Removed viruses now cannot connect to Internet Explorer - Pl

View previous topic View next topic Go down

Removed viruses now cannot connect to Internet Explorer - Please help

Post by milobouer on Tue Dec 15, 2009 4:56 pm

I had a number of viruses and spyware attacks yesterday and ran spybot, ad-aware and my panda protection to try and get rid of everything.
I've run them all again and it says everything is clear, my problem is when I click my internet explorer icon it doesn't do anything so I don't have any access to he internet.

Spybot came across these:
virtumonde.prx
win32.zbot
win32.agent.pz
win32.iksmas.ai

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:29, on 15/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\ApvxdWin.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: KTBho Class - {25EDC164-41A6-47C3-80BD-5E4FBE1BA7AB} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Kaboodle Toolbar - {92857633-2441-4A14-8236-DFCB97AD3E87} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [AffiliateWindow Alerts] C:\Program Files\AffiliateWindow Alerts\affiliatewindow.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Customize Menu - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Fill Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe

--
End of file - 14304 bytes


Please could someone help me.

milobouer
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25623
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by milobouer on Tue Dec 15, 2009 4:57 pm

I also ran Malwarebytes Anti-Malware and got the following:

Malwarebytes' Anti-Malware 1.42
Database version: 3364
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/12/2009 14:19:57
mbam-log-2009-12-15 (14-19-42).txt

Scan type: Quick Scan
Objects scanned: 112577
Time elapsed: 7 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jfmi.goo (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\overlapp32.dll (Spyware.Bividon) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ff4ec53a-ca51-9a39-6cdd-5ffb26fb445c} (Spyware.Bividon) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> No action taken.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rlist (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe jfmi.goo bjauvfm) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\adam\APPLIC~1\MACROM~1\Common\701a00761.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\adam\APPLIC~1\MACROM~1\Common\701a00761.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\adam\APPLIC~1\MACROM~1\Common\701a00761.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\adam\APPLIC~1\MACROM~1\Common\701a00761.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\adam\APPLIC~1\MACROM~1\Common\701a00761.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\adam\APPLIC~1\MACROM~1\Common\701a00761.dll) Good: (wdmaud.drv) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\jfmi.goo (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\overlapp32.dll (Spyware.Bividon) -> No action taken.
C:\Documents and Settings\adam\Application Data\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\adam\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\WINDOWS\Fonts\verdan32.exe (Worm.Archive) -> No action taken.

milobouer
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25623
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by Belahzur on Tue Dec 15, 2009 8:10 pm

Hello.
Did you remove what was found? MBAM says you didn't.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by milobouer on Tue Dec 15, 2009 8:22 pm

Hi there,
Yes I did go back and remove it.

milobouer
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25623
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by milobouer on Tue Dec 15, 2009 11:04 pm

I don't know if this is relevent but Malwarebytes anti-malware that I used this afternoon removed the following:
Backdoor.bot x7 of tem
rouge.driveCleaner
malware.trace
trojan.sasfix
hijack.sound
hijack.shell

they are all sitting in quarantine, should I now delete them all?


this is my latest malwarebytes report:

Malwarebytes' Anti-Malware 1.42
Database version: 3364
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/12/2009 14:20:20
mbam-log-2009-12-15 (14-20-20).txt

Scan type: Quick Scan
Objects scanned: 112577
Time elapsed: 7 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jfmi.goo (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\overlapp32.dll (Spyware.Bividon) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ff4ec53a-ca51-9a39-6cdd-5ffb26fb445c} (Spyware.Bividon) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rlist (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe jfmi.goo bjauvfm) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\adam\APPLIC~1\MACROM~1\Common\701a00761.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\adam\APPLIC~1\MACROM~1\Common\701a00761.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\adam\APPLIC~1\MACROM~1\Common\701a00761.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\adam\APPLIC~1\MACROM~1\Common\701a00761.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\adam\APPLIC~1\MACROM~1\Common\701a00761.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\adam\APPLIC~1\MACROM~1\Common\701a00761.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\jfmi.goo (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\overlapp32.dll (Spyware.Bividon) -> Delete on reboot.
C:\Documents and Settings\adam\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\adam\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\verdan32.exe (Worm.Archive) -> Quarantined and deleted successfully.

milobouer
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25623
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by Belahzur on Tue Dec 15, 2009 11:52 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by milobouer on Wed Dec 16, 2009 12:06 am

hi there,

here is the log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by adam at 0:00:33.50 on 16/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1475 [GMT 0:00]

AV: Panda Global Protection 2009 *On-access scanning enabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2009 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost -k Panda
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Documents and Settings\adam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Settings,ProxyOverride =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KTBho Class: {25edc164-41a6-47c3-80bd-5e4fbe1ba7ab} - c:\progra~1\kaboodle\kabood~1\KTBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~1\tools\iesdpb.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Kaboodle Toolbar: {92857633-2441-4a14-8236-dfcb97ad3e87} - c:\progra~1\kaboodle\kabood~1\KTBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [AffiliateWindow Alerts] c:\program files\affiliatewindow alerts\affiliatewindow.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda global protection 2009\Inicio.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Spyware Doctor] "c:\program files\spyware doctor\swdoctor.exe" /Q
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: Customize Menu - [You must be registered and logged in to see this link.] files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Fill Forms - [You must be registered and logged in to see this link.] files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: RoboForm Toolbar - [You must be registered and logged in to see this link.] files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - [You must be registered and logged in to see this link.] files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - [You must be registered and logged in to see this link.]
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - [You must be registered and logged in to see this link.]
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avldr - avldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli Nvcpit.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adam\applic~1\mozilla\firefox\profiles\9sjjzdwq.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\adam\application data\mozilla\firefox\profiles\9sjjzdwq.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\adam\application data\mozilla\firefox\profiles\9sjjzdwq.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - plugin: c:\documents and settings\adam\application data\mozilla\firefox\profiles\9sjjzdwq.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-17 64288]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-1-7 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-1-7 73728]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2008-1-5 3968]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-1-7 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-1-7 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-1-7 193792]
R1 ikhfile;File Security Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhfile.sys [2008-4-28 30592]
R1 ikhlayer;Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhlayer.sys [2008-4-28 51072]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-1-7 158848]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2009-9-3 58856]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2009-9-3 333928]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-1-7 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda global protection 2009\PsCtrlS.exe [2009-1-7 181504]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2009-1-7 84024]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda global protection 2009\PavFnSvr.exe [2009-1-7 169216]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda global protection 2009\PAVSRV51.EXE [2009-1-7 288512]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda global protection 2009\psksvc.exe [2009-1-7 28928]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2009-9-3 967912]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2009-1-7 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
R3 tap0801;Smarthide TAP driver;c:\windows\system32\drivers\tap0801.sys [2007-10-12 55808]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\shldrv51.sys --> c:\windows\system32\drivers\ShlDrv51.sys [?]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\pavproc.sys --> c:\windows\system32\drivers\PavProc.sys [?]
S2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda security\pavshld\pavprsrv.exe" --> c:\program files\common files\panda security\pavshld\pavprsrv.exe [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [2009-12-15 99256]
S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-1-7 13880]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~2\pandag~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\pandas~2\pandag~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\pandas~2\pandag~1\PavScrip.exe "%1" %*

