Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page antivirus sites do not open,antivirus does not update even when internet connection i
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 09-03-2009, 08:03 AM   #1 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 5
OS: windows xp sp3


antivirus sites do not open,antivirus does not update even when internet connection i
antivirus sites do not open,antivirus does not update even when internet connection is perfect
dipto87 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 09-03-2009, 08:05 AM   #2 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 5
OS: windows xp sp3


Re: antivirus sites do not open,antivirus does not update even when internet connecti
dds log







DDS (Ver_09-07-30.01) - NTFSx86
Run by dipto at 6:37:20.34 on Thu 09/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.578 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\dipto\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.orbitdownloader.com
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LClock] c:\program files\lclock\LClock.exe
mRun: [PowerTweak Menu] c:\windows\system32\mmm.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\24onli~1.lnk - c:\program files\elitecore\cyberoam client for 24online\CyberoamClient.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
TCP: {B426F22B-4D80-448A-9BC8-6B1239409531} = 172.16.0.10,202.54.1.64
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dipto\applic~1\mozilla\firefox\profiles\e3r16hwa.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-3 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-3 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-3 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-3 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-3 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-3 40488]
S2 0258201252015155mcinstcleanup;McAfee Application Installer Cleanup (0258201252015155);c:\docume~1\dipto\locals~1\temp\025820~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\dipto\locals~1\temp\025820~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 blhbms;Shell Universal;c:\windows\system32\svchost.exe -k netsvcs [2008-3-7 14336]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-3 34152]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\h:\ntglm7x.sys --> h:\NTGLM7X.sys [?]

============== File Associations ===============

inffile=c:\windows\system32\Notepad2.exe %1
inifile=c:\windows\system32\Notepad2.exe %1
txtfile=c:\windows\system32\Notepad2.exe %1

