PDA

View Full Version : Unable to connect to Google.com or Yahoo.com



CollateralDamage
2009-04-11, 00:37
Just started today. Have not downloaded any new programs and did not open any email attachments. Checked my hosts file and it looks fine with the only entries in it being from Spybot. HiJackThis log below. I don't see anything wrong.Thanks for any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:37 PM, on 4/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://cgi.ebay.com
O15 - Trusted Zone: http://www.ebay.com
O15 - Trusted Zone: http://by134w.bay134.mail.live.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229807018563
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE4A50A0-88DB-47BD-89B1-3ECD48EA3E8E}: NameServer = 64.136.173.5 64.136.164.77
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 3934 bytes

Blade81
2009-04-11, 14:54
Hi there,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Download GMER (http://www.gmer.net/gmer.zip) and save it your desktop:
Extract it to your desktop and double-click GMER.exe
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

CollateralDamage
2009-04-12, 02:04
Thanks for your help. The Yahoo search is also affected in addition to Google. Just resolves to "localhost". I ran Microsoft Malicious Software Removal Tool to no avail. I ran a virus scan with Avast to no avail. I Ran Spybot to no avail. The results of all the scans you requested below. Again, thanks for help.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Tony at 17:08:39.57 on Sat 04/11/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255.72 [GMT -4:00]

AV: avast! antivirus 4.8.1229 [VPS 090409-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tony\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.msn.com
uSearch Bar = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
EB: http://www.sony.com/vaiopeople: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [CARPService] carpserv.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ebay.com\cgi
Trusted Zone: ebay.com\www
Trusted Zone: google.com\www
Trusted Zone: live.com\by134w.bay134.mail
Trusted Zone: microsoft.com\www.update
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229807018563
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {BE4A50A0-88DB-47BD-89B1-3ECD48EA3E8E} = 64.136.173.5 64.136.164.77

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\870hzy80.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

============= SERVICES / DRIVERS ===============

R0 va16w2;va16w2;c:\windows\system32\drivers\va16w2.sys [2001-12-6 18665]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-14 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-14 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-14 147640]
R3 ati2mpab;ati2mpab;c:\windows\system32\drivers\ati2mpab.sys [2001-12-6 299776]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-14 250040]
R3 HSFHWVIA;HSFHWVIA;c:\windows\system32\drivers\HSFHWVIA.sys [2008-8-13 159616]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-14 348344]
S3 VIAMODEM;VIAMODEM;c:\windows\system32\drivers\viamodem.sys --> c:\windows\system32\drivers\VIAMODEM.sys [?]

=============== Created Last 30 ================

2009-04-11 14:56 <DIR> --d----- c:\program files\Motion Technologies
2009-04-10 17:17 <DIR> --d----- c:\program files\Trend Micro
2009-04-03 14:46 <DIR> --d----- c:\program files\Unlocker
2009-03-20 18:12 80 a------- c:\windows\PicEdit.INI

==================== Find3M ====================

2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-01-27 20:47 3,695 a------- c:\windows\mozver.dat

============= FINISH: 17:09:49.26 ===============







DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/13/2008 7:23:44 PM
System Uptime: 4/11/2009 10:53:31 AM (7 hours ago)

Motherboard: Sony Corporation | | Q3-Project
Processor: mobile AMD Athlon(tm) XP 1500+ | Socket A | 494/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 15 GiB total, 8.069 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 11.373 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80F6104D&REV_10\3&61AAA01&0&80
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80F6104D&REV_10\3&61AAA01&0&80
Service: RTL8023xp

==== System Restore Points ===================

RP86: 10/9/2008 5:57:48 PM - System Checkpoint
RP87: 10/9/2008 5:59:15 PM - LatestGreatestAllSeemsFine
RP88: 10/10/2008 6:36:22 PM - System Checkpoint
RP89: 10/12/2008 8:38:07 AM - System Checkpoint
RP90: 10/13/2008 12:05:05 PM - System Checkpoint
RP91: 10/14/2008 5:22:28 PM - System Checkpoint
RP92: 10/16/2008 2:08:22 PM - System Checkpoint
RP93: 10/17/2008 2:44:48 PM - System Checkpoint
RP94: 10/18/2008 6:57:08 PM - System Checkpoint
RP95: 10/19/2008 9:51:32 AM - Installed Prospector
RP96: 10/21/2008 1:26:55 PM - System Checkpoint
RP97: 10/22/2008 2:14:30 PM - System Checkpoint
RP98: 10/25/2008 4:05:57 PM - Software Distribution Service 3.0
RP99: 10/25/2008 9:56:37 PM - Removed Ad-Aware
RP100: 12/20/2008 5:10:47 PM - Software Distribution Service 3.0
RP101: 12/30/2008 10:22:21 PM - Removed Prospector
RP102: 12/30/2008 10:24:02 PM - Installed Prospector
RP103: 1/23/2009 8:38:51 PM - Installed SUPERAntiSpyware Free Edition
RP104: 1/23/2009 11:33:20 PM - Removed eBay Desktop
RP105: 1/23/2009 11:35:15 PM - Removed SUPERAntiSpyware Free Edition
RP106: 1/27/2009 7:46:58 PM - Shockwave Player
RP107: 1/27/2009 8:00:13 PM - Shockwave Player
RP108: 3/11/2009 7:53:31 PM - Software Distribution Service 3.0
RP109: 3/11/2009 8:34:57 PM - Software Distribution Service 3.0
RP110: 4/11/2009 2:56:41 PM - Installed BackPage Reader

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Photoshop Elements
Adobe Reader 7.1.0
Adobe Shockwave Player
ATI Display Driver
avast! Antivirus
BackPage Reader
Cablenut 4.08
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
DigitalPrint 1.1
DVgate
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
hp instant support
hp officejet k series
ImageStation
ImageStation Demo
InterVideo WinDVD
Java(TM) 6 Update 7
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Office 2000 Premium
Microsoft Visual J# 2.0 Redistributable Package
Motion JPEG Software Decoder
MovieShaker 3.3
Mozilla Firefox (2.0.0.4)
Music Visualizer Library 1.2
OpenMG Secure Module 3.0.01
PhotoPrinter 2000 Pro
PicoPlayer
PicoPlayer Demo
PicoPlayerSplashScreen
PictureGear 5.1
Prospector
PySolFC Solitaire (a freeware Solitaire Game) version 1.1
Quicken 2002 New User Edition
QuickTime
RealJukebox
RealPlayer Basic
RealProducer Basic 8.5
Screenblast ACID 2.0
Screenblast Sound Forge 1.0a
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Smart Capture
SoftK56 Data Fax CARP
SonicStage 1.1.00
SonicStage CD-R Writing Module
Sony Certificate PCH
Sony DV Shared Library
Spybot - Search & Destroy
Support Actions Win2K,WinXP
Unlocker 1.8.7
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VAIO Brezza Wallpaper
VAIO Grid Wallpaper
VAIO Help & Support
VAIO Registration
VAIO Serenus Wallpaper
VisualFlow 2.1
WebFldrs XP
Winamp3 (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Winmx Community 1
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

4/9/2009 4:23:15 PM, error: Service Control Manager [7001] - The Remote Procedure Call (RPC) Locator service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/9/2009 4:23:15 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/7/2009 11:08:33 AM, error: Print [6161] -
4/10/2009 10:49:44 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/10/2009 1:07:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

==== End Of File ===========================






GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-11 18:36:37
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF7DC3618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF7DC34D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF7DC39B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF7DC30AC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF7DC35AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF7DC2FEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF7DC3050]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF7DC36CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF7DC368E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF7DC380E]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[432] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[432] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Blade81
2009-04-12, 02:33
Ok. Let's continue cleaning process :)



Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.


Please download GooredFix (http://jpshortstuff.247fixes.com/GooredFix.exe) and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.

Blade81
2009-04-19, 15:45
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.