Inactive Cannot access anything Microsoft.com on the 'Net

Barrybat · 2011/02/13

[Inactive] Cannot access anything Microsoft.com on the 'Net

My original post with same title http://www.windowsbbs.com/windows-xp/97757-cannot-access-anything-microsoft-com-net.html was posted in the Windows XP forum - I was advised by the moderator to run thru a malware check and post the rusults here:

--------------------------------------------------------------------------------

* * * * * * * * * * * * * * * * * * * *

Getting started ........ what you need

1 If you don't have third party firewall installed make sure that Windows firewall is ON:

Windows Firewall is set to ON

2. If you have a antivirus program, make sure it's up to date. Run a full scan.

If you don't have any antivirus program installed - download, and install ONE of these:
- Avast!
- Avira free antivirus
- Microsoft Security Essentials

All 3 of the above returned "Internet Explorer cannot display the web page." The same issue as reported in my original post. I will need to find a working system and download the files to a stick and "sneaker net" them to the affected (infected?) system.

3. Download Temp File Cleaner (TFC)

Done. A reboot was required.

* * * * * * * * * * * * * * * * * * * *

NOTE. If any of the programs listed below refuses to run, try renaming executive file to something else; for instance, rename mbam.exe to scanner.exe

***VERY IMPORTANT Make sure, you update Malwarebytes before running a scan.***

STEP 1.

Download Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.

(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update

automatically which is not necessary for our purposes)

Same response as #2 above.

STEP 2.

Please download GMER from one of the following locations and save it to your desktop:

GMER results:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-12 23:06:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 FUJITSU_MHV2040AH

rev.00830096
Running: ukoc6ip7.exe; Driver: C:\DOCUME~1\Barry.bat\LOCALS~1\Temp\uxriapoc.sys

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5

Bytes JMP 020A9DD2
.text C:\WINDOWS\System32\svchost.exe[1268] NETAPI32.dll!NetpwPathCanonicalize

5B86A3A9 5 Bytes JMP 020A9D72
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5

Bytes JMP 007A9DD2
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!DialogBoxParamW 7E4247AB 5

Bytes JMP 009E5415 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!DialogBoxIndirectParamW 7E432072 5

Bytes JMP 00B7C510 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!MessageBoxIndirectA 7E43A082 5

Bytes JMP 00B7C491 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!DialogBoxParamA 7E43B144 5

Bytes JMP 00B7C4D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!MessageBoxExW 7E450838 5

Bytes JMP 00B7C3D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!MessageBoxExA 7E45085C 5

Bytes JMP 00B7C413 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!DialogBoxIndirectParamA 7E456D7D

5 Bytes JMP 00B7C54B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!MessageBoxIndirectW 7E4664D5 5

Bytes JMP 00B7C44D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel

Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2

Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel

Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2

Keyboard filter driver/Hewlett-Packard Company)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter

Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter

Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter

Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter

Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter

Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access

Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] sizabfv

<-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sizabfv@DisplayName Windows

Universal
Reg HKLM\SYSTEM\CurrentControlSet\Services\sizabfv@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\sizabfv@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sizabfv@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sizabfv@ImagePath %SystemRoot%

\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\sizabfv@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\sizabfv@Description Notifies selected

users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not

receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\sizabfv\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\sizabfv\Parameters@ServiceDll

C:\WINDOWS\system32\ghpjqtks.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sizabfv@DisplayName Windows

Universal
Reg HKLM\SYSTEM\ControlSet002\Services\sizabfv@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\sizabfv@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\sizabfv@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\sizabfv@ImagePath %SystemRoot%

\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\sizabfv@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\sizabfv@Description Notifies selected

users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not

receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\sizabfv\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sizabfv\Parameters@ServiceDll

C:\WINDOWS\system32\ghpjqtks.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sizabfv@DisplayName Windows

Universal
Reg HKLM\SYSTEM\ControlSet003\Services\sizabfv@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\sizabfv@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\sizabfv@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\sizabfv@ImagePath %SystemRoot%

\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\sizabfv@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\sizabfv@Description Notifies selected

users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not

receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet003\Services\sizabfv\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sizabfv\Parameters@ServiceDll

C:\WINDOWS\system32\ghpjqtks.dll

---- EOF - GMER 1.0.15 ----

STEP 3.

