|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
04-30-2008, 12:51 PM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 12
OS: Windows Vista Home Basic
    |
Some websites not accessible
Since last Thursday, certain websites are not accessible regardless of what browser I use (Firefox, Internet Explorer, Opera). When I try to access one of these websites, my status bar simply reads "Waiting for <insert site here>", with no resolution. It sits there and does nothing, without even so much as an error message. These sites include Google (search engine; I can access the front page fine, oddly), GMail (again, front page is accessible, but it is not possible to login), Facebook, and a few different message boards that I visit. I have also noticed that sites that were still accessible last Thursday when this happened are now affected as well. It seems to be slowly spreading to the various web pages that I visit, and I can only imagine that it will eventually get to the point where I can't access anything at all. I have already spoke with my ISP on the matter, and they tell me that there is nothing wrong on their side. I have a second computer on my network that is completely unaffected and works without a problem, so I know that it isn't related to my modem or router. I currently have both AVG and the Bell Sympatico Security Manager installed for protection. I have done countless virus and spyware scans to no real avail, and I would most appreciate your assistance. This really baffles my mind. Here's my log:
Deckard's System Scanner v20071014.68 Run by Josh on 2008-04-30 15:31:00 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 3 Restore Point(s) -- 3: 2008-04-30 19:27:14 UTC - RP163 - Deckard's System Scanner Restore Point 2: 2008-04-30 10:29:07 UTC - RP162 - System Checkpoint 1: 2008-04-29 04:54:10 UTC - RP161 - System Checkpoint Backed up registry hives. Performed disk cleanup. System Drive C: has 3.25 GiB (less than 15%) free. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-04-30 15:33:29 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Bell\Security Manager\fws.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Documents and Settings\Josh\Desktop\dss.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {2d6871d1-795f-4596-9e4a-0bb5e2c2d531} - C:\WINDOWS\system32\gtvsvatl.dll (file missing) O2 - BHO: {50196f39-2936-5e8b-4a14-88419f9eee43} - {34eee9f9-1488-41a4-b8e5-639293f69105} - C:\WINDOWS\system32\ygjaioah.dll (file missing) O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Security Manager\FBHR.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll O2 - BHO: (no name) - {B2352453-378D-49CE-BBE2-D3E5687AA1B1} - C:\WINDOWS\system32\nnnmmmJd.dll (file missing) O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\nnnkKcYq.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [04bc666e] rundll32.exe "C:\WINDOWS\system32\kuitwejg.dll",b O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" O4 - HKLM\..\Run: [Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe" O4 - HKLM\..\Run: [BM078f55f2] Rundll32.exe "C:\WINDOWS\system32\hecgwfbr.dll",s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: https://www.amazon.com (HKCU) O15 - Trusted Zone: https://www.facebook.com (HKCU) O15 - Trusted Zone: https://www.gmail.com (HKCU) O15 - Trusted Zone: https://www.google.ca (HKCU) O15 - Trusted Zone: https://sympatico.msn.ca (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: nnnkKcYq - C:\WINDOWS\system32\nnnkKcYq.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe O23 - Service: dvpapi - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero O23 - Service: Security Manager Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\fws.exe -- End of file - 9207 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free> R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 RP_FWS (Security Manager Firewall) - c:\program files\bell\security manager\fws.exe <Not Verified; Radialpoint Inc.; Radialpoint Security Services 5.5.1> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-04-30 15:29:43 296 --a------ C:\WINDOWS\Tasks\Windows Live Messenger.job 2008-04-28 22:27:37 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-03-30 and 2008-04-30 ----------------------------- 2008-04-30 15  46 0 d-------- C:\ie-spyad_zo2008-04-30 14:58:39 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-30 14:58:26 0 d-------- C:\Program Files\SpywareBlaster 2008-04-29 22:33:54 0 d-------- C:\WINDOWS\LastGood 2008-04-29 22:28:34 0 d-------- C:\Program Files\Panda Security 2008-04-29 03:13:06 0 d-------- C:\Judas Priest 2008-04-29 03:12:29 0 d-------- C:\Deep Purple 2008-04-28 22:33:57 0 d-------- C:\Program Files\iPod 2008-04-28 22:33:41 0 d-------- C:\Program Files\iTunes 2008-04-28 13:40:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-28 13:16:32 0 d-------- C:\Program Files\FLV Player 2008-04-28 02:14:33 0 d-------- C:\Documents and Settings\Josh\Application Data\Mp3tag 2008-04-28 02:13:48 0 d-------- C:\Program Files\Mp3tag 2008-04-28 00:23:23 0 d-------- C:\Documents and Settings\Josh\Application Data\Opera 2008-04-28 00:22:49 0 d-------- C:\Program Files\Opera 2008-04-26 19:11:00 0 d-------- C:\New Folder 2008-04-26 17:54:38 0 d--h----- C:\WINDOWS\PIF 2008-04-26 17:47:45 0 d-------- C:\Program Files\Common Files\Command Software 2008-04-26 17:47:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Bell 2008-04-26 17:46:40 0 d-------- C:\Documents and Settings\Josh\Application Data\Bell 2008-04-26 17:46:35 0 d-------- C:\Program Files\Bell 2008-04-26 17:17:48 0 d-------- C:\Program Files\Zero Knowledge 2008-04-26 17:17:48 0 d-------- C:\Program Files\Common Files\PestPatrol 2008-04-25 19:29:15 0 d--h----- C:\$AVG8.VAULT$ 2008-04-25 19:28:12 8 --a------ C:\WINDOWS\system32\04bc74e0 2008-04-25 19:01:58 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-04-25 19:01:58 0 d-------- C:\Documents and Settings\Josh\Application Data\AVGTOOLBAR 2008-04-25 19:01:42 0 d-------- C:\Program Files\AVG 2008-04-25 19:01:42 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-04-25 18:49:40 0 dr-h----- C:\Documents and Settings\Josh\Recent 2008-04-25 12:41:54 105536 --a------ C:\WINDOWS\system32\hecgwfbr.dll 2008-04-24 20:46:29 0 d-------- C:\Documents and Settings\Josh\Application Data\Lavasoft 2008-04-24 19:15:10 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5 2008-04-24 19:08:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-04-24 18:38:29 0 d-------- C:\Program Files\CCleaner 2008-04-24 00:39:16 298243 --ahs---- C:\WINDOWS\system32\dJmmmnnn.ini2 2008-04-24 00:36:45 0 d-------- C:\Documents and Settings\Josh\Application Data\Google 2008-04-17 18:31:56 0 d-------- C:\Program Files\DVD Decrypter 2008-04-14 22:44:00 0 d-------- C:\Program Files\QuickTime 2008-04-10 18:31:26 0 d-------- C:\Documents and Settings\Josh\Application Data\mIRC 2008-04-10 18:31:25 0 d-------- C:\Program Files\mIRC 2008-04-10 14:38:23 34050 --a------ C:\WINDOWS\system32\CoreWavPack-uninstall.exe 2008-04-03 04:49:19 0 d-------- C:\Program Files\Microsoft Works 2008-04-03 04:49:04 0 d-------- C:\Program Files\MSBuild 2008-04-03 04:41:15 0 d-------- C:\WINDOWS\SHELLNEW 2008-04-03 04:39:25 0 dr-h----- C:\MSOCache 2008-04-01 02:24:38 0 d-------- C:\Documents and Settings\Josh\Application Data\AccurateRip 2008-04-01 02:24:35 0 d-------- C:\Documents and Settings\Josh\Application Data\AD ON Multimedia 2008-04-01 02:24:32 0 d-------- C:\Program Files\Exact Audio Copy 2008-03-30 21:37:55 0 d-------- C:\Documents and Settings\Josh\Application Data\TVU networks 2008-03-30 21:37:55 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU networks 2008-03-30 19:11:32 0 d-------- C:\Program Files\VideoLAN -- Find3M Report --------------------------------------------------------------- 2008-04-30 15:30:01 0 d-------- C:\Documents and Settings\Josh\Application Data\uTorrent 2008-04-30 03:20:56 0 d-------- C:\Program Files\eMule 2008-04-29 22:33:36 2594 --a----c- C:\WINDOWS\mozver.dat 2008-04-29 21:46:15 0 d-------- C:\Program Files\Viewpoint 2008-04-28 22:27:34 0 d-------- C:\Program Files\Apple Software Update 2008-04-28 04:49:07 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-26 17:47:45 0 d-------- C:\Program Files\Common Files 2008-04-26 17:12:48 0 d-------- C:\Program Files\Common Files\InstallShield 2008-04-24 19:15:36 0 d-------- C:\Documents and Settings\Josh\Application Data\Mozilla 2008-04-24 19:03:06 0 d-------- C:\Program Files\Google 2008-04-24 18:38:38 0 d-------- C:\Program Files\Yahoo! 