 |  |  |  |  |  |  |  |
Help ! Can't access microsoft sites
 |
•
•
Join Date: Sep 2003
Posts: 208
Reputation: 
Solved Threads: 2
Posting Whiz in Training
It only happened after I reinstalled my Windows XP SP2. I can't access microsoft.com, can browse to the windows live site but can't download the live messenger, can't browse to viruslist.com and any anti-virus site such as avg. I had a trial Kaspersky 7.0 that found 7 worms and deleted them but still no luck in being able to browse to microsoft websites. Here's the log of hijackthis I just did :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:25 AM, on 4/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\KasperskyAV2009\avp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\MSOffice07\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\KasperskyAV2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\MobilePhoneConnectivity\My Mobile\SyncML Desktop Server\SyncMLDesktopServer.exe
C:\Program Files\TOSHIBA\MobilePhoneConnectivity\My Mobile\SyncML Desktop Server\SyncController.exe
C:\Program Files\TOSHIBA\MobilePhoneConnectivity\My Mobile\Phone Monitor\epmworker.exe
E:\mozillaFirefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
E:\HijackThis\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\KasperskyAV2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MSOFFI~1\Office12\GRA8E1~1.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [GrooveMonitor] "E:\MSOffice07\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
O4 - HKLM\..\Run: [Msmsgs] C:\WINDOWS\system32\Msmsgs.exe
O4 - HKLM\..\Run: [AVP] "E:\KasperskyAV2009\avp.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\MSOffice07\Office12\ONENOTEM.EXE
O4 - Global Startup: SyncML Desktop Server.lnk = C:\Program Files\Toshiba\MobilePhoneConnectivity\My Mobile\SyncML Desktop Server\SyncMLDesktopServer.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MSOFFI~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\KasperskyAV2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MSOFFI~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0AD51E5-BAD9-4886-ABF9-FBE59672B679}: NameServer = 192.168.30.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MSOFFI~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: E:\KASPER~1\mzvkbd.dll,E:\KASPER~1\mzvkbd3.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\KasperskyAV2009\avp.exe
--
End of file - 4401 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:25 AM, on 4/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\KasperskyAV2009\avp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\MSOffice07\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\KasperskyAV2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\MobilePhoneConnectivity\My Mobile\SyncML Desktop Server\SyncMLDesktopServer.exe
C:\Program Files\TOSHIBA\MobilePhoneConnectivity\My Mobile\SyncML Desktop Server\SyncController.exe
C:\Program Files\TOSHIBA\MobilePhoneConnectivity\My Mobile\Phone Monitor\epmworker.exe
E:\mozillaFirefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
E:\HijackThis\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\KasperskyAV2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MSOFFI~1\Office12\GRA8E1~1.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [GrooveMonitor] "E:\MSOffice07\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
O4 - HKLM\..\Run: [Msmsgs] C:\WINDOWS\system32\Msmsgs.exe
O4 - HKLM\..\Run: [AVP] "E:\KasperskyAV2009\avp.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\MSOffice07\Office12\ONENOTEM.EXE
O4 - Global Startup: SyncML Desktop Server.lnk = C:\Program Files\Toshiba\MobilePhoneConnectivity\My Mobile\SyncML Desktop Server\SyncMLDesktopServer.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MSOFFI~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\KasperskyAV2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MSOFFI~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0AD51E5-BAD9-4886-ABF9-FBE59672B679}: NameServer = 192.168.30.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MSOFFI~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: E:\KASPER~1\mzvkbd.dll,E:\KASPER~1\mzvkbd3.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\KasperskyAV2009\avp.exe
--
End of file - 4401 bytes
Forum bully
•
•
Join Date: Jul 2008
Posts: 3,021
Reputation: 
Solved Threads: 172
The infection you have on the computer is the W32/SillyFDC-AP worm. It is spread via Removable storage devices. I see by your log that it shows both processes running from both "C" drive and "E" drive. I have to assume that "E" drive is a removable drive, correct?
That drive is obviously infected along with your "C" drive. Infected files showing on the auto starting entries are in the "C" drive.
How did you reintstall XP? Did you use an XP disk or was it via a program on the removable drive?
That drive is obviously infected along with your "C" drive. Infected files showing on the auto starting entries are in the "C" drive.
How did you reintstall XP? Did you use an XP disk or was it via a program on the removable drive?
•
•
Join Date: Sep 2003
Posts: 208
Reputation:
Solved Threads: 2
Posting Whiz in Training
No. I have 7 local disks : C, D, E, F, G, H, I and K for the pen drive. Of them, D and I drives make up 20 gigabytes worth of storage space from a secondary hard disk. The other newly bought hard disk is made up of C, E, F,G and H drives. I reinstalled XP on C, installed KAV2009 after posting a log of Hijackthis here and disinfected, deleted and blocked about a thousand instances of the same trojan spread in all the drives and 27 viruses. Now I can browse to microsoft websites and download updates.
However, If I insert the pen drive (K) in its USB port and try to open it, it says " The drive is not formatted. Would you like to format it now?" After I select, " Yes ", a new error message tells me that the disk can't be formatted and that's it. I can't open/ explore my pen drive in anyway.
Also, after the virus scan, I can't double-click on the icons of my disks. If I do, I get a message window that asks me which programs do I want to use to open the drive. I have to right-click and explore to access all the drives. I'm much worried about this because this is exactly how my pen drive used to react after it was infected.
Does this mean my pen drive is absolutely unusable right now? Why am I not being able to open my drives with double-clicks?
However, If I insert the pen drive (K) in its USB port and try to open it, it says " The drive is not formatted. Would you like to format it now?" After I select, " Yes ", a new error message tells me that the disk can't be formatted and that's it. I can't open/ explore my pen drive in anyway.
Also, after the virus scan, I can't double-click on the icons of my disks. If I do, I get a message window that asks me which programs do I want to use to open the drive. I have to right-click and explore to access all the drives. I'm much worried about this because this is exactly how my pen drive used to react after it was infected.
Does this mean my pen drive is absolutely unusable right now? Why am I not being able to open my drives with double-clicks?
Forum bully
|
Similar Threads
- Cannot access any Microsoft websites, all others ok (Networking Hardware Configuration)
- Browser problems - cannot access microsoft.com etc! (Viruses, Spyware and other Nasties)
- Cannot access Microsoft websites (Networking Hardware Configuration)
- Browser problems - cannot access microsoft.com etc! (Windows NT / 2000 / XP)
- Unable to access microsoft.com and others (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: I cant access my control panel
- Next Thread: Trojan(s) and Blue Screens of Death
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fancheckvirus gaming gtaiv gumblar halloween herss.exe hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel patch phishing police policeprovirusmba-mblockedinternetaccess privacy pro problem redirect redirecting reliability report research risk samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