Download MBRCheck to your desktop

MBRCheck results:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7A87000 \WINDOWS\system32\KDCOM.DLL
0xF7997000 \WINDOWS\system32\BOOTVID.dll
0xF7458000 ACPI.sys
0xF7A89000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7447000 pci.sys
0xF7587000 isapnp.sys
0xF7597000 ohci1394.sys
0xF75A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF799B000 compbatt.sys
0xF799F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B4F000 pciide.sys
0xF7807000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A8B000 intelide.sys
0xF7429000 pcmcia.sys
0xF75B7000 MountMgr.sys
0xF740A000 ftdisk.sys
0xF7A8D000 dmload.sys
0xF73E4000 dmio.sys
0xF79A3000 ACPIEC.sys
0xF7B50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF780F000 PartMgr.sys
0xF75C7000 VolSnap.sys
0xF73CC000 atapi.sys
0xF75D7000 disk.sys
0xF75E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73AC000 fltmgr.sys
0xF739A000 sr.sys
0xF7384000 drvmcdb.sys
0xF7817000 PxHelp20.sys
0xF736D000 KSecDD.sys
0xF72E0000 Ntfs.sys
0xF72B3000 NDIS.sys
0xF7299000 Mup.sys
0xF7627000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7697000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF66D3000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF66BF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7837000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF669B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF783F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6560000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF6520000 \SystemRoot\system32\drivers\smwdm.sys
0xF64FC000 \SystemRoot\system32\drivers\portcls.sys
0xF76C7000 \SystemRoot\system32\drivers\drmk.sys
0xF64B8000 \SystemRoot\system32\drivers\ks.sys
0xF6498000 \SystemRoot\system32\drivers\aeaudio.sys
0xF6362000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7847000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76D7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF784F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF632B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7ABB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76E7000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF62BA000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF78BF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7637000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7AF7000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7647000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7657000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6DFE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6DFA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7C80000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7677000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6DF6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF4D82000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7667000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7687000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78C7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF4D71000 \SystemRoot\system32\DRIVERS\psched.sys
0xF5D29000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78D7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78DF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF4D41000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF5D19000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AF9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF4CE3000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A2F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF5CE9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6C81000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AD9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BE5000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ADB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF798F000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7827000 \SystemRoot\System32\drivers\vga.sys
0xF7ADD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7ADF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF782F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7857000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A63000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9ECA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9E71000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9E49000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA9E27000 \SystemRoot\System32\drivers\afd.sys
0xF7747000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9DFC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9D64000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6CF1000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9D3E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7AE1000 \??\C:\WINDOWS\system32\drivers\EABFiltr.sys
0xF7787000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9F83000 \SystemRoot\System32\drivers\Dxapi.sys
0xF787F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C6D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1CC000 \SystemRoot\System32\igxpdx32.DLL
0xF4E51000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6CC1000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF4DD1000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7C62000 \SystemRoot\system32\dla\tfsndres.sys
0xA91F9000 \SystemRoot\system32\dla\tfsnifs.sys
0xA9D32000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7A91000 \SystemRoot\system32\dla\tfsnpool.sys
0xA999A000 \SystemRoot\system32\dla\tfsnboio.sys
0xF4DE1000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7C61000 \SystemRoot\system32\dla\tfsndrct.sys
0xA91E0000 \SystemRoot\system32\dla\tfsnudf.sys
0xA91C7000 \SystemRoot\system32\dla\tfsnudfa.sys
0xA91AB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8F5A000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8FC7000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8B67000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA89FD000 \SystemRoot\system32\DRIVERS\srv.sys
0xA87B4000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9314000 \SystemRoot\System32\Drivers\AFGSp50.sys
0xA8464000
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
468 C:\WINDOWS\system32\smss.exe
612 csrss.exe
660 C:\WINDOWS\system32\winlogon.exe
968 C:\WINDOWS\system32\services.exe
980 C:\WINDOWS\system32\lsass.exe
1148 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1300 C:\WINDOWS\system32\svchost.exe
1388 svchost.exe
1496 svchost.exe
1732 C:\WINDOWS\system32\spoolsv.exe
192 C:\WINDOWS\explorer.exe
500 C:\WINDOWS\AGRSMMSG.exe
520 C:\WINDOWS\system32\dla\tfswctrl.exe
528 C:\WINDOWS\system32\igfxtray.exe
536 C:\WINDOWS\system32\hkcmd.exe
548 C:\WINDOWS\system32\igfxpers.exe
556 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
564 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
572 C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
636 C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
696 C:\WINDOWS\system32\ctfmon.exe
704 C:\WINDOWS\system32\igfxsrvc.exe
1360 C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
1556 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
1600 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
1620 wdfmgr.exe
1976 C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
2220 alg.exe
3224 C:\WINDOWS\system32\svchost.exe
2408 C:\Program Files\Internet Explorer\iexplore.exe
1548 wmiprvse.exe
1260 C:\Documents and Settings\Barry.bat\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000006`dfe0c000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2040AH, Rev: 00830096