=============== Created Last 30 ================

2009-12-15 23:58:19 99256 ----a-w- c:\windows\system32\drivers\av5flt.sys
2009-12-15 14:10:54 0 d-----w- c:\docume~1\adam\applic~1\Malwarebytes
2009-12-15 14:10:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-15 14:10:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-15 14:10:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 14:10:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-14 20:00:31 0 d-----w- c:\docume~1\adam\applic~1\Explorer
2009-12-14 15:26:57 458984 ----a-w- c:\documents and settings\adam\.spyglass.properties
2009-12-14 15:24:03 0 d-----w- c:\program files\SEO PowerSuite
2009-11-26 07:36:24 0 d-----r- c:\program files\Skype
2009-11-17 15:20:23 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-17 14:09:51 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-17 14:09:45 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-17 14:06:53 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-17 14:06:40 0 d-----w- c:\program files\Lavasoft
2009-11-17 13:46:46 91 ----a-w- c:\windows\wininit.ini
2009-11-17 12:06:32 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 12:06:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2009-12-15 23:59:00 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-12-15 23:59:00 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-12-15 23:58:51 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2009-12-15 14:11:06 390312 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-12-15 14:11:06 390312 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-01 07:44:52 87608 ----a-w- c:\docume~1\adam\applic~1\inst.exe
2009-10-01 07:44:52 47360 ----a-w- c:\docume~1\adam\applic~1\pcouffin.sys
2007-05-26 08:01:00 594800 ----a-w- c:\program files\gkwv2_setup.exe
2007-05-25 14:42:21 14659071 ----a-w- c:\program files\KE_setup13143.exe
2007-05-25 14:40:56 1585247 ----a-w- c:\program files\SEOE_setup4081.exe
2007-05-24 20:07:36 14279822 ----a-w- c:\program files\scvc6000.exe
2007-05-23 15:28:59 9389672 ----a-w- c:\program files\winzip111.exe
2007-05-21 17:54:16 64625683 ----a-w- c:\program files\xsiteprosetup.exe
2007-03-06 08:50:53 2683984 ----a-w- c:\program files\ccsetup137.exe
2007-03-06 08:39:24 11352928 ----a-w- c:\program files\spydocsetup.exe
2007-02-28 00:03:35 199874112 ----a-w- c:\program files\Nero-7.7.5.1_eng_trial.exe
2007-02-24 19:25:53 33170212 ----a-w- c:\program files\klmcodec165.exe
2007-02-24 18:21:02 411509 ----a-w- c:\program files\GSpot270a.zip
2007-02-24 17:52:51 6241753 ----a-w- c:\program files\XP-Codec-Pack-2.0.6.zip
2007-02-24 17:45:51 5134848 ----a-w- c:\program files\SVCD2DVDv2.msi
2007-02-24 09:52:24 1145896 ----a-w- c:\program files\GoogleToolbarInstaller.exe
2007-02-24 08:24:55 60640 ----a-w- c:\program files\AC3ACM.zip
2007-02-24 08:23:43 1045001 ----a-w- c:\program files\VirtualDub-MPEG2.zip
2007-02-24 08:07:13 1094021 ----a-w- c:\program files\dvdshrink32setup1.zip
2007-02-24 07:55:35 25755448 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2007-02-23 20:44:54 1201041 ----a-w- c:\program files\winrar.exe
2007-02-23 20:41:33 24265736 ----a-w- c:\program files\dotnetfx.exe
2007-02-23 20:39:09 5968384 ----a-w- c:\program files\SVCD2DVD.msi
2007-02-23 20:00:21 21822168 ----a-w- c:\program files\AdbeRdr80_en_US.exe
2007-02-23 19:56:24 36808256 ----a-w- c:\program files\iTunesSetup.exe
2002-06-26 09:06:50 69632 ------w- c:\windows\inf\MdmXSdk.dll
2009-09-08 09:31:43 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009090820090909\index.dat

============= FINISH: 0:02:49.84 ===============

milobouer
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25623
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by milobouer on Wed Dec 16, 2009 12:07 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 31/03/2008 19:37:12
System Uptime: 15/12/2009 23:57:40 (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N-E
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2612/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 117.325 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 223.895 GiB free.
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP557: 17/09/2009 14:01:56 - System Checkpoint
RP558: 18/09/2009 18:11:28 - System Checkpoint
RP559: 19/09/2009 19:44:44 - System Checkpoint
RP560: 20/09/2009 20:19:41 - System Checkpoint
RP561: 21/09/2009 21:05:19 - System Checkpoint
RP562: 22/09/2009 21:44:13 - System Checkpoint
RP563: 24/09/2009 07:22:33 - System Checkpoint
RP564: 25/09/2009 07:45:20 - System Checkpoint
RP565: 26/09/2009 08:15:41 - System Checkpoint
RP566: 27/09/2009 10:37:03 - System Checkpoint
RP567: 28/09/2009 13:40:14 - System Checkpoint
RP568: 29/09/2009 15:07:28 - System Checkpoint
RP569: 30/09/2009 17:38:49 - System Checkpoint
RP570: 01/10/2009 20:17:47 - System Checkpoint
RP571: 02/10/2009 22:06:13 - System Checkpoint
RP572: 03/10/2009 22:14:52 - System Checkpoint
RP573: 05/10/2009 07:39:41 - System Checkpoint
RP574: 06/10/2009 09:27:54 - System Checkpoint
RP575: 07/10/2009 11:13:14 - System Checkpoint
RP576: 08/10/2009 13:17:17 - System Checkpoint
RP577: 09/10/2009 14:13:03 - System Checkpoint
RP578: 10/10/2009 17:41:54 - System Checkpoint
RP579: 11/10/2009 18:11:26 - System Checkpoint
RP580: 12/10/2009 18:49:57 - System Checkpoint
RP581: 13/10/2009 18:53:38 - System Checkpoint
RP582: 14/10/2009 20:14:15 - System Checkpoint
RP583: 15/10/2009 21:23:42 - System Checkpoint
RP584: 16/10/2009 07:27:35 - Software Distribution Service 3.0
RP585: 17/10/2009 08:49:30 - System Checkpoint
RP586: 18/10/2009 09:02:27 - System Checkpoint
RP587: 19/10/2009 12:07:46 - System Checkpoint
RP588: 20/10/2009 12:49:22 - System Checkpoint
RP589: 21/10/2009 20:08:51 - System Checkpoint
RP590: 22/10/2009 20:35:42 - System Checkpoint
RP591: 23/10/2009 20:50:51 - System Checkpoint
RP592: 24/10/2009 21:10:22 - System Checkpoint
RP593: 26/10/2009 17:22:05 - System Checkpoint
RP594: 27/10/2009 18:27:09 - System Checkpoint
RP595: 28/10/2009 11:54:50 - Installed RSSBot
RP596: 29/10/2009 13:34:34 - System Checkpoint
RP597: 30/10/2009 19:07:35 - System Checkpoint
RP598: 31/10/2009 19:40:55 - System Checkpoint
RP599: 01/11/2009 20:08:48 - System Checkpoint
RP600: 02/11/2009 20:33:27 - System Checkpoint
RP601: 03/11/2009 21:43:05 - System Checkpoint
RP602: 04/11/2009 22:30:36 - System Checkpoint
RP603: 05/11/2009 10:09:59 - Software Distribution Service 3.0
RP604: 06/11/2009 10:29:25 - System Checkpoint
RP605: 07/11/2009 11:34:13 - System Checkpoint
RP606: 08/11/2009 12:36:43 - System Checkpoint
RP607: 09/11/2009 13:32:50 - System Checkpoint
RP608: 10/11/2009 13:56:17 - System Checkpoint
RP609: 11/11/2009 20:19:52 - System Checkpoint
RP610: 12/11/2009 07:20:21 - Software Distribution Service 3.0
RP611: 13/11/2009 08:43:41 - System Checkpoint
RP612: 14/11/2009 09:17:07 - System Checkpoint
RP613: 15/11/2009 10:10:57 - System Checkpoint
RP614: 16/11/2009 13:22:36 - System Checkpoint
RP615: 17/11/2009 14:36:32 - System Checkpoint
RP616: 18/11/2009 16:48:25 - System Checkpoint
RP617: 19/11/2009 20:12:54 - System Checkpoint
RP618: 20/11/2009 20:36:05 - System Checkpoint
RP619: 21/11/2009 21:20:27 - System Checkpoint
RP620: 22/11/2009 21:59:51 - System Checkpoint
RP621: 23/11/2009 22:31:34 - System Checkpoint
RP622: 24/11/2009 22:46:25 - System Checkpoint
RP623: 26/11/2009 07:34:11 - Software Distribution Service 3.0
RP624: 27/11/2009 00:34:40 - Software Distribution Service 3.0
RP625: 28/11/2009 07:48:14 - System Checkpoint
RP626: 29/11/2009 09:03:52 - System Checkpoint
RP627: 30/11/2009 09:19:44 - System Checkpoint
RP628: 01/12/2009 09:36:27 - System Checkpoint
RP629: 02/12/2009 10:27:26 - System Checkpoint
RP630: 03/12/2009 12:27:51 - System Checkpoint
RP631: 04/12/2009 14:28:29 - System Checkpoint
RP632: 05/12/2009 14:47:03 - System Checkpoint
RP633: 07/12/2009 01:33:19 - System Checkpoint
RP634: 08/12/2009 10:02:09 - System Checkpoint
RP635: 09/12/2009 10:40:46 - System Checkpoint
RP636: 10/12/2009 07:12:32 - Software Distribution Service 3.0
RP637: 11/12/2009 10:37:58 - System Checkpoint
RP638: 12/12/2009 11:03:26 - System Checkpoint
RP639: 13/12/2009 13:45:13 - System Checkpoint
RP640: 14/12/2009 19:30:14 - System Checkpoint
RP641: 15/12/2009 19:38:45 - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint
ABBYY FineReader 6.0
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 9.1
Adobe Shockwave Player
AffiliateWindow Alerts (remove only)
AI RoboForm (All Users)
Amazon Seller Desktop - UK Edition
AMI Article Multiplier v2.0
AMI Article Submitter 1.4
AMI Article Writer
ArticleFlood
AVG Anti-Rootkit Free
Avi2Dvd 0.5
AviSynth 2.5
BinatoneInternetPhone
Canon i865
CCleaner (remove only)
ClipClip 0.1
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.2.4.82
Critical Update for Windows Media Player 11 (KB959772)
DNA
DVD Shrink 3.2
EPSON Copy Utility 3
EPSON Scan
EPSON Smart Panel
ffdshow [rev 2844] [2009-03-30]
Good Keywords v2.01.050107
Google AdWords Editor
Google Base Store Connector
Google Toolbar for Internet Explorer
GoToMeeting/GoToWebinar 3.0.0.198
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ImgBurn
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 4
K-Lite Mega Codec Pack 1.65
Kaboodle IE Toolbar
Magic ISO Maker v5.5 (build 0259)
Malwarebytes' Anti-Malware
Market Samurai
MATS LiveStats
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft IntelliPoint 5.2
Microsoft IntelliType Pro 5.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft WSE 2.0 SP3
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Ultra Edition
neroxml
NetWaiting
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
OpenOffice.org 2.4
Panda Global Protection 2009
Perf2480P_2580P Reference Guide
QuickSFV (Remove only)
QuickTime
Ranking-Manager version 6.1.25
Rapport
Realtek AC'97 Audio
RSSBot
SC Video Converter 4.2.0.0
ScanToWeb
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SEO SpyGlass
Sky Broadband
Skype™ 4.1
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
SmartHide 2.1.131
SopCast 3.0.3
SoundMAX
Spybot - Search & Destroy
Spyware Doctor 4.0
SVCD2DVD
SVCD2DVD 2.1
Turbo Lister 2
TVUPlayer 2.4.5.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V.92 PCI Voice Faxmodem
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XSite Pro
XSitePro2
Xvid 1.2.1 final uninstall
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

15/12/2009 23:55:30, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
15/12/2009 23:55:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPFLT DSAFLT DumaNT Fips FNETMON IDSFLT pavboot Processor ShldDrv WNMFLT
15/12/2009 23:38:34, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001E8C709532 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
15/12/2009 15:23:37, error: Service Control Manager [7034] - The Panda TPSrv service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 15:13:03, error: Service Control Manager [7034] - The ForceWare IP service service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 15:12:58, error: Service Control Manager [7034] - The Panda Host Service service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 15:12:57, error: Service Control Manager [7034] - The Panda On-Access Anti-Malware Service service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 15:11:13, error: Service Control Manager [7034] - The Panda Software Controller service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 15:11:13, error: Service Control Manager [7034] - The Panda PSK service service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 15:11:13, error: Service Control Manager [7034] - The Panda IManager Service service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 15:11:13, error: Service Control Manager [7034] - The Panda Function Service service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 15:11:13, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 15:11:13, error: Service Control Manager [7034] - The ForceWare user log service service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 15:11:13, error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 15:11:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
15/12/2009 15:11:13, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/12/2009 15:09:46, error: Service Control Manager [7034] - The Forceware Web Interface service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 15:09:46, error: Service Control Manager [7034] - The C-DillaCdaC11BA service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 14:25:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid ShldDrv
15/12/2009 14:22:26, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
13/12/2009 08:40:39, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ShldDrv
13/12/2009 08:40:39, error: Service Control Manager [7022] - The IPv6 Helper Service service hung on starting.
13/12/2009 08:38:48, error: Service Control Manager [7000] - The Panda Process Protection Service service failed to start due to the following error: The system cannot find the path specified.
13/12/2009 08:38:48, error: Service Control Manager [7000] - The Panda Process Protection Driver service failed to start due to the following error: The system cannot find the file specified.
13/12/2009 08:38:07, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001E8C709532 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/12/2009 10:12:06, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
09/12/2009 07:26:00, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'NetAdapt.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

