Cannot access Microsoft websites or any anti virus websites.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sidrvr04

Thread Starter
Joined
Jul 14, 2010
Messages
7
Hello all,
I am new here but have searched around but have only found old threads concerning my problem. I cannot access any microsoft websites or anti virus websites. Any help would be appreciated. I have gone through download.com to use hijackthis. I just re-installed my operating system tonight which is windows xp.
here is my log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:54 AM, on 7/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Broadcom\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Broadcom\Security Platform Software\SpTNA.exe
C:\Program Files\Broadcom\Security Platform Software\PSDrt.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\IfxUAGUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IfxSecurePlatformIndication] C:\Program Files\Broadcom\Security Platform Software\SpTNA.exe
O4 - HKLM\..\Run: [PSDruntime] C:\Program Files\Broadcom\Security Platform Software\PSDrt.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: PSDNtfy - C:\Program Files\Broadcom\Security Platform Software\PSDNtfy.dll
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Broadcom - C:\Program Files\Broadcom\Security Platform Software\PSDsrvc.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 4092 bytes
 
Joined
Oct 12, 2008
Messages
2,392
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
 
Joined
Oct 12, 2008
Messages
2,392
don't attach the logs


Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://forums.techguy.org/virus-other-malware-removal/935552-cannot-access-microsoft-websites-any.html

Collect::
c:\windows\system32\veleyhg.dll

Driver::
qhcgtcve

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2638:TCP"=-
KillAll::

NetSvc::
qhcgtcve
Suspect::
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
 

sidrvr04

Thread Starter
Joined
Jul 14, 2010
Messages
7
Here are the new logs

ComboFix 10-07-14.01 - Brandon 07/14/2010 18:59:56.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.216 [GMT -4:00]
Running from: c:\documents and settings\Brandon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brandon\Desktop\cfscript.txt

file zipped: c:\windows\system32\veleyhg.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\veleyhg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QHCGTCVE
-------\Service_qhcgtcve


((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 )))))))))))))))))))))))))))))))
.

2010-07-14 22:49 . 2010-07-14 22:50 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Adobe
2010-07-14 22:48 . 2010-07-14 22:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-14 03:58 . 2010-07-14 03:58 -------- d-----w- c:\program files\Trend Micro
2010-07-14 03:52 . 2010-07-14 03:52 -------- d-----w- c:\program files\VideoLAN
2010-07-14 03:45 . 2010-07-14 04:23 -------- d-----w- c:\program files\Ask.com
2010-07-14 03:45 . 2010-07-14 03:45 -------- d-----w- c:\program files\uTorrent
2010-07-14 03:45 . 2010-07-14 23:03 -------- d-----w- c:\documents and settings\Brandon\Application Data\uTorrent
2010-07-14 03:40 . 2010-07-14 03:40 -------- d-----w- C:\Security Platform
2010-07-14 03:31 . 2010-07-14 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Infineon
2010-07-14 03:24 . 2010-07-14 03:24 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Infineon
2010-07-14 03:18 . 2010-07-14 03:18 0 ----a-w- c:\windows\nsreg.dat
2010-07-14 03:18 . 2010-07-14 03:18 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Mozilla
2010-07-14 02:57 . 2010-07-14 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-07-14 02:49 . 2010-07-14 02:49 -------- d-s---w- c:\documents and settings\Brandon\UserData
2010-07-14 02:29 . 2006-09-15 20:49 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-07-14 02:29 . 2010-07-14 02:29 -------- d-----w- c:\documents and settings\Brandon\Application Data\Infineon
2010-07-14 02:28 . 2006-04-06 19:49 88192 ----a-w- c:\windows\system32\drivers\gtipci21.sys
2010-07-14 02:28 . 2004-03-23 15:45 28672 ----a-w- c:\windows\cttib1.dll
2010-07-14 02:27 . 2010-07-14 02:27 -------- d-----w- c:\windows\tiinst
2010-07-14 02:21 . 2010-07-14 02:22 -------- d-----w- c:\program files\Apoint
2010-07-14 02:21 . 2005-09-29 00:57 113847 ----a-r- c:\windows\system32\drivers\Apfiltr.sys
2010-07-14 02:21 . 2005-03-05 00:31 95511 ----a-r- c:\windows\system32\Vxdif.dll
2010-07-14 02:13 . 2010-07-14 02:13 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2010-07-14 02:13 . 2010-07-14 02:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2010-07-14 02:13 . 2010-07-14 02:13 -------- d-----w- c:\documents and settings\Brandon\Application Data\Intel
2010-07-14 02:13 . 2010-07-14 02:13 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-07-14 02:12 . 2010-07-14 02:12 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2010-07-14 02:12 . 2010-07-14 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-07-14 02:12 . 2007-02-12 15:41 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2010-07-14 02:12 . 2007-02-12 15:40 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2010-07-14 02:12 . 2007-02-08 17:51 2209408 ----a-w- c:\windows\system32\drivers\w29n51.sys
2010-07-14 02:12 . 2010-07-14 02:12 -------- d-----w- c:\program files\Intel
2010-07-14 02:11 . 2010-07-14 02:28 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-14 02:11 . 2006-05-10 19:00 156160 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys
2010-07-14 02:11 . 2006-05-10 19:00 156160 ----a-w- c:\windows\system32\drivers\b57xp32.sys
2010-07-14 02:11 . 2010-07-14 02:25 -------- d-----w- c:\program files\Broadcom
2010-07-14 02:10 . 2010-07-14 02:10 -------- d-----w- c:\program files\CONEXANT
2010-07-14 02:10 . 2005-05-03 19:09 1033728 ----a-w- c:\windows\system32\drivers\HSF_DPV.SYS
2010-07-14 02:10 . 2005-05-03 19:08 208384 ----a-w- c:\windows\system32\drivers\HSFHWICH.sys
2010-07-14 02:10 . 2005-05-03 19:08 705408 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2010-07-14 02:10 . 2005-02-23 19:02 42858 ----a-w- c:\windows\system32\hsfci014.dll
2010-07-14 02:10 . 2004-03-17 16:04 13059 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-07-14 02:10 . 2004-03-17 16:00 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-07-14 02:06 . 2010-07-14 02:24 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-14 02:06 . 2010-07-14 02:06 -------- d-----w- C:\dell
2010-07-14 02:06 . 2008-04-14 04:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-14 02:04 . 2010-07-14 02:04 12328 ----a-w- c:\documents and settings\Brandon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-14 02:02 . 2010-07-14 02:02 -------- d-s---w- c:\windows\system32\Microsoft
2010-07-14 02:02 . 2010-07-14 02:02 -------- d-sh--w- c:\documents and settings\LocalService
2010-07-14 02:02 . 2010-07-14 02:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft
2010-07-14 02:01 . 2010-07-14 02:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft
2010-07-14 02:01 . 2010-07-14 02:01 -------- d-sh--w- c:\documents and settings\NetworkService

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 03:02 . 2010-07-14 03:01 115792 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-07-14 03:02 . 2010-07-14 01:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-14 02:21 . 2010-07-14 02:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 02:07 . 2010-07-14 02:07 -------- d-----w- c:\program files\SigmaTel
2010-07-14 01:58 . 2010-07-14 01:58 -------- d-----w- c:\program files\microsoft frontpage
2010-07-14 01:54 . 2010-07-14 01:54 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\25097\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\25097\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\25097\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\25097\AcrobatUpdater.exe
.

((((((((((((((((((((((((((((( [email protected]_22.08.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-18 09:05 . 2009-12-18 09:05 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\ViewerPS.dll
+ 2009-12-18 12:58 . 2009-12-18 12:58 40368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\reader_sl.exe
+ 2009-12-18 09:05 . 2009-12-18 09:05 67016 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\PDFPrevHndlrShim.exe
+ 2009-12-18 09:04 . 2009-12-18 09:04 83376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\PDFPrevHndlr.dll
+ 2009-12-18 06:43 . 2009-12-18 06:43 95672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\nppdf32.dll
+ 2009-12-18 06:57 . 2009-12-18 06:57 13752 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroRd32Info.exe
+ 2009-12-18 06:16 . 2009-12-18 06:16 65536 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\Acrofx32.dll
+ 2006-06-05 18:14 . 2006-06-05 18:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 18:14 . 2006-06-05 18:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 18:14 . 2006-06-05 18:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2010-07-14 22:49 . 2010-07-14 22:53 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A82000000003}\SC_Reader.exe
+ 2009-12-18 06:51 . 2009-12-18 06:51 372736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\pdfshell.dll
+ 2009-11-10 02:34 . 2009-11-10 02:34 448512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\JP2KLib.dll
+ 2009-12-18 06:14 . 2009-12-18 06:14 140728 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AdobeUpdateCheck.exe
+ 2009-12-18 08:55 . 2009-12-18 08:55 738776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AdobeCollabSync.exe
+ 2009-12-18 07:21 . 2009-12-18 07:21 112048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroRdIF.dll
+ 2009-12-18 12:58 . 2009-12-18 12:58 345520 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroRd32.exe
+ 2009-12-18 06:17 . 2009-12-18 06:17 632240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroPDF.dll
+ 2010-07-14 22:50 . 2010-07-14 22:50 7220736 c:\windows\Installer\41a982a.msp
+ 2010-07-14 22:51 . 2010-07-14 22:51 3906560 c:\windows\Installer\41a9829.msp
+ 2010-07-14 22:49 . 2010-07-14 22:49 4272128 c:\windows\Installer\41a975f.msi
+ 2009-12-18 06:16 . 2009-12-18 06:16 1949696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\rt3d.dll
+ 2009-12-18 12:30 . 2009-12-18 12:30 13313464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-07-14 322352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IfxSecurePlatformIndication"="c:\program files\Broadcom\Security Platform Software\SpTNA.exe" [2005-03-11 114688]
"PSDruntime"="c:\program files\Broadcom\Security Platform Software\PSDrt.EXE" [2005-03-11 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2005-03-11 15:05 360448 ----a-w- c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSDNtfy]
2005-03-11 14:43 45056 ----a-w- c:\program files\Broadcom\Security Platform Software\PSDNtfy.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [3/11/2005 10:43 AM 29283]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [7/13/2010 10:28 PM 88192]
.
Contents of the 'Scheduled Tasks' folder

2010-07-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 20:50]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\rxpqamfg.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 19:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wuapi.dll.mui
c:\windows\system32\wuapi.dll.wusetup.104062.bak 430592 bytes executable
c:\windows\system32\wuauclt.exe.wusetup.104640.bak 111104 bytes executable
c:\windows\system32\wuaucpl.cpl.mui 15072 bytes executable
c:\windows\system32\wuaucpl.cpl.wusetup.105890.bak 162304 bytes executable
c:\windows\system32\wuaueng.dll.mui 17632 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.106453.bak 1135616 bytes executable
c:\windows\system32\wucltui.dll.mui 21728 bytes executable

scan completed successfully
hidden files: 8

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\program files\Broadcom\Security Platform Software\PSDNtfy.dll
c:\windows\system32\IfxWlxEN.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Broadcom\Security Platform Software\PSDsrvc.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\IfxUAGUI.exe
.
**************************************************************************
.
Completion time: 2010-07-14 19:05:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-14 23:05
ComboFix2.txt 2010-07-14 22:09

Pre-Run: 32,605,016,064 bytes free
Post-Run: 32,565,379,072 bytes free

- - End Of File - - AB7ABD834715C903072A4345F4A55C4B
 

sidrvr04

Thread Starter
Joined
Jul 14, 2010
Messages
7
I think the problem has been fixed! Thank you guys very much! Just out of curiousity, what the heck did I just do?
 

sidrvr04

Thread Starter
Joined
Jul 14, 2010
Messages
7
ok nevermind, I thought it was fixed but its not... I did access microsoft.com and avg.com for a few minutes and then i was working with some files and moving them off of this computer and onto my other one and now it isnt working anymore. I have not opened any files tho...
 
Joined
Oct 12, 2008
Messages
2,392
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.
 

sidrvr04

Thread Starter
Joined
Jul 14, 2010
Messages
7
here it is

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-15 13:24:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Brandon\LOCALS~1\Temp\pwloypod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1300] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2512] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104505FE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] tighvljwb <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] mpocxmg
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Reg HKLM\SYSTEM\CurrentControlSet\Services\tighvljwb\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\tighvljwb\[email protected] C:\WINDOWS\system32\veleyhg.dll
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] mpocxmg
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 32
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Reg HKLM\SYSTEM\ControlSet002\Services\tighvljwb\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\tighvljwb\[email protected] C:\WINDOWS\system32\veleyhg.dll

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\indexd.dat 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC.tmp 0 bytes

---- EOF - GMER 1.0.15 ----
 
Joined
Oct 12, 2008
Messages
2,392
what external media have you used on this PC lately ? Whatever it is is infected and needs to be formatted


1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the Avenger folder to your desktop
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code:
Begin copying here:

Drivers to delete:
tighvljwb
Files to delete:
C:\WINDOWS\system32\veleyhg.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger&#8217;s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply
 

sidrvr04

Thread Starter
Joined
Jul 14, 2010
Messages
7
Would all of the items that are stored on the external media be infected also? I have only used a few thumb drives on this system since i re-installed xp. Thank you again for your help.



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "tighvljwb" deleted successfully.

Error: file "C:\WINDOWS\system32\veleyhg.dll" not found!
Deletion of file "C:\WINDOWS\system32\veleyhg.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
 
Joined
Oct 12, 2008
Messages
2,392
no you can take the files off the external media so that you can have a backup, but you need to format it after that is done
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top