=============== Created Last 30 ================

2009-09-03 01:51 <DIR> --d----- c:\windows\system32\appmgmt
2009-09-03 01:23 <DIR> --d----- c:\docume~1\dipto\applic~1\COWON
2009-09-03 01:19 32,592 a------- c:\windows\system32\msonpmon.dll
2009-09-03 01:12 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-09-03 01:10 <DIR> --d----- c:\windows\SHELLNEW
2009-09-03 01:07 <DIR> --d----- c:\docume~1\dipto\applic~1\DAEMON Tools Pro
2009-09-03 01:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-09-03 01:06 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-09-03 01:04 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-09-03 00:59 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-09-03 00:59 <DIR> --d----- c:\docume~1\dipto\applic~1\DAEMON Tools Lite
2009-09-03 00:58 <DIR> --d----- c:\program files\common files\COWON
2009-09-03 00:58 <DIR> --d----- c:\program files\JetAudio
2009-09-03 00:56 <DIR> --d----- C:\eclipse
2009-09-03 00:54 <DIR> --d----- c:\program files\MpcStar
2009-09-03 00:54 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-09-03 00:54 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-03 00:54 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-09-03 00:53 <DIR> --d----- c:\program files\uTorrent
2009-09-03 00:53 <DIR> --d----- c:\docume~1\dipto\applic~1\uTorrent
2009-09-03 00:53 122,880 a------- c:\windows\UnGins.exe
2009-09-03 00:53 <DIR> --d----- c:\program files\eLitecore
2009-09-03 00:49 <DIR> --d----- c:\windows\pss
2009-09-03 00:48 <DIR> --d----- C:\downloads
2009-09-03 00:48 <DIR> --d----- c:\docume~1\dipto\applic~1\GrabPro
2009-09-03 00:48 <DIR> --d----- c:\program files\Orbitdownloader
2009-09-03 00:37 <DIR> --d----- c:\program files\VideoLAN
2009-09-03 00:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-09-03 00:34 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-09-03 00:33 <DIR> --d----- c:\program files\NCH Swift Sound
2009-09-03 00:31 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-09-03 00:30 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-09-03 00:30 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-09-03 00:30 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-09-03 00:27 86,016 -----r-- c:\windows\SoundMan.exe
2009-09-03 00:27 1,826,816 -----r-- c:\windows\SkyTel.exe
2009-09-03 00:27 1,191,936 -----r-- c:\windows\RtlUpd.exe
2009-09-03 00:27 282,624 -----r-- c:\windows\system32\RTSndMgr.cpl
2009-09-03 00:27 9,715,200 -----r-- c:\windows\RTLCPL.exe
2009-09-03 00:27 4,725,760 -----r-- c:\windows\system32\drivers\RtkHDAud.sys
2009-09-03 00:27 16,859,648 -----r-- c:\windows\RTHDCPL.exe
2009-09-03 00:27 2,165,760 -----r-- c:\windows\MicCal.exe
2009-09-03 00:27 69,632 -----r-- c:\windows\Alcmtr.exe
2009-09-03 00:27 <DIR> --d----- c:\program files\Realtek
2009-09-03 00:27 2,808,832 -----r-- c:\windows\alcwzrd.exe
2009-09-03 00:27 299,008 -----r-- c:\windows\system32\ALSndMgr.cpl
2009-09-03 00:27 315,392 a------- c:\windows\HideWin.exe
2009-09-03 00:27 520,192 -----r-- c:\windows\RtlExUpd.dll
2009-09-03 00:25 172,032 a----r-- c:\windows\system32\igfxres.dll
2009-09-03 00:24 105,856 a----r-- c:\windows\system32\drivers\Rtenicxp.sys
2009-09-03 00:22 <DIR> --d----- C:\Intel
2009-09-03 00:21 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-09-03 00:20 <DIR> --d----- c:\docume~1\dipto\applic~1\Styler
2009-09-03 00:19 89 a------- c:\documents and settings\dipto\Del2110.bat
2009-09-03 00:19 <DIR> --d----- c:\documents and settings\dipto\7zS2154.tmp
2009-09-03 00:19 <DIR> --d----- c:\documents and settings\dipto
2009-09-03 00:18 <DIR> --ds---- c:\windows\system32\Microsoft
2009-09-03 00:17 8,192 a------- c:\windows\REGLOCS.OLD
2009-09-03 00:15 221,184 a------- c:\windows\system32\wmpns.dll
2009-09-03 00:15 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-09-03 00:14 <DIR> --d----- c:\windows\system32\LogFiles
2009-09-03 00:13 <DIR> --d----- c:\program files\Alky for Applications
2009-09-03 00:13 18,590 a------- c:\windows\sKzVistaUltimateSound(Loud).reg
2009-09-03 00:13 <DIR> --d----- c:\program files\Kristanix
2009-09-03 00:13 <DIR> --d----- c:\program files\Stardock
2009-09-03 00:13 <DIR> --d----- c:\program files\common files\Stardock
2009-09-03 00:12 <DIR> --d----- c:\program files\Sysinternals
2009-09-03 00:12 69,632 a------- c:\windows\system32\javacpl.cpl
2009-09-03 00:09 <DIR> --d----- c:\windows\system32\XPSViewer
2009-09-03 00:08 23,856 a------- c:\windows\system32\spupdsvc.exe
2009-09-03 00:08 14,048 -------- c:\windows\system32\spmsg2.dll
2009-09-03 00:06 <DIR> --d----- c:\windows\system32\URTTemp
2009-09-03 00:06 1,683,280 -------- c:\windows\system32\XpsSvcs.dll
2009-09-03 00:06 1,683,280 -------- c:\windows\system32\dllcache\XpsSvcs.dll
2009-09-03 00:06 583,504 -------- c:\windows\system32\XPSSHHDR.dll
2009-09-03 00:06 583,504 -------- c:\windows\system32\dllcache\XPSSHHDR.dll
2009-09-03 00:06 124,928 -------- c:\windows\system32\prntvpt.dll
2009-09-03 00:06 677,376 -------- c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe
2009-09-03 00:06 28,160 -------- c:\windows\system32\dllcache\FilterPipelinePrintProc.dll
2009-09-03 00:05 2,577 a------- c:\windows\system32\CONFIG.NT
2009-09-03 00:05 0 a------- c:\windows\control.ini
2009-09-03 00:05 23,392 a------- c:\windows\system32\nscompat.tlb
2009-09-03 00:05 16,832 a------- c:\windows\system32\amcompat.tlb
2009-09-03 00:05 316,640 a------- c:\windows\WMSysPr9.prx
2009-09-03 00:04 <DIR> --d----- c:\windows\system32\dllcache
2009-09-03 00:04 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-09-03 00:03 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-09-03 00:03 <DIR> --d----- c:\program files\Online Services
2009-09-03 00:03 <DIR> --d----- c:\program files\common files\MSSoap
2009-09-02 23:56 <DIR> --d----- c:\program files\LClock
2009-09-02 23:56 <DIR> --d----- c:\program files\Styler
2009-09-02 23:56 <DIR> --d----- c:\program files\CCleaner
2009-09-02 23:55 <DIR> --d----- c:\program files\Desktop
2009-09-02 23:54 <DIR> --d----- c:\program files\Utilities
2009-09-02 23:54 <DIR> --d----- c:\program files\TaskSwitchXP
2009-09-02 23:54 <DIR> --d----- c:\program files\Attribute Changer
2009-09-02 23:54 <DIR> --d----- c:\program files\Windows NT
2009-09-02 16:49 <DIR> --d----- c:\program files\common files\ODBC
2009-09-02 16:49 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-09-02 16:48 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-09-03 00:04 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-03 00:02 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-03-19 13:55 113,664 a------- c:\windows\inf\hdaudio.sys
2009-09-03 15:25 2 a--shrot c:\windows\winstart.bat
2008-03-07 00:46 161,547 a--shr-- c:\windows\system32\hapfkrzo.dll
2009-09-03 15:01 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-09-03 15:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-09-03 15:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
2009-09-03 15:01 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2009-09-03 15:01 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2009-09-03 15:01 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 6:37:48.79 ===============
dipto87 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-03-2009, 08:15 AM   #3 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 5
OS: windows xp sp3


Re: antivirus sites do not open,antivirus does not update even when internet connecti
ark and attach files as you requested
Attached Files
File Type: zip ark_attach.zip (4.2 KB, 1 views)
dipto87 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-04-2009, 01:01 AM   #4 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 5
OS: windows xp sp3


Re: antivirus sites do not open,antivirus does not update even when internet connecti
i need help..plzzz reply....
dipto87 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-04-2009, 07:40 AM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,931
OS: WinXP and Vista


Re: antivirus sites do not open,antivirus does not update even when internet connecti
Hello dipto87,

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications as it will interfere with our tools and the removal.

You must disable all aspects of McAfee Security Center. Double-click the taskbar icon to open Security Center.
  • Click Advanced Menu (bottom mid-left).
  • Click Configure (left).
  • Click Computer & Files (top left).
  • VirusScan can be disabled in the right-hand module and set when it should resume - choose 'Never' or the protection will restart upon reboot and interfere with what ComboFix needs to do to get rid of this rookit. If you can't figure out how to disable McAfee, then uninstall it for now.


Note - Norton did not uninstall properly, so you will see alerts by Combofix about it running. Since you can't access anti virus sites to get the uninstaller, OK your way through them. We'll take care of the Norton AV remnant in the next round.


====================================================


Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-05-2009, 09:00 AM   #6 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 5
OS: windows xp sp3


Re: antivirus sites do not open,antivirus does not update even when internet connecti
ComboFix 09-09-04.02 - dipto 09/05/2009 20:16.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.540 [GMT -7:00]
Running from: c:\documents and settings\dipto\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kr_done1
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-05 02:32 . 2009-09-05 02:34 -------- d-----w- c:\documents and settings\dipto\workspace
2009-09-04 22:27 . 1993-10-15 00:57 21648 ----a-w- c:\windows\system\CTL3DV2.DLL
2009-09-04 22:27 . 1995-04-28 11:50 97072 ----a-w- c:\windows\system\BWCC0007.DLL
2009-09-04 22:27 . 1995-04-28 11:50 96928 ----a-w- c:\windows\system\BWCC000C.DLL
2009-09-04 22:27 . 1995-04-28 11:50 96912 ----a-w- c:\windows\system\BWCC0009.DLL
2009-09-04 22:27 . 1995-04-28 11:50 164928 ----a-w- c:\windows\system\BWCC.DLL
2009-09-04 22:27 . 1994-11-17 09:19 264800 ----a-w- c:\windows\system\BOCOLE.DLL
2009-09-04 22:27 . 1995-04-28 11:50 58192 ----a-w- c:\windows\system\MHRUN300.DLL
2009-09-04 22:27 . 1995-04-28 11:50 244192 ----a-w- c:\windows\system\MHCARDS.DLL
2009-09-04 22:27 . 1995-04-28 11:50 81920 ----a-w- c:\windows\system\BIVBX11.DLL
2009-09-04 22:27 . 2009-09-04 22:27 -------- d-----w- C:\ACROREAD
2009-09-04 22:27 . 2009-09-04 22:27 -------- d-----w- C:\TCWIN45
2009-09-04 20:44 . 2009-09-04 20:44 -------- d-----w- c:\documents and settings\dipto\Application Data\ArcticLine
2009-09-04 20:44 . 2009-09-04 20:54 -------- d-----w- c:\program files\Folder Marker
2009-09-04 10:00 . 2009-09-05 08:36 -------- d-----w- c:\documents and settings\dipto\Application Data\LimeWire
2009-09-04 10:00 . 2009-09-04 10:20 -------- d-----w- c:\program files\LimeWire
2009-09-03 22:36 . 2009-09-03 13:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-03 22:36 . 2009-09-03 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-03 22:30 . 2009-09-03 22:30 -------- d-----w- c:\documents and settings\dipto\Application Data\Malwarebytes
2009-09-03 22:29 . 2009-09-03 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-03 22:25 . 2009-09-03 22:25 2 --shatr- c:\windows\winstart.bat
2009-09-03 22:24 . 2009-09-03 22:24 -------- d-----w- c:\program files\Greatis
2009-09-03 21:59 . 2008-06-27 13:08 79240 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-03 21:59 . 2008-06-27 13:08 40488 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-03 21:59 . 2008-06-27 13:08 35240 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-03 21:59 . 2008-06-02 21:55 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-09-03 21:58 . 2009-09-03 21:59 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-03 21:58 . 2009-09-03 21:58 -------- d-----w- c:\program files\McAfee.com
2009-09-03 21:58 . 2009-09-03 22:00 -------- d-----w- c:\program files\McAfee
2009-09-03 21:57 . 2008-06-20 12:41 34152 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-03 21:55 . 2009-09-03 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-03 20:03 . 2009-09-03 20:03 -------- d-----w- c:\documents and settings\dipto\Application Data\Ahead
2009-09-03 19:13 . 2009-09-03 19:13 -------- d-----w- c:\documents and settings\dipto\Local Settings\Application Data\Identities
2009-09-03 19:13 . 2009-09-03 20:03 -------- d-----w- c:\documents and settings\dipto\Local Settings\Application Data\Ahead
2009-09-03 19:12 . 2009-09-03 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-09-03 19:09 . 2009-09-03 19:09 -------- d-----w- c:\program files\Nero
2009-09-03 19:09 . 2009-09-03 19:11 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-03 19:09 . 2009-09-03 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-09-03 16:53 . 2009-09-03 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-03 16:52 . 2009-09-03 16:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-03 16:52 . 2009-09-03 16:52 -------- d-----w- c:\documents and settings\dipto\Application Data\SUPERAntiSpyware.com
2009-09-03 16:48 . 2009-09-03 16:48 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-03 15:25 . 2009-09-03 15:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-03 15:15 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 15:15 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 15:15 . 2009-09-03 15:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 08:23 . 2009-09-03 08:23 -------- d-----w- c:\documents and settings\dipto\Application Data\COWON
2009-09-03 08:19 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-09-03 08:17 . 2009-09-03 08:17 -------- d-----w- c:\program files\Microsoft Works
2009-09-03 08:15 . 2009-09-03 08:15 -------- d-----w- c:\program files\Microsoft.NET
2009-09-03 08:12 . 2009-09-03 08:12 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-03 08:10 . 2009-09-03 08:16 -------- d-----w- c:\windows\SHELLNEW
2009-09-03 08:09 . 2009-09-03 08:09 -------- d-----w- c:\documents and settings\dipto\Local Settings\Application Data\Microsoft Help
2009-09-03 08:09 . 2009-09-03 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-03 08:08 . 2009-09-03 08:08 -------- d--h--r- C:\MSOCache
2009-09-03 08:07 . 2009-09-03 08:07 -------- d-----w- c:\documents and settings\dipto\Application Data\DAEMON Tools Pro
2009-09-03 08:07 . 2009-09-03 08:07 -------- d-----w- c:\documents and settings\dipto\Application Data\DAEMON Tools
2009-09-03 08:06 . 2009-09-03 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-09-03 08:06 . 2009-09-03 08:06 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-03 08:04 . 2009-09-03 08:21 -------- d-----w- c:\program files\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 03:06 . 2009-09-03 07:53 -------- d-----w- c:\documents and settings\dipto\Application Data\uTorrent
2009-09-05 08:29 . 2009-09-03 07:38 -------- d-----w- c:\documents and settings\dipto\Application Data\vlc
2009-09-05 04:36 . 2009-09-03 07:48 -------- d-----w- c:\documents and settings\dipto\Application Data\Orbit
2009-09-04 09:00 . 2009-09-03 07:54 -------- d-----w- c:\program files\MpcStar
2009-09-03 21:54 . 2009-09-03 07:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-03 21:52 . 2009-09-03 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-03 09:07 . 2009-09-03 07:48 -------- d-----w- c:\program files\Orbitdownloader
2009-09-03 08:51 . 2009-09-03 06:54 -------- d-----w- c:\program files\TaskSwitchXP
2009-09-03 08:51 . 2009-09-03 06:56 -------- d-----w- c:\program files\Windows Sidebar
2009-09-03 08:51 . 2009-09-03 06:56 -------- d-----w- c:\program files\Styler
2009-09-03 08:39 . 2009-09-03 07:32 69752 ----a-w- c:\documents and settings\dipto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-03 08:08 . 2009-09-03 07:59 -------- d-----w- c:\documents and settings\dipto\Application Data\DAEMON Tools Lite
2009-09-03 07:59 . 2009-09-03 07:59 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-03 07:58 . 2009-09-03 07:58 -------- d-----w- c:\program files\Common Files\COWON
2009-09-03 07:58 . 2009-09-03 07:58 -------- d-----w- c:\program files\JetAudio
2009-09-03 07:58 . 2009-09-03 07:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-03 07:57 . 2009-09-03 07:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-03 07:55 . 2009-09-03 07:54 -------- d-----w- c:\program files\Google
2009-09-03 07:54 . 2009-09-03 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-03 07:53 . 2009-09-03 07:53 -------- d-----w- c:\program files\uTorrent
2009-09-03 07:53 . 2009-09-03 07:53 -------- d-----w- c:\program files\eLitecore
2009-09-03 07:48 . 2009-09-03 07:48 -------- d-----w- c:\documents and settings\dipto\Application Data\GrabPro
2009-09-03 07:40 . 2009-09-03 07:40 0 ----a-w- c:\windows\nsreg.dat
2009-09-03 07:37 . 2009-09-03 07:37 -------- d-----w- c:\program files\VideoLAN
2009-09-03 07:33 . 2009-09-03 07:33 -------- d-----w- c:\program files\NCH Swift Sound
2009-09-03 07:27 . 2009-09-03 07:27 -------- d-----w- c:\program files\Realtek
2009-09-03 07:27 . 2009-09-03 07:27 315392 ----a-w- c:\windows\HideWin.exe
2009-09-03 07:27 . 2009-09-03 07:27 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-03 07:21 . 2009-09-03 07:21 -------- d-----w- c:\program files\Intel
2009-09-03 07:20 . 2009-09-03 07:20 -------- d-----w- c:\documents and settings\dipto\Application Data\Styler
2009-09-03 07:09 . 2009-09-03 07:09 89 ----a-w- c:\documents and settings\Default User\Del2110.bat
2009-09-03 07:09 . 2009-09-03 07:09 68936 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-03 07:09 . 2009-09-03 07:09 -------- d-----w- c:\program files\MSBuild
2009-09-03 07:09 . 2009-09-03 07:09 -------- d-----w- c:\program files\Reference Assemblies
2009-09-03 07:02 . 2009-09-03 07:02 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-03 06:56 . 2009-09-03 06:56 -------- d-----w- c:\program files\LClock
2009-09-03 06:56 . 2009-09-03 06:56 -------- d-----w- c:\program files\CCleaner
2009-09-03 06:56 . 2009-09-03 06:54 -------- d-----w- c:\program files\Utilities
2009-09-03 06:55 . 2009-09-03 06:55 -------- d-----w- c:\program files\Desktop
2009-09-03 06:54 . 2009-09-03 06:54 -------- d-----w- c:\program files\Attribute Changer
2008-03-07 07:46 . 2008-03-07 07:46 161547 --sha-r- c:\windows\system32\hapfkrzo.dll
.

