cannot access Microsoft and Antivirus Site

Hewlett-packard / Dx7300m
May 28, 2009 at 06:42:24
Specs: Microsoft XP, Pentium 4CPU 3.20GHz 3.19GHz, 512Mb
I restore my HP Microtower system with the restore CD. I also install Norton Antivirus. After the Antivirus installation I cannot access Microsoft and Antivirus site again. Microsoft update also stop working. I uninstall the Antivirus yet i cannot access this sites.

Here is the Malwarebytes log.
Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 2

28/05/2009 11:48:44
mbam-log-2009-05-28 (11-48-44).txt

Scan type: Quick Scan
Objects scanned: 77042
Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I also run combofix on the system. This is the log.


ComboFix 09-05-26.05 - Administrator 28/05/2009 11:54.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.495.212 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\toold.exe
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-28 09:21 . 2009-05-28 09:44 -------- d-----w c:\program files\Aclient
2009-05-28 08:22 . 2009-05-28 08:22 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-28 08:22 . 2009-05-26 12:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-28 08:22 . 2009-05-28 10:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-28 08:22 . 2009-05-28 08:22 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-28 08:22 . 2009-05-26 12:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-27 15:37 . 2009-05-27 15:37 -------- d-----w c:\program files\Java
2009-05-27 15:35 . 2009-05-27 15:35 152576 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-27 09:47 . 2009-05-27 09:47 57344 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-24cd0ba1-n\Decora-SSE.dll
2009-05-27 09:47 . 2009-05-27 09:47 24064 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-6b6eda17-n\Decora-D3D.dll
2009-05-27 09:47 . 2009-05-27 09:47 315392 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-40e6bae7-n\jogl.dll
2009-05-27 09:47 . 2009-05-27 09:47 20480 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-40e6bae7-n\jogl_awt.dll
2009-05-27 09:47 . 2009-05-27 09:47 114688 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-40e6bae7-n\jogl_cg.dll
2009-05-27 09:47 . 2009-05-27 09:47 20480 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-698ab2c5-n\gluegen-rt.dll
2009-05-27 09:47 . 2009-05-27 09:47 348160 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-514511e8-n\msvcr71.dll
2009-05-27 09:47 . 2009-05-27 09:47 499712 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-514511e8-n\msvcp71.dll
2009-05-27 09:47 . 2009-05-27 09:47 499712 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-514511e8-n\jmc.dll
2009-05-27 09:46 . 2009-05-27 09:46 -------- d-----w c:\windows\Sun
2009-05-27 09:45 . 2009-05-27 15:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-26 09:32 . 2009-05-26 13:12 -------- d-----w c:\windows\Internet Logs
2009-05-26 09:31 . 2004-08-03 22:08 26496 ----a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-26 09:26 . 2009-05-26 09:26 -------- d-----w c:\program files\MSECache
2009-05-26 09:21 . 2009-05-26 09:21 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-05-26 09:18 . 2008-05-01 14:30 331776 ------w c:\windows\system32\dllcache\msadce.dll
2009-05-26 09:08 . 2008-09-04 16:42 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-05-26 09:03 . 2006-10-26 18:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-05-26 09:02 . 2009-05-26 09:02 -------- d-----w c:\program files\Microsoft Works
2009-05-26 09:02 . 2009-05-26 09:02 -------- d-----w c:\program files\MSBuild
2009-05-26 09:01 . 2009-05-26 09:01 -------- d-----w c:\program files\Microsoft.NET
2009-05-26 09:00 . 2009-05-26 09:00 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-05-26 08:59 . 2009-05-26 09:02 -------- d-----w c:\windows\SHELLNEW
2009-05-26 08:59 . 2009-05-26 08:59 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2009-05-26 08:59 . 2009-05-26 09:03 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-26 08:58 . 2009-05-26 08:58 -------- d--h--r C:\MSOCache
2009-05-26 08:54 . 2000-08-06 00:51 192569 ----a-w c:\windows\system32\msrpjt40.dll
2009-05-26 08:54 . 2000-08-06 00:51 274489 ----a-w c:\windows\system32\ntwdblib.dll
2009-05-26 08:54 . 1997-07-19 16:01 376592 ----a-w c:\windows\system32\msrdo20.dll
2009-05-26 08:54 . 1997-01-13 09:49 97552 ----a-w c:\windows\system32\rdocurs.dll
2009-05-26 08:54 . 2000-08-06 00:51 32830 ----a-w c:\windows\system32\dbmsshrn.dll
2009-05-26 08:53 . 2009-05-26 08:53 -------- d-----w c:\program files\Microsoft SQL Server
2009-05-26 08:46 . 2009-05-26 08:46 -------- d-sh--w c:\documents and settings\Administrator\IECompatCache
2009-05-26 08:45 . 2009-05-26 08:45 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-05-26 08:42 . 2009-05-26 08:42 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-05-26 08:41 . 2009-05-26 08:41 -------- d-----w c:\windows\ie8updates
2009-05-26 08:39 . 2009-05-26 08:40 -------- dc-h--w c:\windows\ie8
2009-05-26 08:33 . 2008-10-03 10:15 247326 ------w c:\windows\system32\dllcache\strmdll.dll
2009-05-26 08:30 . 2008-10-15 16:57 332800 ------w c:\windows\system32\dllcache\netapi32.dll
2009-05-26 08:28 . 2007-03-09 10:25 2321288 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-26 08:28 . 2009-05-06 10:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{508AF1DC-4321-4E01-B593-8B38C2B059F3}\mpengine.dll
2009-05-26 08:25 . 2009-04-25 05:30 102400 ------w c:\windows\system32\dllcache\iecompat.dll
2009-05-26 08:10 . 2009-05-26 08:10 14024 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 08:10 . 2009-05-26 08:10 -------- d-----w c:\program files\Windows Defender
2009-05-26 07:54 . 2008-12-11 11:57 333184 ------w c:\windows\system32\dllcache\srv.sys
2009-05-26 07:13 . 2009-05-26 07:13 -------- d-sh--w c:\documents and settings\Administrator\UserData
2009-05-26 00:06 . 2009-05-26 00:06 -------- d-----w c:\program files\Program Shortcuts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 13:12 . 2009-05-26 09:32 3192 ----a-w c:\windows\Internet Logs\ErrorLog.tmp
2009-05-25 23:57 . 2009-05-25 23:57 1746 --sha-r c:\windows\system32\drivers\103C_HP_BPC_HP Compaq dx7300 Microtower_YB_0Comp_QHUB648_EU_48_I0A50h_SHP_V_B786E1 v01.05_T060830_WXP2_L409_M496_J160_7Intel_8Pentium 4_93.19_#090525_N8086104A_(RN250ES#ABU)_X_CD6_Z_2_G80862992.MRK
2009-05-25 23:57 . 2009-05-25 23:57 -------- d-----w c:\program files\Hewlett-Packard
2009-05-25 23:57 . 2009-05-25 23:56 -------- d-----w c:\program files\Compaq
2009-05-25 23:56 . 2009-05-25 23:56 -------- d-----w c:\program files\HP_SDMS
2009-05-25 23:56 . 2009-05-25 23:56 -------- d-----w c:\program files\PDF Complete
2009-05-25 23:56 . 2009-05-25 23:54 -------- d-----w c:\program files\HPQ
2009-05-25 23:56 . 2006-04-26 00:31 88207 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-25 23:54 . 2009-05-25 23:53 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-25 23:53 . 2009-05-25 23:53 -------- d-----w c:\program files\Realtek
2009-05-25 23:53 . 2009-05-25 23:53 -------- d-----w c:\program files\Intel
2009-05-25 23:43 . 2009-05-25 23:43 -------- d-----w c:\program files\microsoft frontpage
2009-05-25 16:11 . 2009-05-25 16:11 -------- d-----w c:\documents and settings\Administrator\Application Data\SampleView
2009-05-25 16:07 . 2009-05-25 23:53 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-08 03:34 . 2004-08-04 07:56 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-04 07:56 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-04 07:56 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-04 07:56 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-04 07:56 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-04 07:56 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-04 07:56 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-04 07:56 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-04 07:56 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2001-08-18 05:33 156160 ----a-w c:\windows\system32\msls31.dll
2004-08-04 07:56 . 2004-08-04 07:56 165204 --sha-r c:\windows\system32\iztgn.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-05-27_15.46.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-28 09:43 . 2009-05-28 09:43 16384 c:\windows\temp\Perflib_Perfdata_108.dat
- 2006-04-26 00:43 . 2009-05-27 14:41 69688 c:\windows\system32\perfc009.dat
+ 2006-04-26 00:43 . 2009-05-28 09:48 69688 c:\windows\system32\perfc009.dat
+ 2006-04-26 00:43 . 2009-05-28 09:48 418894 c:\windows\system32\perfh009.dat
- 2006-04-26 00:43 . 2009-05-27 14:41 418894 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2006-07-14 279576]
"SDMSSplash"="c:\program files\HP_SDMS\SDMSSplash\launcher.exe" [2006-03-10 86016]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-27 148888]
"AClntUsr"="c:\program files\Aclient\AClntUsr.EXE" [2009-05-28 184320]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-04 16250880]
"LayoutM"="KLayMgr.exe" - c:\windows\KLayMgr.exe [2004-08-17 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Aclient\\AClntUsr.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5964:TCP"= 5964:TCP:ngmhtd

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [26/05/2009 00:56 534040]
S2 hwdej;Manager Microsoft;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 08:56 14336]
S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\SMINST\virtdisk.sys [25/05/2009 17:07 57344]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hwdej

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-05-28 c:\windows\Tasks\User_Feed_Synchronization-{3D271539-8966-4B0D-A849-FAECE47F7BB5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
Trusted Zone: microsoft.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 11:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwdej]
"ServiceDll"="c:\windows\system32\iztgn.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(796)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
Completion time: 2009-05-28 11:56
ComboFix-quarantined-files.txt 2009-05-28 10:56
ComboFix2.txt 2009-05-28 09:41
ComboFix3.txt 2009-05-27 14:20
ComboFix4.txt 2009-05-27 09:55
ComboFix5.txt 2009-05-28 10:54

Pre-Run: 149,702,627,328 bytes free
Post-Run: 149,695,811,584 bytes free

182 --- E O F --- 2009-05-26 10:46


Please help me. I need help


See More: cannot access Microsoft and Antivirus Site

Report •


#1
May 28, 2009 at 06:56:56
Follow these steps in order numbered:

1) Download and run Kaspersky AVP tool:

http://devbuilds.kaspersky-labs.com...

Once you download and start the tool select all the objects/places to be scanned and hit Scan. Fix what it detects and at the end of the scan post screenshot/scan-summary log of detected items that is fixed and which it could not fix.

2) Change your dns server to http://www.opendns.com/start/

--------------------------------------------
Donate


Report •

#2
June 3, 2009 at 00:48:21
Sorry, I have been out of the office, i have done what you suggested and i am still not able to access microsoft site and antivirus site.Scan
----
Scanned: 1879638
Detected: 1
Untreated: 0
Start time: 02/06/2009 08:05:40
Duration: 08:14:16
Finish time: 02/06/2009 16:19:56


Detected
--------
Status Object
------ ------
disinfected: virus Virus.Win32.Sality.aa File: C:\Documents and Settings\Administrator\My Documents\New Folder\SaveAsPDFandXPS.exe


Events
------
Time Name Status Reason
---- ---- ------ ------


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
Infected: virus Virus.Win32.Sality.aa c:\documents and settings\administrator\my documents\new folder\saveaspdfandxps.exe 1009.9 KB


Report •

#3
June 3, 2009 at 05:59:20
Follow: http://support.kaspersky.com/faq/?q...
Where it says "set the full scan options to their maximum scan level" use the AVP tool from Response Number 1. Make sure you uninstall old AVP tool and redownload and run it again when it ask's you. Also set AVP tool setting to Maximum before running the scan (click on Setting in the main window).

-------------------------------------------------


Report •

Related Solutions

#4
June 4, 2009 at 03:49:36
I did what you suggested above and i was still having the same prolem. After this i uninstalled the tool and install Zone alarm. I noticed a difference. I can NOW ACCESS ALL ANTIVIRUS SITES but I CANNOT ACCESS MICROSOFT SITE YET

Report •

#5
June 4, 2009 at 06:37:22
Post Hijackthis log: Here

-------------------------------------------------


Report •

#6
June 5, 2009 at 01:31:25
hello

This is the required hijacklog

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:06:44, on 05/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aclient\AClient.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Aclient\AClntUsr.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\adenike.osho\Desktop\Tools.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Aclient\AClntUsr.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OACNGR.COM
O17 - HKLM\Software\..\Telephony: DomainName = OACNGR.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = OACNGR.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = OACNGR.COM
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = OACNGR.COM
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Aclient\AClient.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSSQLSERVER - Unknown owner - C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlagent.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6426 bytes


Report •

#7
June 5, 2009 at 04:31:34
hello,

After running hijackthis.exe and posted the log, I restart my system for a reason, when the system finished booting, I realised I can NOW ACCESS MICROSOFT SITE. ALL SITES IS NOW ACCESSIBLE. though I cannot explain what happen, can anybody please explain what could have happen.

THANKS TO EVERYBODY WHO HAVE MADE ONE SUGGESTION OR THE OTHER.


Report •

#8
June 14, 2009 at 20:12:23
hey! malwarebytes ONLY DETECTS MALWARE not viruses try
download antivirus on download you can access it not like
antivirus sites

Report •


Ask Question