Ad:

Viruses, Spyware and other Nasties Discussion Thread
Unsolved
Views: 3254

Apr 22nd, 2009

Help ! Can't access microsoft sites

Expand Post »

It only happened after I reinstalled my Windows XP SP2. I can't access microsoft.com, can browse to the windows live site but can't download the live messenger, can't browse to viruslist.com and any anti-virus site such as avg. I had a trial Kaspersky 7.0 that found 7 worms and deleted them but still no luck in being able to browse to microsoft websites. Here's the log of hijackthis I just did :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:25 AM, on 4/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\KasperskyAV2009\avp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\MSOffice07\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\KasperskyAV2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\MobilePhoneConnectivity\My Mobile\SyncML Desktop Server\SyncMLDesktopServer.exe
C:\Program Files\TOSHIBA\MobilePhoneConnectivity\My Mobile\SyncML Desktop Server\SyncController.exe
C:\Program Files\TOSHIBA\MobilePhoneConnectivity\My Mobile\Phone Monitor\epmworker.exe
E:\mozillaFirefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
E:\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\KasperskyAV2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MSOFFI~1\Office12\GRA8E1~1.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [GrooveMonitor] "E:\MSOffice07\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
O4 - HKLM\..\Run: [Msmsgs] C:\WINDOWS\system32\Msmsgs.exe
O4 - HKLM\..\Run: [AVP] "E:\KasperskyAV2009\avp.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\MSOffice07\Office12\ONENOTEM.EXE
O4 - Global Startup: SyncML Desktop Server.lnk = C:\Program Files\Toshiba\MobilePhoneConnectivity\My Mobile\SyncML Desktop Server\SyncMLDesktopServer.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MSOFFI~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\KasperskyAV2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MSOFFI~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0AD51E5-BAD9-4886-ABF9-FBE59672B679}: NameServer = 192.168.30.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MSOFFI~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: E:\KASPER~1\mzvkbd.dll,E:\KASPER~1\mzvkbd3.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\KasperskyAV2009\avp.exe

--
End of file - 4401 bytes

Similar Threads

Cannot access any Microsoft websites, all others ok in Networking
Browser problems - cannot access microsoft.com etc! in Viruses, Spyware and other Nasties
Unable to access microsoft.com and others in Web Browsers
Cannot access Microsoft websites in Networking
Browser problems - cannot access microsoft.com etc! in Windows NT / 2000 / XP

camelNotation

Reputation Points: 16

Solved Threads: 2

Posting Whiz in Training

Offline

208 posts
since Sep 2003

Permalink

Apr 23rd, 2009

Re: Help ! Can't access microsoft sites

The infection you have on the computer is the W32/SillyFDC-AP worm. It is spread via Removable storage devices. I see by your log that it shows both processes running from both "C" drive and "E" drive. I have to assume that "E" drive is a removable drive, correct?
That drive is obviously infected along with your "C" drive. Infected files showing on the auto starting entries are in the "C" drive.

How did you reintstall XP? Did you use an XP disk or was it via a program on the removable drive?

jholland1964

Moderator

Featured Poster

Reputation Points: 725

Solved Threads: 339

Posting Expert

Offline

5,497 posts
since Jul 2008

Permalink

Apr 23rd, 2009

Re: Help ! Can't access microsoft sites

No. I have 7 local disks : C, D, E, F, G, H, I and K for the pen drive. Of them, D and I drives make up 20 gigabytes worth of storage space from a secondary hard disk. The other newly bought hard disk is made up of C, E, F,G and H drives. I reinstalled XP on C, installed KAV2009 after posting a log of Hijackthis here and disinfected, deleted and blocked about a thousand instances of the same trojan spread in all the drives and 27 viruses. Now I can browse to microsoft websites and download updates.

However, If I insert the pen drive (K) in its USB port and try to open it, it says " The drive is not formatted. Would you like to format it now?" After I select, " Yes ", a new error message tells me that the disk can't be formatted and that's it. I can't open/ explore my pen drive in anyway.

Also, after the virus scan, I can't double-click on the icons of my disks. If I do, I get a message window that asks me which programs do I want to use to open the drive. I have to right-click and explore to access all the drives. I'm much worried about this because this is exactly how my pen drive used to react after it was infected.

Does this mean my pen drive is absolutely unusable right now? Why am I not being able to open my drives with double-clicks?

camelNotation

Reputation Points: 16

Solved Threads: 2

Posting Whiz in Training

Offline

208 posts
since Sep 2003

Permalink

Apr 23rd, 2009

Re: Help ! Can't access microsoft sites

I am guessing the computer has some damaged key files from the infection.

jholland1964

Moderator

Featured Poster

Reputation Points: 725

Solved Threads: 339

Posting Expert

Offline

5,497 posts
since Jul 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: I cant access my control panel

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Trojan(s) and Blue Screens of Death

DaniWeb Message

Cancel Changes

User Name
Password