milobouer
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25623
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by Belahzur on Wed Dec 16, 2009 12:18 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 11
    Java(TM) 6 Update 4

How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by milobouer on Wed Dec 16, 2009 12:22 am

still the same i'm afraid.

milobouer
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25623
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by milobouer on Wed Dec 16, 2009 12:27 am

firefox just totally loaded stayed for about 30 secs then vanished

milobouer
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25623
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by Belahzur on Wed Dec 16, 2009 12:45 am

Your Firefox could do with updating anyway, your more than 3 versions behind.

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by milobouer on Wed Dec 16, 2009 12:49 am

will do as soon as I can get online, tried loading it again, stays for 30 secs then just vanishes, any ideas? Could I still have a virus or has it changed something?

milobouer
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25623
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by Belahzur on Wed Dec 16, 2009 1:04 am

Could be a number of things. Malware still hiding, or damage from the malware corrupted Firefox.

In any case, lets go with the damage method. You may want to use another machine and transfer the new version of Firefox installer back to this machine via USB.

Go back into Add/remove programs, and uninstall "Mozilla Firefox (3.0.15)"

Now install the new version you brought across from USB.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by milobouer on Wed Dec 16, 2009 1:09 am

should i do the same for internet explorer which is the main browser I use. Also by doing this will I lose all my bookmarks etc?

milobouer
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25623
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by Belahzur on Wed Dec 16, 2009 1:25 am

Actually yeah you probably will if you uninstall it. Okay, don't uninstall it, just install the newest version over the top, it will overwrite the old version, so you won't lose anything.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by milobouer on Wed Dec 16, 2009 1:39 am

that's worked and I can get firefox working, thank you. The only annoying thing is that most of the work I do is on IE and I need to get IE going.

I tried doing the same thing for IE by installing IE8 but still no joy. Strange that it's let firefox work and not ie.

Again thank you so much for your help so far.

milobouer
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25623
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed viruses now cannot connect to Internet Explorer - Pl

Post by Belahzur on Thu Dec 17, 2009 1:20 am

Hmm, not too sure what that problem is. Right click on the IE icon (It's IE 7 or 8 right?) and select the No Add-ons option, does IE run okay without add-ons?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum