Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unable to access Antivirus sites

Started by sard , Sep 01 2009 10:01 AM

  • Please log in to reply

#1
sard
Posted 01 September 2009 - 10:01 AM

sard

    New Member

  • Member
  • Pip
  • 2 posts
Hello! im obviously a noob in here... i did a combofix scan on my laptops (XP and a Vista they cant access antivirus sites/microsoft and the likes.) but there is internet. I hope you guys could help me.
Here it goes for my xp laptop:


ComboFix 09-08-31.04 - User 09/01/2009 23:36.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.63.1033.18.1519.1082 [GMT 8:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DAC970NT
-------\Service_dac970nt


((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.

2009-09-01 13:08 . 2009-09-01 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-25 09:10 . 2004-10-26 14:37 99656 ----a-w- c:\windows\system32\KMPJLMN.DLL
2009-08-20 07:00 . 2009-08-20 07:13 -------- d-----w- C:\Sard USB Backup
2009-08-18 08:29 . 2009-08-18 08:30 -------- d-----w- c:\program files\Garena

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 13:07 . 2009-05-12 03:15 -------- d-----w- c:\program files\COMODO
2009-09-01 13:05 . 2009-05-12 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-08-26 08:01 . 2009-05-12 02:48 44504 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 07:57 . 2009-06-29 10:01 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2009-07-29 00:51 . 2009-07-27 05:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-29 00:00 . 2009-07-27 05:26 4096 ----a-w- c:\windows\system32\detoured.dll
2009-07-08 08:44 . 2009-07-08 08:44 -------- d-----w- c:\program files\Cucusoft
2009-07-07 16:12 . 2009-07-07 16:11 -------- d-----w- c:\program files\WinPcap
2009-06-30 10:43 . 2009-06-30 10:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-30 10:43 . 2009-06-30 10:43 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-29 01:25 . 2009-06-29 01:25 1989248 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-29 01:23 . 2009-06-29 01:23 0 ----a-w- c:\windows\nsreg.dat
2009-05-12 03:40 . 2009-05-12 03:40 2 --shatr- c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-13 99840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBGP.EXE"=
"c:\\WINDOWS\\system32\\WISPTIS.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\jqsnotify.exe"=
"c:\\Documents and Settings\\User\\Desktop\\Idloads\\msgr9us.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexStoreSvr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
"c:\\Program Files\\PhotoScape\\PhotoScape.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\WINDOWS\\system32\\calc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\spider.exe"=
"c:\\PROGRA~1\\MICROS~2\\OFFICE11\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7561:TCP"= 7561:TCP:mhbpezp

S2 asfselbge;Monitor Server;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 4:42 AM 14336]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\ATK0100\ASNDIS5.sys [5/12/2009 10:50 AM 16269]
S3 bnkapoph;bnkapoph;\??\c:\windows\system32\094.tmp --> c:\windows\system32\094.tmp [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\ICN3D15.tmp --> c:\docume~1\User\LOCALS~1\Temp\ICN3D15.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/7/2007 4:22 AM 34064]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [5/28/2009 3:10 PM 34760]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DAC970NT

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
asfselbge

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\0qw0r5ty.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 23:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bnkapoph]
"ImagePath"="\??\c:\windows\system32\094.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\ICN3D15.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asfselbge]
"ServiceDll"="c:\windows\system32\nlpsku.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-09-01 23:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-01 15:43

Pre-Run: 58,187,649,024 bytes free
Post-Run: 58,113,429,504 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

159
  • 0

Advertisements

#2
sard
Posted 02 September 2009 - 07:13 PM

sard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
hello. help anyone? :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP