-06-17 03:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-06-17 03:13 . 2009-06-17 03:13 <DIR> d-------- c:\program files\Realtek AC97 2009-06-17 03:13 . 2009-06-17 03:13 <DIR> d--h----- c:\program files\InstallShield Installation Information 2009-06-17 03:12 . 2009-06-17 03:12 <DIR> d-------- c:\program files\Common Files\InstallShield 2009-06-17 03:10 . 2005-06-21 16:43 163,840 --a------ c:\windows\system32\igfxres.dll 2009-06-17 03:06 . 2009-06-17 03:06 <DIR> d-------- c:\documents and settings\Tushar 2009-06-17 03:05 . 2009-06-17 03:05 <DIR> d---s---- c:\windows\system32\Microsoft 2009-06-17 03:05 . 2009-06-17 03:05 <DIR> d--hs---- c:\documents and settings\NetworkService 2009-06-17 03:05 . 2009-06-17 03:05 <DIR> d--hs---- c:\documents and settings\LocalService 2009-06-17 03:05 . 2009-06-17 03:05 8,192 --a------ c:\windows\REGLOCS.OLD 2009-06-17 03:04 . 2004-08-03 23:04 156,672 --a------ c:\windows\system32\dllcache\winzm.ime 2009-06-17 03:04 . 2004-08-03 23:04 156,672 --a------ c:\windows\system32\dllcache\winsp.ime 2009-06-17 03:04 . 2004-08-03 23:04 156,672 --a------ c:\windows\system32\dllcache\winpy.ime 2009-06-17 03:04 . 2001-10-05 00:43 69,120 --a------ c:\windows\system32\dllcache\wingb.ime 2009-06-17 03:04 . 2004-08-03 23:04 65,536 --a------ c:\windows\system32\dllcache\winime.ime 2009-06-17 03:04 . 2001-10-05 00:46 28,288 --a------ c:\windows\system32\dllcache\xjis.nls 2009-06-17 03:02 . 2001-10-05 00:42 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex 2009-06-17 03:01 . 2001-10-05 00:42 13,463,552 --a------ c:\windows\system32\dllcache\hwxjpn.dll 2009-06-17 03:00 . 2004-08-04 00:56 2,134,528 --a------ c:\windows\system32\dllcache\smtpsnap.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-16 21:29 --------- d-----w c:\program files\microsoft frontpage 2004-08-03 13:56 167,324 --sh--r c:\windows\system32\vtbbxgq.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9872:TCP"= 9872:TCP:rkiexls S4 dvullgj;Helper Network;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs dvullgj . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.in/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-06-17 11:40:58 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dvullgj] "ServiceDll"="c:\windows\system32\vtbbxgq.dll" . Completion time: 2009-06-17 11:41:45 ComboFix-quarantined-files.txt 2009-06-17 06:11:44 ComboFix2.txt 2009-06-16 23:02:00 Pre-Run: 18,351,243,264 bytes free Post-Run: 18,348,720,128 bytes free 82 Last edited by bakuryu; 17-06-2009 at 09:56 PM.. |
|
|
|
|
17-06-2009, 10:04 PM
|
#677 |
|
ƒ(ψ)=ΘΊΧφ
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 643 Times in 602 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Open notepad and copy+paste the following text and save the file as CFScript.txt in the same directory where combofix is present. Then drag and drop the CFScript.txt file over combofix executable file, and combofix will run again.
Code:
File:: c:\windows\system32\vtbbxgq.dll Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dvullgj] Code:
netsh firewall set opmode mode=ENABLE netsh firewall set portopening protocol=ALL port=9872 mode=DISABLE scope=ALL profile=CURRENT sc delete dvullgj find the value (in the right hand pane) named netsvcs (entries are not in alphabetical order), double click to edit, find the line containing dvullgj (each line will contain one value, and they won't be in alphabetical order) and delete only that line. Click OK and close the edit window and close regedit. Reboot and check if you can access all sites. Finally install this security update : http://www.microsoft.com/technet/sec.../MS08-067.mspx |
|
|
|
|
22-06-2009, 08:44 PM
|
#678 |
|
Newbie
Join Date: Jun 2009
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
hello there . I have the same problem , i can't access all microsoft websites and bitdefender sites. PLease Help
Here is my Hijack.this log Code:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:03:22 PM, on 6/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\OSCAR Editor\OscarEditor.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Documents and Settings\Leku\Desktop\HJT.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.dll,CMICtrlWnd O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor\OscarEditor.exe" Minimum O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{ADA9C90F-0833-4579-B01E-044E7FABF182}: NameServer = 213.154.124.1 212.93.130.114 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file) O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 7695 bytes Last edited by Leku; 22-06-2009 at 08:46 PM.. Reason: wrong spell |
|
|
|
|
23-06-2009, 08:06 PM
|
#679 |
|
Newbie
Join Date: Jun 2009
Age: 27
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Hi Bakuryu and everyone,
I've also come across the problem of not being able to access antivirus sites such as avast. I've read a lot in this thread and attempted to perform the fixes using combofix, ccleaner and spybot however am still suffering! So in a last ditch effort here are my combofix and HJT log files. You prob notice I don't have a virus scanner going - the reason I would this fault was that I was trying to install avast. Combofix: Code:
ComboFix 09-06-22.08 - vien McArthur Nguyen 06/23/2009 13:33.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.623 [GMT 1:00]
Running from: c:\documents and settings\vien McArthur Nguyen\Desktop\Fix.exe
Command switches used :: c:\documents and settings\vien McArthur Nguyen\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.
2009-06-23 11:20 . 2009-06-23 11:20 -------- d-----w- c:\program files\CCleaner
2009-06-23 11:09 . 2009-06-23 11:09 -------- d-----w- C:\!KillBox
2009-06-23 09:53 . 2009-06-23 09:53 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-23 09:08 . 2009-06-23 09:08 -------- d-----w- c:\program files\Trend Micro
2009-06-22 23:04 . 2009-06-22 23:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-22 21:54 . 2009-06-23 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-22 21:54 . 2009-06-22 22:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-22 21:11 . 2009-06-22 21:11 -------- d-----w- c:\program files\AVG
2009-06-22 13:36 . 2009-06-22 13:37 -------- d-----w- c:\documents and settings\vien McArthur Nguyen\Application Data\vlc
2009-06-22 13:31 . 2009-06-22 13:31 -------- d-----w- c:\program files\VideoLAN
2009-06-22 10:21 . 2004-08-04 07:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-22 09:57 . 2009-06-22 09:57 -------- d-----w- c:\windows\system32\scripting
2009-06-22 09:57 . 2009-06-22 09:57 -------- d-----w- c:\windows\l2schemas
2009-06-22 09:57 . 2009-06-22 09:57 -------- d-----w- c:\windows\system32\en
2009-06-21 21:38 . 2009-06-21 21:38 -------- d-----w- c:\program files\iTunes
2009-06-21 21:38 . 2009-06-21 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-21 21:27 . 2009-06-21 21:27 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-21 21:24 . 2009-06-21 21:24 156980 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-21 21:23 . 2009-06-21 21:23 -------- d-----w- c:\program files\Safari
2009-06-21 20:57 . 2009-06-21 20:57 -------- d-----w- c:\documents and settings\vien McArthur Nguyen\Application Data\Subversion
2009-06-21 20:01 . 2009-06-21 20:01 -------- d-----w- c:\documents and settings\vien McArthur Nguyen\.m2
2009-06-21 19:50 . 2009-06-21 19:51 -------- d-----w- C:\Source
2009-06-21 11:18 . 2009-06-21 11:35 -------- d-----w- C:\cygwin
2009-06-21 11:04 . 2009-06-22 13:30 -------- d-----w- C:\Tools
2009-06-21 10:57 . 2009-06-21 10:57 -------- d-----w- c:\program files\Sun
2009-06-20 18:01 . 2009-06-20 18:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-20 17:16 . 2009-06-20 17:16 -------- d-----w- c:\program files\Apache Software Foundation
2009-06-20 16:13 . 2009-06-20 16:13 -------- d-----w- c:\program files\MySQL
2009-06-20 16:13 . 2009-06-20 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\MySQL
2009-06-20 16:09 . 2009-06-20 16:09 -------- d-----w- C:\Sun
2009-06-20 16:00 . 2009-06-20 15:59 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-20 15:59 . 2009-06-21 10:55 -------- d-----w- c:\program files\Java
2009-06-19 11:44 . 2009-06-19 11:44 -------- d-----w- C:\bb2dad70a0c4043f1f6c58c9
2009-06-08 14:12 . 2009-06-08 14:12 69632 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2009-06-06 19:02 . 2009-06-13 18:19 -------- d-----w- c:\documents and settings\vien McArthur Nguyen\Application Data\MSN6
2009-06-06 19:02 . 2009-06-06 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 11:33 . 2006-10-22 16:16 -------- d-----w- c:\program files\Google
2009-06-23 09:20 . 2009-03-29 17:48 -------- d-----w- c:\program files\Lavasoft
2009-06-22 11:58 . 2007-09-21 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-22 10:23 . 2006-10-22 17:20 -------- d-----w- c:\program files\MSN Messenger
2009-06-22 10:01 . 2005-04-18 09:01 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-06-21 21:38 . 2005-08-20 03:25 -------- d-----w- c:\program files\iPod
2009-06-21 21:38 . 2007-07-24 20:14 -------- d-----w- c:\program files\Common Files\Apple
2009-06-21 21:35 . 2005-08-20 03:27 -------- d-----w- c:\program files\QuickTime
2009-06-21 21:32 . 2007-07-24 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-21 21:24 . 2005-08-20 03:27 -------- d-----w- c:\documents and settings\vien McArthur Nguyen\Application Data\Apple Computer
2009-06-20 16:34 . 2006-10-31 10:37 -------- d-----w- c:\documents and settings\vien McArthur Nguyen\Application Data\AdobeUM
2009-06-05 10:42 . 2009-03-25 07:43 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 10:42 . 2009-03-25 07:43 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2007-04-16 15:52 . 2002-12-31 17:00 168371 --sha-r- c:\windows\system32\midpltx.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-23_09.53.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-23 12:01 . 2009-06-23 12:01 16384 c:\windows\Temp\Perflib_Perfdata_1e4.dat
+ 2009-06-23 09:53 . 2008-10-16 14:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-23 09:53 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-23 09:53 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-23 09:53 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-23 09:53 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-23 09:53 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-23 09:53 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-23 09:53 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-23 09:53 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-23 09:53 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-23 09:53 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-23 09:53 . 2008-10-16 01:00 666112 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-23 09:53 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-23 09:53 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-23 09:53 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-23 09:53 . 2008-04-14 00:12 108544 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-23 09:53 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-23 09:53 . 2008-04-14 00:11 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-23 09:53 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-23 09:53 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-23 09:53 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-23 09:53 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-23 09:53 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-23 09:53 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2006-07-29 5354792]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
"Google Update"="c:\documents and settings\vien McArthur Nguyen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-19 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-20 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-05-14 67072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-10-30 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-5-1 113664]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Next Limit\\Maxwell\\mxcl.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Next Limit\\Maxwell\\mxst.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Tools\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_14\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5825:TCP"= 5825:TCP:xsrpx
R2 NwSapAgent;SAP Agent;c:\windows\System32\svchost.exe -k netsvcs [12/31/2002 6:00 PM 14336]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/21/2008 4:36 PM 356920]
R2 sfmgr;CaReTaKeR-CT NetMgr 1.2.1;c:\sfmgr\sfmgr.exe [9/3/2005 5:15 AM 171008]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\Smith Micro\StuffIt11\ArcNameService.exe [5/1/2007 10:15 AM 157264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 grvvw;Support Config;c:\windows\system32\svchost.exe -k netsvcs [12/31/2002 6:00 PM 14336]
S2 gupdate1c9f1d1286d1f4e;Google Update Service (gupdate1c9f1d1286d1f4e);c:\program files\Google\Update\GoogleUpdate.exe [6/20/2009 7:01 PM 133104]
S3 Tomcat6;Apache Tomcat 6;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [5/14/2009 12:15 AM 57344]
S4 Prowkst;Prowkst; [x]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
grvvw
.
Contents of the 'Scheduled Tasks' folder
2009-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]
2009-06-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 19:53]
2009-06-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 11:46]
2009-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-117609710-725345543-1003.job
- c:\documents and settings\vien McArthur Nguyen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-19 11:46]
2008-12-21 c:\windows\Tasks\Norton Security Scan for vien McArthur Nguyen.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 17:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-23 13:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\grvvw]
"ServiceDll"="c:\windows\system32\midpltx.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(748)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-23 13:40
ComboFix-quarantined-files.txt 2009-06-23 12:40
ComboFix2.txt 2009-06-23 11:58
ComboFix3.txt 2009-06-23 10:50
ComboFix4.txt 2009-06-23 09:54
Pre-Run: 44,181,696,512 bytes free
Post-Run: 44,165,304,320 bytes free
218 --- E O F --- 2009-06-22 23:15
Code:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:23:48 PM, on 6/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\Program Files\DCPFLICS\DCPFLICS.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\WINDOWS\system32\WgaTray.exe C:\sfmgr\sfmgr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\vien McArthur Nguyen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\explorer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\cmd.exe C:\Documents and Settings\vien McArthur Nguyen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\vien McArthur Nguyen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\vien McArthur Nguyen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vien McArthur Nguyen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe O23 - Service: Google Update Service (gupdate1c9f1d1286d1f4e) (gupdate1c9f1d1286d1f4e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\sfmgr\sfmgr.exe O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe O23 - Service: Apache Tomcat 6 (Tomcat6) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe -- End of file - 12478 bytes pdmnz Last edited by bakuryu; 24-06-2009 at 11:23 PM.. |
|
|
|
|
24-06-2009, 11:53 PM
|
#680 | |
|
ƒ(ψ)=ΘΊΧφ
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 643 Times in 602 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
@Leku ::
Your HijackThis log file is clean. Check this: Conficker Eye Chart Quote:
Reboot and check if you can access all sites. Finally install this security update : http://www.microsoft.com/technet/sec.../MS08-067.mspx |
|
|
|
|
|
| Tags |
| antivirus, cleanup, infection, virus, virus removal |
| Thread Tools | |
| Display Modes | |
|
|
< Windows Help - MS Office Help - Hardware Support >
| New To Site? | Need Help? |
Linear Mode
