Unable To Access Antivirus Websites,

August 6, 2013 at 02:46:21
Specs: Windows XP
Hi Dear,

I am unable to access any anti-virus websites, and unable to install any of them e.g, kaspersky 2013.

Regards,
Samar,

here is the log file of . Combofix.exe

ComboFix 13-08-05.03 - Admin 05/08/2013 13:52:21.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.346 [GMT 4:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\.#
c:\documents and settings\Admin\WINDOWS
c:\documents and settings\Myhome\WINDOWS
c:\documents and settings\Myhome\WINDOWS\HUMOUR.vbe
c:\program files\DefaultTab
c:\program files\DefaultTab\DefaultTab.crx
c:\program files\DefaultTab\DefaultTabSearch.exe
c:\program files\Internet Explorer\dmlconf.dat
C:\Thumbs.db
C:\UNWISE.EXE
c:\windows\clofghls.dll
c:\windows\dasetup.log
c:\windows\regedit.exe.tmp
c:\windows\system32\autorun.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET105.tmp
c:\windows\wininit.ini
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AIC32P
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_aic32p
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2013-07-05 to 2013-08-05 )))))))))))))))))))))))))))))))
.
.
2013-08-05 00:06 . 2013-08-05 00:06 -------- d-----w- c:\program files\NortonInstaller
2013-08-04 10:31 . 2013-08-04 13:41 -------- d-----w- c:\program files\Norton AntiVirus
2013-08-03 10:39 . 2013-08-03 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\StarApp
2013-08-03 10:39 . 2013-08-03 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2013-08-02 22:07 . 2013-08-02 22:13 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp
2013-08-02 22:07 . 2013-08-02 22:13 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Facebook
2013-08-02 11:47 . 2013-08-02 11:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-08-02 11:47 . 2013-08-02 11:47 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2013-08-02 11:47 . 2013-08-02 11:47 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2013-08-02 11:47 . 2013-08-02 11:47 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2013-08-02 11:47 . 2013-08-02 11:47 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2013-08-02 11:19 . 2013-08-02 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2013-08-02 10:47 . 2013-08-02 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacks
2013-07-29 12:09 . 2013-07-29 12:09 172544 ----a-w- c:\windows\system32\cncs32.dll
2013-07-29 12:09 . 2013-07-29 12:09 -------- d-----w- c:\windows\mariosorb2
2013-07-28 18:55 . 2013-07-28 18:55 -------- d-----w- C:\Road Rash
2013-07-28 16:42 . 2013-07-28 16:42 -------- d-s---w- c:\windows\system32\%APPDATA%
2013-07-25 11:27 . 2013-07-25 11:27 -------- d--h--w- c:\windows\msdownld.tmp
2013-07-25 11:27 . 2013-07-25 11:27 -------- d-----w- c:\program files\Electronic Arts
2013-07-25 05:02 . 2013-07-25 05:02 -------- d-----w- c:\windows\Logs
2013-07-24 13:04 . 2013-07-24 13:04 -------- d-----w- c:\program files\Free MP3 Cutter
2013-07-22 15:31 . 2013-07-22 15:31 -------- d-----w- c:\documents and settings\Myhome\.swt
2013-07-22 15:31 . 2013-07-22 15:31 -------- d-----w- c:\documents and settings\Myhome\.zekr
2013-07-22 12:51 . 2013-07-22 12:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-22 12:51 . 2013-07-22 12:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-18 16:37 . 2013-07-18 16:37 -------- d-sh--w- c:\documents and settings\Myhome\s4t4n
2013-07-18 06:19 . 2013-07-18 06:19 -------- d-----w- c:\program files\OApps
2013-07-16 10:42 . 2013-07-16 10:45 -------- d-----w- c:\documents and settings\Myhome\Kaun Banega Crorepati 3 - Shahrukh Khan (Flash Game - 2007)
2013-07-16 06:46 . 2013-07-16 06:46 -------- d-----w- c:\windows\system32\ARFC
2013-07-16 06:46 . 2013-06-30 16:10 1341744 ----a-w- c:\windows\system32\dmwu.exe
2013-07-16 06:46 . 2013-06-30 16:06 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-07-16 06:46 . 2011-06-10 22:58 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-07-16 06:46 . 2011-06-10 22:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-07-16 06:46 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-07-16 06:46 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-07-16 06:46 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-07-16 06:46 . 2013-07-16 06:46 -------- d-----w- c:\windows\system32\WNLT
2013-07-11 20:58 . 2013-07-22 17:16 -------- d-----w- c:\documents and settings\Admin\.zekr
2013-07-11 20:58 . 2013-07-11 20:58 -------- d-----w- c:\documents and settings\Admin\.swt
2013-07-11 20:44 . 2013-07-11 20:58 -------- d-----w- c:\program files\Zekr
2013-07-06 19:51 . 2013-07-06 19:51 -------- d-----w- c:\documents and settings\Admin\Application Data\ADSLSpeedTest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-25 22:26 . 2013-06-25 22:27 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 22:26 . 2010-09-05 09:25 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-25 22:26 . 2013-06-25 22:27 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 22:26 . 2010-09-05 09:25 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-02 11:47 . 2012-01-24 07:44 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-04-23 3548568]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-04-23 3548568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-15 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-15 86016]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1249280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 593480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Registration Prince of Persia T2T.LNK]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Registration Prince of Persia T2T.LNK
backup=c:\windows\pss\Registration Prince of Persia T2T.LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^smd10^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\smd10\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 1089648 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-01-22 21:57 1011712 ----a-w- c:\program files\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bol IM]
2007-06-21 21:32 3348440 ----a-w- c:\program files\Rediff Bol\RediffMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2006-02-22 05:03 40960 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2005-03-31 05:30 1106944 ----a-w- c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2013-08-02 22:07 199536 ----atw- c:\documents and settings\Admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 07:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2006-04-18 11:29 61952 ----a-w- c:\windows\system32\CHDAudPropShortcut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 20:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2006-02-15 02:49 454656 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2012-04-23 18:21 3548568 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 04:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 13:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 01:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 18:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nimbuzz]
