Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

microsoft and antivirus sites blocked


  • This topic is locked This topic is locked
8 replies to this topic

#1 nicolasseveryns

nicolasseveryns

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 24 September 2009 - 04:08 PM

Hello,

I have the following problem: whenever i try to access microsoft.com, the access is blocked. My internet connection gets cut off once every hour. Most spyware removal sites are blocked also. (except for this one). I did search and destroy, panda rootkit removal, nothing worked out. I also did combofix, before i read the instructions (bleep happens).

Now I have read the instructions, and attach the logfiles of dds, rootrepeal and combofix.

I hope someone can put his finger on my problem. I would surely be extremely grateful!

MY DDS LOG
///////////////

ni
DDS (Ver_09-07-30.01) - NTFSx86
Run by Nicolas at 22:17:20,14 on 24.09.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_04
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.960.393 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SDL International\License Server\Lmgrd.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\SDL International\License Server\Lmgrd.exe
C:\Program Files\SDL International\License Server\trados.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Users\Nicolas\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\sistray.exe
C:\Users\Nicolas\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Users\Nicolas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Nicolas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Nicolas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Teksty\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AutorunsDisabled - No File
BHO: Google Gears Helper - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
uRun: [Google Update] "c:\users\nicolas\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"
mRun: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\users\alluse~1\startm~1\programs\ofiska\kodges.ru\create~1.lnk - c:\webservers\denwer\Boot.exe
StartupFolder: c:\users\alluse~1\startm~1\programs\ofiska\kodges.ru\dropbox.lnk - c:\users\nicolas\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\alluse~1\startm~1\programs\startup\sdltra~1.lnk - c:\program files\sdl international\sdl trados synergy 2007\Synergy.exe
StartupFolder: c:\users\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
StartupFolder: c:\users\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
StartupFolder: c:\users\alluse~1\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\alluse~1\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &Экспорт в Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\nicolas\applic~1\mozilla\firefox\profiles\zi6wfdj9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-12-17 38448]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2008-3-5 179584]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2008-3-5 49536]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [2008-7-23 114496]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2007-12-17 14976]
R2 SDL FLEXlm License Server;SDL FLEXlm License Server;c:\program files\sdl international\license server\lmgrd.exe [2007-2-22 1339392]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\users\nicolas\desktop\vcdrom.sys --> c:\users\nicolas\desktop\VCdRom.sys [?]
S2 gupdate;Google Update Service;c:\program files\google\update\GoogleUpdate.exe [2008-7-9 133104]
S2 hnxeio;Time Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 NewServiceInstall1;NewServiceInstall1;c:\program files\sdl international\t2007\tt\lng\Dialogs1031.lng [2007-4-23 11264]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2009-1-23 36736]
S3 hitmanpro2;Hitman Pro 2 Driver;c:\program files\hitman pro\hitmanpro2.sys [2007-1-24 10336]
S3 PStrip;PSTRIP;c:\windows\system32\drivers\Pstrip.sys [2001-7-23 21616]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-1-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-1-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-1-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-1-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-1-23 98568]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2007-2-11 162176]
S4 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\asushwio.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-9-10 3712]
S4 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]

=============== Created Last 30 ================

2009-09-24 21:20 229,888 a------- c:\windows\PEV.exe
2009-09-24 21:20 161,792 a------- c:\windows\SWREG.exe
2009-09-24 21:20 98,816 a------- c:\windows\sed.exe
2009-09-24 11:50 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-24 11:02 <DIR> --d----- c:\program files\Trend Micro
2009-09-24 08:56 54,156 a---h--- c:\windows\QTFont.qfn
2009-09-24 08:56 1,409 a------- c:\windows\QTFont.for
2009-09-23 09:56 166,912 a------- c:\windows\system32\libmcrypt.dll
2009-09-16 11:47 <DIR> --d----- C:\WebServers
2009-09-10 19:25 <DIR> --d----- c:\users\nicolas\applic~1\adma
2009-09-10 19:24 <DIR> --d----- c:\program files\adma
2009-09-10 19:12 14,048 -------- c:\windows\system32\spmsg2.dll
2009-09-10 19:11 <DIR> --d----- c:\windows\system32\ru-RU
2009-09-10 19:06 <DIR> --d----- c:\windows\system32\XPSViewer
2009-09-10 19:06 220 a------- c:\windows\system32\spupdsvc.inf
2009-09-10 19:05 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-10 19:05 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-10 19:05 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-10 19:05 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-09-10 19:05 117,760 -------- c:\windows\system32\prntvpt.dll
2009-09-10 19:05 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-09-10 19:05 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-09-10 18:51 <DIR> --d----- c:\program files\MSXML 6.0
2009-09-09 12:01 <DIR> --d----- c:\program files\Babylon
2009-09-09 12:00 <DIR> --d----- c:\users\alluse~1\applic~1\Babylon
2009-09-09 12:00 <DIR> --d----- c:\users\nicolas\applic~1\Babylon
2009-09-09 10:57 <DIR> --d----- c:\windows\system32\siscardplugins
2009-09-09 10:57 <DIR> --d----- c:\windows\system32\beidpp
2009-09-09 10:57 <DIR> --d----- c:\program files\Belgium Identity Card
2009-09-09 10:56 <DIR> --d----- C:\drivers
2009-09-03 21:01 <DIR> --d----- c:\users\nicolas\applic~1\Trados
2009-09-03 21:01 <DIR> --d----- c:\users\nicolas\applic~1\SDL International
2009-09-03 19:10 <DIR> --d----- c:\users\alluse~1\applic~1\SDL International
2009-09-03 19:09 <DIR> --d----- c:\program files\SDL International
2009-09-03 16:19 3,163 a------- C:\license.lic
2009-09-03 13:07 2,399 a------- c:\windows\pstrip.ini
2009-09-03 13:07 <DIR> --d----- c:\program files\PowerStrip

==================== Find3M ====================

2008-02-26 20:09 32 a------- c:\users\alluse~1\applic~1\ezsid.dat
2005-11-23 19:41 165,840 a--shr-- c:\windows\system32\qnitsof.dll

============= FINISH: 22:17:50,62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nicolasseveryns

nicolasseveryns
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 28 September 2009 - 02:49 AM

Hello,

Is it possible to get any feedback on this? Or is this a hopeless case? Anyway, I would be obliged if someone told me so.

Regards,

Nicolas

#3 nicolasseveryns

nicolasseveryns
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 29 September 2009 - 03:20 AM

I did not find the virus itself, but I found a way to remedy the DNS routing problem. I disabled the 'DNS Client' in Windows->Control Panel->Administrative Tools->Services and now I can surf to any site I want to, even avast.com, microsoft.com and tons of other antivirus sites.

Still don't know the reason for it, though.

#4 nicolasseveryns

nicolasseveryns
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 30 September 2009 - 03:14 AM

After disabling the DNS Client, I was able to surf to avast.com and download their AV software.
The avast scan at bootup seemed to have done the trick.
It was CONFICKR worm and now it seems to have been gone.
Only thing: Avast detects kernel32.dll as infected and wants to delete it. You shouldn't delete this file. Ignore instead.

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:23 PM

Posted 11 October 2009 - 01:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 nicolasseveryns

nicolasseveryns
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 11 October 2009 - 01:25 PM

I think AVAST helped me out on this one. I have the impression my computer is working alright. Anyhow, here is a copy of the DDS logfile:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09.04.2006 13:12:37
System Uptime: 10.11.2009 9:16:11 (-709 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4SGX-MX
Processor: Intel® Celeron® CPU 2.40GHz | PGA 478 | 2400/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 2,392 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 99 GiB total, 3,433 GiB free.
F: is Removable
I: is FIXED (NTFS) - 75 GiB total, 2,392 GiB free.
X: is FIXED (Ext2) - 49 GiB total, 3,742 GiB free.
Z: is FIXED (Ext2) - 18 GiB total, 3,034 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ROOT\SCSIADAPTER\0000
Manufacturer: Unknown Manufacturer
Name: SCSI/RAID Host Controller
PNP Device ID: ROOT\SCSIADAPTER\0000
Service: Imagedrv

==== System Restore Points ===================

RP1: 21.09.2009 8:44:42 - System Checkpoint
RP2: 21.09.2009 18:41:33 - Printer Driver FlashPaper2 Driver Installed
RP3: 23.09.2009 12:46:31 - System Checkpoint
RP4: 24.09.2009 14:32:26 - System Checkpoint
RP5: 24.09.2009 18:40:43 - Installed StartupMonitor
RP6: 28.09.2009 14:10:20 - Installed Java™ 6 Update 16
RP7: 29.09.2009 10:10:47 - Installed PHP 5.2.11
RP8: 29.09.2009 10:29:33 - Software Distribution Service 3.0
RP9: 29.09.2009 17:30:13 - Installed Windows XP KB958644.
RP10: 30.09.2009 8:49:43 - Удалена Шрэк: Центр развлечений
RP11: 01.10.2009 9:31:01 - System Checkpoint
RP12: 02.10.2009 16:32:57 - System Checkpoint
RP13: 03.10.2009 13:06:41 - Удалено Skype™ 3.8
RP14: 05.10.2009 14:27:59 - System Checkpoint
RP15: 06.10.2009 15:04:31 - System Checkpoint
RP16: 07.10.2009 15:13:15 - System Checkpoint
RP17: 09.10.2009 16:18:46 - System Checkpoint
RP18: 11.10.2009 19:02:21 - System Checkpoint

==== Installed Programs ======================

Герои Меча и Магии® III
µTorrent
Суперсемейка - Забавные приключения
Сезон Охоты. Вечеринка у Буга
Рыбка Фредди дело о школьном призраке
Рыбка Фредди дело о банде Соленого ущелья
Рыбка Фредди дело о чудовище из Коралловой бухты
Рыбка Фредди дело о похищенной раковине
Рыбка Фредди и Тайна Океана
Промышленный Гигант 2
Куклы. Неделя высокой моды
Рекс 2
Пеппи Длинныйчулок
Четвероногие друзья: Мой щенок
Языковой пакет Microsoft .NET Framework 3.5 SP1 — RUS
22 игры с собаками
7-Zip 4.42
AC3Filter (remove only)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Audition 2.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Illustrator CS
Adobe InDesign CS
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Reader 8.1.1
Adobe Setup
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Aptana Studio 1.5
ASIO4ALL
Aspell 0.6 Dictionary (Language: en) (Installed for Current User)
Aspell 0.6 Dictionary (Language: fr)
Aspell 0.6 Dictionary (Language: fr) (Installed for Current User)
Aspell 0.6 Dictionary (Language: nl)
Aspell 0.6 Dictionary (Language: nl) (Installed for Current User)
Aspell 0.6 Dictionary (Language: ru)
Aspell Data
Aspell Data (Installed for Current User)
Aspell Dutch Dictionary-0.50-2
ASUSUpdate
AutoUpdate
avast! Antivirus
AVIcodec (remove only)
Babylon
Belgium e-ID middleware 3.5.2 (build 5775)
Bubbles
Canon G.726 WMP-Decoder
CCleaner (remove only)
CDDRV_Installer
Collab
CorelDRAW Graphics Suite 12
Creative Audio Console
Creative Live! Cam Vista IM Driver (1.00.07.0401)
Creative System Information
Creative WebCam Center
DebugMode Wink
DirectVobSub (remove only)
Disney's Donald Duck
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dogz
Dropbox
Emacs 23.0.60.1 and EmacsW32 1.56 (distribution ID: CvsP080325)
eMedia Intermediate Guitar Method
Expresso
Ext2 IFS 1.11 for Windows XP
ffdshow [rev 610] [2006-12-01]
FileZilla (remove only)
FL Studio 6
Flickr Uploadr 3.0.5
foobar2000 v0.9.4.3
FreeMind
GIMP 2.4.0-rc3
GNU Aspell 0.50-3
GNU Solfege 3.8.1
GnuCash 2.2.1
Google Планета Земля
Google Book Downloader
Google Chrome
Google Desktop
Google Gears
Google Gmail Notifier
Google Talk Plugin
Google Update Helper
GPL Ghostscript 8.57
GPL Ghostscript Fonts
GSview 4.8
GTK+ Runtime 2.12.1 rev b (remove only)
Guitar Pro 5.0
Hamsterball Gold
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
ImageMagick 6.3.5-5 Q16 (08/01/07)
ImgBurn (Remove Only)
Inkscape 0.45
iriver Firmware Updater (remove only)
iriver plus 3 (remove only)
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
Java™ 6 Update 16
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 4
KhalSetup
Last.fm 1.5.1.30182
Lexmark 5200 Series
LilyPond
Linksys Wireless-G PCI Adapter
Liquid Story Binder XE 2.12
Lively by Google
Logitech SetPoint
Macromedia FlashPaper 2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - RUS
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - RUS
Microsoft .NET Framework 3.5 Language Pack SP1 - rus
Microsoft .NET Framework 3.5 SP1
Microsoft AppLocale
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Application Compatibility Database
MiKTeX 2.7
Monkey's Audio
Movie Converter (remove only)
Mozilla Firefox (3.0.14)
Mozilla Firefox (3.5.3)
Mozilla Thunderbird (3.0b4)
MSXML 6.0 Parser (KB933579)
musikCube 1.0
Nero 6 Demo
Norton Security Scan
NVIDIA Drivers
OpenMG Secure Module 4.6.01
OpenOffice.org 2.3
OpenSSL 0.9.8d
Opera 9.50
Paragon Partition Manager 8.5 Professional
ParetoLogic Anti-Spyware
PDF Settings
PHP 5.2.11
Picasa 2
Pidgin
Pinnacle Instant DVD Recorder
Planshet
poEdit 1.3.5
PowerStrip 2.78 (remove only)
Python 2.5.2
QuickTime
Ruby-186-26
SDL FLEXlm License Server
SDL Trados 2007
SDL Trados Synergy 2007
SDLX
Security Update for Windows XP (KB958644)
SiS 650
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
Skype web features
Skype™ 4.1
Songbird 1.2.0 (Build 1146)
SonicStage 4.2
Sony DVD Architect 3.0b
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Media Manager 2.0
Sony Vegas 6.0d
SoulSeek Client 156c
SoundMAX
Spybot - Search & Destroy
StartupMonitor
Startwijzer
Steam™
Strawberry Perl 5.10.0.1
SUPERAntiSpyware Free Edition
The Rosetta Stone
TortoiseSVN 1.4.5.10425 (32 bit)
TypeFaster Typing Tutor
USB EHCI Driver
USB Storage Device Disk Driver
Van Dale Groot woordenboek hedendaags Nederlands
Van Dale Grote woordenboeken Engels
Van Dale Grote woordenboeken Frans
VideoLAN VLC media player 0.8.6d
Vim 7.1 (self-installing)
Virtual Desktop Manager Powertoy for Windows XP
Wacom Tablet Driver
WebMoney Advisor
WebMoney Keeper Classic 3.6.0.0
WinAVI MP4 Converter
WinAVI Video Converter 9.0
Windows Imaging Component
Windows Media Format Runtime
WinRAR archiver
WinVorbis v1.60
WinZip
Witte Speller
XML Paper Specification Shared Components Language Pack 1.0

==== Event Viewer Messages From Past Week ========

09.10.2009 8:55:47, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service service to connect.
09.10.2009 8:55:47, error: Service Control Manager [7000] - The Google Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07.10.2009 9:09:32, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Machine Debug Manager service to connect.
07.10.2009 9:09:32, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05.10.2009 8:49:58, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
05.10.2009 8:49:58, error: Service Control Manager [7000] - The NewServiceInstall1 service failed to start due to the following error: %1 is not a valid Win32 application.
05.10.2009 8:49:58, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05.10.2009 22:17:16, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:23 PM

Posted 20 October 2009 - 03:46 PM

Hi nicolasseveryns,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:23 PM

Posted 23 October 2009 - 06:13 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:23 PM

Posted 24 October 2009 - 05:21 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users