------- Sigcheck -------

[-] 2008-03-19 20:55 361344 CEF393E4697B14D310320A62C3643F77 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"PowerTweak Menu"="c:\windows\system32\mmm.exe" [2005-07-05 828416]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-12 641208]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-03-07 169984]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-01-29 16859648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-03-19 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
24Online Client.lnk - c:\program files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe [2003-12-17 245760]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-9-3 1719568]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^dipto^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\dipto\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5511:TCP"= 5511:TCP:dpuoju

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S2 0258201252015155mcinstcleanup;McAfee Application Installer Cleanup (0258201252015155);c:\docume~1\dipto\LOCALS~1\Temp\025820~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\dipto\LOCALS~1\Temp\025820~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 blhbms;Shell Universal;c:\windows\system32\svchost.exe -k netsvcs [3/7/2008 12:46 AM 14336]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\h:\ntglm7x.sys --> h:\NTGLM7X.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
blhbms
.
Contents of the 'Scheduled Tasks' folder

2009-09-03 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-03 01:10]

2009-09-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-03 01:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {B426F22B-4D80-448A-9BC8-6B1239409531} = 172.16.0.10,202.54.1.64
FF - ProfilePath - c:\documents and settings\dipto\Application Data\Mozilla\Firefox\Profiles\e3r16hwa.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.
.
------- File Associations -------
.
inffile=c:\windows\system32\Notepad2.exe %1
inifile=c:\windows\system32\Notepad2.exe %1
txtfile=c:\windows\system32\Notepad2.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 20:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\blhbms]
"ServiceDll"="c:\windows\system32\hapfkrzo.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-09-06 20:21
ComboFix-quarantined-files.txt 2009-09-06 03:21

Pre-Run: 32,294,567,936 bytes free
Post-Run: 32,320,217,088 bytes free

246
dipto87 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-05-2009, 09:12 AM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,931
OS: WinXP and Vista


Re: antivirus sites do not open,antivirus does not update even when internet connecti
Hi dipto87,

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


It's IMPORTANT to carry out the instructions in the sequence listed below.


***************************************************

Open notepad and copy/paste the text in the code box below into it:

Quote:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/410685-antivirus-sites-do-not-open-antivirus-does-not-update-even-when-internet-connection-i.html#post2328278

Suspect::
c:\windows\system32\hapfkrzo.dll

Collect::
c:\windows\system32\hapfkrzo.dll

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5511:TCP"=-

Driver::
blhbms

NetSvc::
blhbms
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
---------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

=======================================

Open Notepad and copy/paste the contents inside the quote box below, into Notepad.

Quote:
PEV -l "%systemdrive%\tcpip.sy*" >log.txt
start notepad log.txt
Save this as look.bat Choose to "Save type as - All Files"
It should look like this:

Double click on look.bat & allow it to run. Then post the log which it produces




Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
look.txt
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:25 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85