2011-12-01 14:10 11713024 ----a-w- c:\program files\Nimbuzz\Nimbuzz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-04-15 18:26 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2006-03-07 10:38 131072 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-04-11 18:54 102400 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 01:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:47 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-04 05:46 823388 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MBAMService"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"AVP"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"wuauserv"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"aspnet_state"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Myhome\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Windows\\SMINST\\RecGuard.exe"=
"c:\\Program Files\\Adobe\\Reader 11.0\\Reader\\Reader_sl.exe"=
"c:\\Program Files\\Google\\Chrome\\Temp\\Chrome-bin\\chrome.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Facebook\\Update\\FacebookUpdate.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTEM.EXE"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/7/2010 11:31 PM 664064]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [4/23/2012 4:22 PM 108448]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [8/28/2011 6:02 PM 113280]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [8/28/2011 6:02 PM 100736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/28/2012 10:42 PM 22856]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2012 2:14 PM 116648]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2012 2:14 PM 116648]
S4 MBAMScheduler;MBAMScheduler;d:\malwarebytes' anti-malware\mbamscheduler.exe [6/22/2013 1:34 PM 479816]
S4 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [6/22/2013 1:34 PM 762952]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3747749528-740252140-2630247199-1006Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-08-02 22:07]
.
2013-08-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3747749528-740252140-2630247199-1006UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-08-02 22:07]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-08 10:14]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-08 10:14]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3747749528-740252140-2630247199-1010Core.job
- c:\documents and settings\Myhome\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-06-19 16:44]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3747749528-740252140-2630247199-1010UA.job
- c:\documents and settings\Myhome\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-06-19 16:44]
.
2013-08-05 c:\windows\Tasks\User_Feed_Synchronization-{427E819F-4353-425A-ADCB-72D6840001D2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 00:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{76A428C5-C694-442E-94ED-662F48CCA391}: NameServer = 202.56.230.5,203.56.230.6
TCP: Interfaces\{9952A180-2610-4400-9B8E-0C590D3FB77B}: NameServer = 202.56.230.5,202.56.230.6
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\1f4jf1qt.default\
FF - user.js: extensions.mixidj.tlbrSrchUrl -
FF - user.js: extensions.mixidj.id - b8c7fa2900000000000000130295eda8
FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
FF - user.js: extensions.mixidj.instlDay - 15888
FF - user.js: extensions.mixidj.vrsn - 1.8.18.8
FF - user.js: extensions.mixidj.vrsni - 1.8.18.8
FF - user.js: extensions.mixidj.vrsnTs - 1.8.18.81:44
FF - user.js: extensions.mixidj.prtnrId - mixidj
FF - user.js: extensions.mixidj.prdct - mixidj
FF - user.js: extensions.mixidj.aflt - babsst
FF - user.js: extensions.mixidj.smplGrp - none
FF - user.js: extensions.mixidj.tlbrId - baseyh
FF - user.js: extensions.mixidj.instlRef - sst
FF - user.js: extensions.mixidj.dfltLng - en
FF - user.js: extensions.mixidj.excTlbr - false
FF - user.js: extensions.mixidj.ffxUnstlRst - false
FF - user.js: extensions.mixidj.admin - false
FF - user.js: extensions.mixidj.autoRvrt - false
FF - user.js: extensions.mixidj.rvrt - false
FF - user.js: extensions.mixidj.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Acrobat Assistant 7 - c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe
MSConfigStartUp-DataMngr - c:\progra~1\IMESHA~1\MediaBar\DataMngr\DataMngrUI.exe
MSConfigStartUp-fiefioj - c:\documents and settings\smd10\fiefioj.exe
MSConfigStartUp-googletalk - c:\program files\Google\Google Talk\googletalk.exe
MSConfigStartUp-InterVoip - c:\program files\InterVoip.com\InterVoip\InterVoip.exe
MSConfigStartUp-Isrcrk - c:\documents and settings\Admin\Application Data\Isrcrk.scr
MSConfigStartUp-Microsoft Windows - c:\documents and settings\Admin\Application Data\Microsoft\Office\rundll32.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-Nokia - c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
MSConfigStartUp-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-Premium Clock - c:\program files\Premium Clock\Premium.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\update\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-05 14:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Isrcrk = c:\documents and settings\Admin\Application Data\Isrcrk.scr
.
scanning hidden files ...
.
.
c:\documents and settings\Admin\Application Data\Isrcrk.scr 185344 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Isrcrk"="c:\\Documents and Settings\\Admin\\Application Data\\Isrcrk.scr"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3747749528-740252140-2630247199-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{287704e2-1945-4c34-9fbe-0bdcf0acb2ea}]
@Denied: (Full) (Everyone)
"Model"=dword:0000001f
"Therad"=dword:00000016
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):75,6f,bf,24,15,29,07,5f,9e,6b,6b,05,7c,3e,12,0d,9f,4c,3d,3d,a4,
53,95,47,46,f6,d6,0e,f7,04,3b,cb,76,ef,94,d6,2c,da,71,58,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6214e67e-90ea-48d0-aec7-aca7ba60f251}]
@Denied: (Full) (Everyone)
"Model"=dword:00000122
"Therad"=dword:00000031
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,eb,6d,27,42,80,c2,b8,87,e1,20,42,1a,4c,6c,d2,2c,83,e0,8b,c5,07,bb,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):23,e0,9f,96,a0,80,42,a1,59,b9,a6,ef,27,23,b3,56,31,6e,68,e4,e3,
1b,1d,5e,ed,8a,e5,95,b7,ec,0f,d4,af,43,ff,84,67,9d,32,bf,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3256)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
.
- - - - - - - > 'csrss.exe'(964)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2013-08-05 14:20:32 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-05 10:20
.
Pre-Run: 6,040,309,760 bytes free
Post-Run: 7,208,841,216 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1356022277EB1D6D0CD94D4E9E8E88EA
665277635DC8BA83DEAE12EADEDB75A0

message edited by Samar


See More: Unable To Access Antivirus Websites,

Report •

#1
August 6, 2013 at 03:56:50
Hi Samar,

Is it that you are unable to open websites for antivirus or unable to open any website?
Did you try a different browser?

Let us know the error message you get when you try to access the website.

Check if you are able to open websites on Safe Mode with Networking.

Restart the system and tap F8 for Advance Boot Options.

Select Safe Mode with Networking and hit Enter.

If the websites do not work in Safe Mode with Networking, install Malwarebytes and perform deep scan. For Malwarebytes click the link mentioned below:

http://www.filehippo.com/download_m...

Remove virus and restart the system.

Thanks & Regards
Manshu S
#iworkfordell


Report •

#2
August 6, 2013 at 05:25:08
After running MBAM ( Malwarebytes ) Copy & Paste the contents of the log please.

Then Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...

message edited by Johnw


Report •

#3
August 7, 2013 at 14:57:23
hi john,

thanks for your reply .
here i'm with log of Malwarebyts. below and few other issues.

unable to boot windows in safe mode, Blue Screen error on startup.
Regedit is disabled by the administrator error.
Task Manager has been disabled by your administrator

Unable to access any antivirus websites . ( i have a licenced kasperky 2013 anivirus,. unable to complete installation error. ).

Oops! Google Chrome could not find www.kaspersky.com
Try reloading: www.­kaspersky.­com
Additional suggestions:
Access a cached copy of www.­kaspersky.­com

Oops! Google Chrome could not find www.bitdefender.com
Try reloading: www.­bitdefender.­com/­Downloads/­

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.06.01

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Admin :: ABCLXYZ [administrator]

05/08/2013 14:45:02
mbam-log-2013-08-05 (14-45-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323746
Time elapsed: 16 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 2
C:\Documents and Settings\Admin\Application Data\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Myhome\Application Data\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

Files Detected: 9
C:\Documents and Settings\Admin\Local Settings\temp\winrrrepq.exe (Spyware.Password) -> Delete on reboot.
C:\Documents and Settings\Admin\Local Settings\temp\winwkov.exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Admin\Local Settings\temp\windvhquw.exe (Spyware.Password) -> Delete on reboot.
C:\Documents and Settings\Myhome\Local Settings\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Documents and Settings\Myhome\Local Settings\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Documents and Settings\Myhome\Local Settings\Temp\nsp5C.tmp\installer.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Documents and Settings\Myhome\Local Settings\Temp\nss32F.tmp\208\wajam_ch_7102013.exe (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Myhome\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

(end)

message edited by Samar


Report •

Related Solutions

#4
August 7, 2013 at 22:36:23
Thanks Samar.

Have you been able to find a way to run ESET?


Report •

Ask Question