2008-04-16 17:28:59 0 d-------- C:\Documents and Settings\Josh\Application Data\Adobe 2008-04-16 15:13:23 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-11 15:12:37 0 d-------- C:\Documents and Settings\Josh\Application Data\Apple Computer 2008-04-10 14:37:47 0 d-------- C:\Program Files\Winamp 2008-04-05 14:02:24 0 d-------- C:\Program Files\QuickTax 2007 2008-03-27 12:13:30 0 d-------- C:\Documents and Settings\Josh\Application Data\Winamp 2008-03-14 11:14:03 0 d-------- C:\Program Files\Java 2008-03-13 17:27:14 0 d-------- C:\Documents and Settings\Josh\Application Data\Intuit Canada 2008-03-13 17:26:58 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0 2008-03-13 17:26:55 0 d-------- C:\Program Files\Common Files\Intuit 2008-03-13 15:41:34 0 d-------- C:\Program Files\EPSON 2008-03-13 12:55:10 0 d-------- C:\Program Files\FLAC 2008-03-12 01:56:36 0 d-------- C:\Program Files\Womble MPEG Editor 2008-03-12 01:55:58 0 d-------- C:\Program Files\FlashGet 2008-03-12 01:54:47 0 d-------- C:\Documents and Settings\Josh\Application Data\Orbit -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d6871d1-795f-4596-9e4a-0bb5e2c2d531}] C:\WINDOWS\system32\gtvsvatl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34eee9f9-1488-41a4-b8e5-639293f69105}] C:\WINDOWS\system32\ygjaioah.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 25/04/2008 07:01 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2352453-378D-49CE-BBE2-D3E5687AA1B1}] C:\WINDOWS\system32\nnnmmmJd.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}] C:\WINDOWS\system32\nnnkKcYq.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [25/04/2008 07:01 PM 2050816] [-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "04bc666e"="C:\WINDOWS\system32\kuitwejg.dll" [] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [25/04/2008 07:01 PM] "SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [15/05/2006 10:41 AM] "Security Manager"="C:\Program Files\Bell\Security Manager\Rps.exe" [20/06/2006 02:30 PM] "BM078f55f2"="C:\WINDOWS\system32\hecgwfbr.dll" [25/04/2008 12:42 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 11:37 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:00 AM] "msnmsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [13/03/2008 03:48 AM] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [30/01/2008 12:29 AM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= C:\WINDOWS\system32\nnnkKcYq.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkKcYq] nnnkKcYq.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnmmmJd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^YouTube Uploader.lnk] path=C:\Documents and Settings\Josh\Start Menu\Programs\Startup\YouTube Uploader.lnk backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04bc666e] rundll32.exe "C:\WINDOWS\system32\xkbdeomm.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM078f55f2] Rundll32.exe "C:\WINDOWS\system32\irtmiuxy.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43] C:\Program Files\dvd43\dvd43_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "LPT1:" /M "Stylus CX5400" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\Program Files\FlashGet\FlashGet.exe /min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] "C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\AutoPlay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43c5c8c2-a332-11dc-b345-806d6172696f}] play\command- "C:\Program Files\InterVideo\DVD8\WinDVD.exe" %1 *Newly Created Service* - IPOD_SERVICE *Newly Created Service* - RKPAVPROC -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8300 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-04-30 15:35:16 ------------ |
|
     
|
|
05-03-2008, 08:46 PM
|
#3 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,548
OS: Windows XP Pro
|
Re: Some websites not accessible
Hi GuyOfOwnage,
Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription. -------------------------------------------------------------- Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. -------------------------------------------------------------- P2P Software I see you have P2P software ( µTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. -------------------------------------------------------------- Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix IMPORTANT: Make sure you install the Recovery Console before running ComboFix. Reply back with the following:
__________________
 Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
05-03-2008, 11:55 PM
|
#4 (permalink) |
|
Registered User
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 12
OS: Windows Vista Home Basic
|
Re: Some websites not accessible
Thanks for agreeing to assist me with my problem. Unfortunately, we have hit our first road block. The website you have provided me to download ComboFix with seems to be affected in the same way as many of the other websites that I visit (as I described in my initial post). We will have to find another way for me to acquire ComboFix, as well as the instructions surrounding its installation.
Also, due to my e-mail being rendered inaccessible as a result of this problem, subscribing to this thread is of no use to me, as I will not be able to see any notifications that I receive. I will, however, attempt to visit this thread as often as possible in order to keep the problem solving process moving. Thanks again. Last edited by GuyOfOwnage : 05-03-2008 at 11:56 PM. |
|
|
|
|
05-04-2008, 10:07 AM
|
#5 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,548
OS: Windows XP Pro
|
Re: Some websites not accessible
Hi GuyOfOwnage,
Lets see if you can access direct download links. Download Combofix from one of the following download links: **Save it directly to your desktop** Do not run ComboFix yet Next, download the recovery console at the link below: http://download.microsoft.com/downlo...otDisk-ENU.exe **Save it directly to your desktop so that it is beside ComboFix.exe**  Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows:
Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
05-04-2008, 12:03 PM
|
#6 (permalink) |
|
Registered User
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 12
OS: Windows Vista Home Basic
|
Re: Some websites not accessible
The direct link for the program worked, thanks a lot. Here's the report you asked for:
ComboFix 08-05-01.3 - Josh 2008-05-04 14:47:22.1 - NTFSx86 Running from: C:\Documents and Settings\Josh\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Josh\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\dJmmmnnn.ini C:\WINDOWS\system32\dJmmmnnn.ini2 C:\WINDOWS\system32\gjewtiuk.ini C:\WINDOWS\system32\hecgwfbr.dll C:\WINDOWS\system32\mmoedbkx.ini . ((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 ))))))))))))))))))))))))))))))) . 2008-05-03 16:32 . 2008-05-03 16:32 <DIR> d-------- C:\Deep Purple 2008-05-01 17:20 . 2008-05-01 17:31 <DIR> d-------- C:\1988 - Past Masters, Volume Two 2008-05-01 15:55 . 2008-05-01 17:18 <DIR> d-------- C:\1988 - Past Masters, Volume One 2008-05-01 00:57 . 2008-05-01 01:07 <DIR> d-------- C:\1978 - Rarities 2008-05-01 00:47 . 2008-05-01 00:56 <DIR> d-------- C:\1970 - Let It Be 2008-05-01 00:34 . 2008-05-01 00:45 <DIR> d-------- C:\1969(2) - Abbey Road 2008-05-01 00:23 . 2008-05-01 00:33 <DIR> d-------- C:\1969 - Yellow Submarine 2008-04-30 23:54 . 2008-05-01 00:06 <DIR> d-------- C:\1968 - The Beatles 2008-04-30 23:45 . 2008-04-30 23:53 <DIR> d-------- C:\1967(2) - Magical Mystery Tour 2008-04-30 23:26 . 2008-04-30 23:35 <DIR> d-------- C:\1967 - Sgt. Pepper's Lonely Hearts Club Band 2008-04-30 22:52 . 2008-04-30 23:00 <DIR> d-------- C:\1966 - Revolver 2008-04-30 22:24 . 2008-04-30 22:32 <DIR> d-------- C:\1965 - Rubber Soul 2008-04-30 22:16 . 2008-04-30 22:23 <DIR> d-------- C:\1965 - Help! 2008-04-30 21:50 . 2008-04-30 21:57 <DIR> d-------- C:\1964 - Beatles For Sale 2008-04-30 21:41 . 2008-04-30 21:49 <DIR> d-------- C:\1964 - A Hard Day's Night 2008-04-30 21:26 . 2008-04-30 21:35 <DIR> d-------- C:\1963 - With The Beatles 2008-04-30 21:15 . 2008-04-30 21:25 <DIR> d-------- C:\1963 - Please Please Me 2008-04-30 15:25 . 2008-04-30 15:25 <DIR> d-------- C:\Deckard 2008-04-30 15:06 . 2008-04-30 15:08 <DIR> d-------- C:\ie-spyad_zo 2008-04-30 14:58 . 2008-04-30 15:01 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-04-30 14:58 . 2008-04-30 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-30 14:30 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-04-29 22:28 . 2008-04-29 22:34 <DIR> d-------- C:\Program Files\Panda Security 2008-04-29 03:13 . 2008-04-29 03:13 <DIR> d-------- C:\Judas Priest 2008-04-28 22:33 . 2008-04-28 22:34 <DIR> d-------- C:\Program Files\iTunes 2008-04-28 22:33 . 2008-04-28 22:33 <DIR> d-------- C:\Program Files\iPod 2008-04-28 13:40 . 2008-04-28 13:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-28 13:40 . 2008-04-28 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-28 13:16 . 2008-04-28 13:16 <DIR> d-------- C:\Program Files\FLV Player 2008-04-28 02:14 . 2008-04-28 02:38 <DIR> d-------- C:\Documents and Settings\Josh\Application Data\Mp3tag 2008-04-28 02:13 . 2008-04-28 02:14 <DIR> d-------- C:\Program Files\Mp3tag 2008-04-28 00:22 . 2008-04-28 00:23 <DIR> d-------- C:\Program Files\Opera 2008-04-26 19:11 . 2008-04-26 19:28 <DIR> d-------- C:\New Folder 2008-04-26 17:54 . 2008-04-26 17:54 <DIR> d--h----- C:\WINDOWS\PIF 2008-04-26 17:48 . 2006-01-11 13:16 54,840 --a------ C:\WINDOWS\system32\drivers\freetdi.sys 2008-04-26 17:47 . 2008-05-02 14:09 <DIR> d-------- C:\Program Files\Common Files\Command Software 2008-04-26 17:47 . 2008-04-26 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bell 2008-04-26 17:46 . 2008-04-26 17:47 <DIR> d-------- C:\Program Files\Bell 2008-04-26 17:46 . 2008-04-26 17:48 <DIR> d-------- C:\Documents and Settings\Josh\Application Data\Bell 2008-04-26 17:45 . 2008-04-26 17:45 225 --a------ C:\WINDOWS\freedom.backup.dat 2008-04-26 17:23 . 2008-04-26 17:23 70 --a------ C:\WINDOWS\EC63FA5B.ini 2008-04-26 17:18 . 2003-09-24 10:23 33,408 --------- C:\WINDOWS\system32\drivers\freedom.sys 2008-04-26 17:17 . 2008-04-26 17:17 <DIR> d-------- C:\Program Files\Zero Knowledge 2008-04-26 17:17 . 2008-05-03 11:11 <DIR> d-------- C:\Program Files\Common Files\PestPatrol 2008-04-25 19:29 . 2008-05-04 14:03 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-04-25 19:28 . 2008-04-25 19:28 8 --a------ C:\WINDOWS\system32\04bc74e0 2008-04-25 19:02 . 2008-04-25 19:02 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-04-25 19:02 . 2008-04-25 19:02 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-04-25 19:01 . 2008-05-03 09:07 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-04-25 19:01 . 2008-04-25 19:01 <DIR> d-------- C:\Program Files\AVG 2008-04-25 19:01 . 2008-04-25 22:28 <DIR> d-------- C:\Documents and Settings\Josh\Application Data\AVGTOOLBAR 2008-04-25 19:01 . 2008-04-25 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-04-24 20:46 . 2008-04-26 17:15 <DIR> d-------- C:\Documents and Settings\Josh\Application Data\Lavasoft 2008-04-24 19:15 . 2008-04-29 22:15 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5 2008-04-24 19:08 . 2008-04-24 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-04-24 18:38 . 2008-04-24 18:39 <DIR> d-------- C:\Program Files\CCleaner 2008-04-24 12:41 . 2008-05-04 14:40 109,747 --a------ C:\WINDOWS\BM078f55f2.xml 2008-04-23 22:56 . 2008-04-23 22:56 113,312 --a------ C:\WWE.WrestleMania.20.3Disc.DVD9.NTSC.torrent 2008-04-22 21:21 . 2008-04-23 04:24 0 --a------ C:\dump_dvd.vob 2008-04-17 19:29 . 2008-04-17 21:11 107 --a------ C:\WINDOWS\IfoEdit.INI 2008-04-17 18:31 . 2008-04-17 18:32 <DIR> d-------- C:\Program Files\DVD Decrypter 2008-04-14 22:44 . 2008-04-14 22:45 <DIR> d-------- C:\Program Files\QuickTime 2008-04-12 19:02 . 2008-04-12 19:02 1,840,492 --a------ C:\Deep Purple - Comin' Home (sample).mp3 2008-04-12 12:26 . 2008-04-12 12:26 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2008-04-12 02:47 . 2008-04-12 02:47 163,150 --a------ C:\WWEVolume8.jpg 2008-04-10 18:31 . 2008-04-25 02:24 <DIR> d-------- C:\Program Files\mIRC 2008-04-10 18:31 . 2008-04-25 02:24 <DIR> d-------- C:\Documents and Settings\Josh\Application Data\mIRC 2008-04-10 14:38 . 2008-04-10 14:38 34,050 --a------ C:\WINDOWS\system32\CoreWavPack-uninstall.exe 2008-04-07 14:14 . 2008-04-07 14:14 1,793,444 --a------ C:\stormbringer.mp3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-04 18:55 --------- d-----w C:\Documents and Settings\Josh\Application Data\uTorrent 2008-05-04 11:52 --------- d-----w C:\Program Files\eMule 2008-04-30 01:46 --------- d-----w C:\Program Files\Viewpoint 2008-04-30 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-04-29 02:27 --------- d-----w C:\Program Files\Apple Software Update 2008-04-26 21:12 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-24 23:03 --------- d-----w C:\Program Files\Google 2008-04-24 22:38 --------- d-----w C:\Program Files\Yahoo! 2008-04-17 01:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB 2008-04-16 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-12 16:26 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-04-11 19:12 --------- d-----w C:\Documents and Settings\Josh\Application Data\Apple Computer 2008-04-11 19:09 --------- d-----w C:\Program Files\VideoLAN 2008-04-10 18:37 --------- d-----w C:\Program Files\Winamp 2008-04-10 07:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-05 18:02 --------- d-----w C:\Program Files\QuickTax 2007 2008-04-03 08:49 --------- d-----w C:\Program Files\MSBuild 2008-04-03 08:49 --------- d-----w C:\Program Files\Microsoft Works 2008-04-01 06:39 --------- d-----w C:\Program Files\Exact Audio Copy 2008-04-01 06:24 --------- d-----w C:\Documents and Settings\Josh\Application Data\AD ON Multimedia 2008-04-01 06:24 --------- d-----w C:\Documents and Settings\Josh\Application Data\AccurateRip 2008-03-31 01:38 --------- d-----w C:\Documents and Settings\Josh\Application Data\TVU networks 2008-03-31 01:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU networks 2008-03-27 16:13 --------- d-----w C:\Documents and Settings\Josh\Application Data\Winamp 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-14 15:14 --------- d-----w C:\Program Files\Java 2008-03-13 21:27 --------- d-----w C:\Documents and Settings\Josh\Application Data\Intuit Canada 2008-03-13 21:26 --------- d-----w C:\Program Files\Common Files\Intuit 2008-03-13 21:26 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0 2008-03-13 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit Canada 2008-03-13 19:41 --------- d-----w C:\Program Files\EPSON 2008-03-13 16:55 --------- d-----w C:\Program Files\FLAC 2008-03-12 05:56 --------- d-----w C:\Program Files\Womble MPEG Editor 2008-03-12 05:55 --------- d-----w C:\Program Files\FlashGet 2008-03-12 05:54 --------- d-----w C:\Documents and Settings\Josh\Application Data\Orbit 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-01-18 23:58 87,608 -c--a-w C:\Documents and Settings\Josh\Application Data\inst.exe 2008-01-18 23:58 47,360 -c--a-w C:\Documents and Settings\Josh\Application Data\pcouffin.sys . ------- Sigcheck ------- 2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-04-12 12:26 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-04-12 12:26 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d6871d1-795f-4596-9e4a-0bb5e2c2d531}] C:\WINDOWS\system32\gtvsvatl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34eee9f9-1488-41a4-b8e5-639293f69105}] C:\WINDOWS\system32\ygjaioah.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 2008-04-25 19:01 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2352453-378D-49CE-BBE2-D3E5687AA1B1}] C:\WINDOWS\system32\nnnmmmJd.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-25 19:01 2050816] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-25 19:01 2050816] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360] "msnmsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2008-03-13 03:48 5724184] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-30 00:29 219952] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "04bc666e"="C:\WINDOWS\system32\kuitwejg.dll" [ ] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-25 19:01 1177368] "SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2006-05-15 10:41 1986560] "Security Manager"="C:\Program Files\Bell\Security Manager\Rps.exe" [2006-06-20 14:30 270336] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkKcYq] nnnkKcYq.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^YouTube Uploader.lnk] path=C:\Documents and Settings\Josh\Start Menu\Programs\Startup\YouTube Uploader.lnk backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04bc666e] C:\WINDOWS\system32\xkbdeomm.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-11-16 20:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM078f55f2] C:\WINDOWS\system32\irtmiuxy.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM] --a------ 2004-02-28 13:12 144896 C:\PROGRA~1\AIM\\DeadAIM.ocm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43] --a------ 2007-11-20 17:40 731136 C:\Program Files\dvd43\dvd43_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5400] --a------ 2003-05-26 20:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\Program Files\FlashGet\FlashGet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-03-20 12:37 51184 C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 08:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] --a------ 2006-03-20 18:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2008-03-13 03:48 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2006-09-07 13:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2008-01-30 00:29 219952 C:\Program Files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-25 19:02] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-25 19:01] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\AutoPlay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43c5c8c2-a332-11dc-b345-806d6172696f}] \shell\play\command - "C:\Program Files\InterVideo\DVD8\WinDVD.exe" %1 . Contents of the 'Scheduled Tasks' folder "2008-05-03 23:23:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-04 17:37:35 C:\WINDOWS\Tasks\Windows Live Messenger.job" - C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-04 14:53:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Bell\Security Manager\fws.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-05-04 14:58:46 - machine was rebooted [Josh] ComboFix-quarantined-files.txt 2008-05-04 18:58:29 Pre-Run: 6,125,342,720 bytes free Post-Run: 6,047,543,296 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 288 --- E O F --- 2008-04-10 07:10:33 |
|
|
|
|
05-04-2008, 06:23 PM
|
#7 (permalink) |
|
Registered User
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 12
OS: Windows Vista Home Basic
|
Re: Some websites not accessible
I would like to make one simple addition to this thread. It seems as though that after running ComboFix and restarting, the problem has lessened. Not disappeared, but lessened. I am able to access a few more sites than I was before, but the core sites such as Google Search and GMail are still affected. It's just as baffling as the problem itself was in the first place.
|
|
|
|
|
05-04-2008, 08:32 PM
|
#8 (permalink) |
|
Registered User
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 12
OS: Windows Vista Home Basic
|
Re: Some websites not accessible
Also, I would like to quickly let you know that I will be out of town on Monday and Tuesday. This is just so you know that I haven't abandoned my own thread, and I will resume working with you when I return on Wednesday. Thanks.
|
|
|
|