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

STEP 4.

Please, download DDS from one of the 2 mirrors and save it to your desktop.

DDS locked up. Tried several times, including SafeMode & renaming the file, over a 24-hr period w/o joy.

STEP 5.

Start a new topic in our Malware and Virus Removal forum and provide following logs:

Malwarebytes (MBAM)
GMER
MBRCheck
DDS(2 logs)
DO NOT make any other changes to your computer (like installing programs,using other cleaning tools, etc.), until it's officially declared clean!

*******************

I agree with the Windows XP moderator in that it appears that I have a virus or malware infection. Any and all help will be appreciated - I will undate the missing information as soon as I can obtain the necessary files.

broni · 2011/02/13

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Please, disable "word wrap" in Notepad, because some of your logs are hard to read.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Barrybat · 2011/02/13

Thanks for the tips...

Attempted to download TDSSKiller and received the Internet Explorer cannot open the web site.

broni · 2011/02/13

Try HERE

broni · 2011/02/23

Reopened.

Barrybat · 2011/02/27

Update with request to reclassify to "Resolved. "

Finally was able to sneaker-net the needed files to my infected system. The following is my initial reports that were missing in my first update:

MS Essentials:

A worm was found: Win32/Conflicker.B!inf. It was removed, but re-appeared the following day. Discovered that my flash sticks were also infected and needed cleanning. Did that successfully, the worm has not reappeared since.

Lesson: learned to include my flash sticks on all full scans!

****

Mbytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5777

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/16/2011 1:50:28 PM
mbam-log-2011-02-16 (13-50-28).txt

Scan type: Quick scan
Objects scanned: 149092
Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 8
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\perfect optimizer (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\firstbackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\fullbackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Service (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\ghpjqtks.dll (Worm.Autorun) -> Delete on reboot.
c:\program files\perfect optimizer\perfectoptimizer.ini (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

****

After this, I was then able to access official MS web sites, where I immediately started the badly needed updates for my system - this took 3 days as I also caught up with my defrags and unnecessary file removals.

I tested the system for 2 weeks, using it as I normally do. No problems were found or experienced during this period, so I installed my new programs that prompted this plea for help.

I ran full scans with up-to-date data files installed late last night/early this morning, the results are as follows:

MS Essentials:

Scan completed on 468888 items. No threats were detected on your computer during this scan. Security Essentials is monitoring your computer and helping to protect it.

****

Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5859

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/27/2011 1:44:31 AM
mbam-log-2011-02-27 (01-44-31).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)
Objects scanned: 196383
Time elapsed: 2 hour(s), 4 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

****

My amature conclusion is that my issue has been resolved, however I am defferring the finale classification to the pros on this forum. I want to thank everyone who took the time to read my post and help me, pointing me in the correct direction.

broni · 2011/02/27

We'll have to see, if your computer is totally clean.

Please, complete all steps listed here: this post

Skip Malwarebytes.

Log in or Sign up

Inactive Cannot access anything Microsoft.com on the 'Net

Barrybat Inactive Thread Starter

broni Moderator Malware Analyst

Barrybat Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Barrybat Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Cannot access anything Microsoft.com on the 'Net

Barrybat Inactive Thread Starter

broni Moderator Malware Analyst

Barrybat Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Barrybat Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches