help...!!no webpage will open..

[Deleted member 26636]

yesterday after formatting my pc...i tried to connct to the internet using my nokia 6300 usb modem..and it connected perfectly..but no webpage will open..actually only google.com opens but if i use it to search anything..the browser stops at waiting for google.co.in/ sending request to google.co.in...and even after a very long time(around 10 mins)..it remains the same..if i try to open another website such as thinkdigit.com after some time i get the error message telling me to check my internet connection/settings if it is properly connected.but i m able to download stuff using bittorrent or limewire.i am using an airtel gprs connection & it works perfectly fine on my friends laptop..what should i do?

hijack this log file--

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:16 AM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\SOFTWARES\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\SOFTWARES\Autodesk 3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\SOFTWARES\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SOFTWARES\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SOFTWARES\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\SOFTWARES\SRS Audio Sandbox\SRSSSC.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SOFTWARES\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\SOFTWARES\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\SOFTWARES\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [e04d22c8] rundll32.exe "C:\WINDOWS\system32\vkbhvlac.dll",b
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\SOFTWARES\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [BMe37e1154] Rundll32.exe "C:\WINDOWS\system32\jbeuxfyh.dll",s
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SOFTWARES\SRS Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\SOFTWARES\BitLord\BitLord.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\SOFTWARES\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\SOFTWARES\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\SOFTWARES\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\SOFTWARES\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\SOFTWARES\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\SOFTWARES\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\SOFTWARES\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\SOFTWARES\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\SOFTWA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\SOFTWARES\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\SOFTWARES\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: imxpvb.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\SOFTWARES\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\SOFTWARES\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\SOFTWARES\Autodesk 3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4863 bytes

why isn't anyone replying? please help me..

anyway when i ping thinkdigit.com iget the following message--

pinging thinkdigit.com [198.65.131.97] with 32 bytes of data:
request timed out
request timed out
request timed out

ping statistics for 198.65.131.97:
packets: sent = 4, Received = 0,Lost = 4 (100% loss).


the strange part is i can use a p2p software or a torrent client to download files but i cannot open any web page..it isn't a problem of the browser as i've tried firefox, opera & even IE..all with the same problems?

please suggest a solution..thank you.!

 

[afonofa]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:16 AM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [e04d22c8] rundll32.exe "C:\WINDOWS\system32\vkbhvlac.dll",b

O4 - HKLM\..\Run: [BMe37e1154] Rundll32.exe "C:\WINDOWS\system32\jbeuxfyh.dll",s

O20 - AppInit_DLLs: imxpvb.dll

--
End of file - 4863 bytes

Definitely some malware. Did you have any open windows, like add/remove programs or windows firewall settings etc. when you scanned with HJT? If not, then that rundll32.exe should not have been in running processes. I'm 99% sure its due to those dll's loaded into memory. Don't delete rundll32. Its not the problem. But those other files should be deleted. Fix that R1 and 020 entry after the HJT scan. Do it in safe mode if you have to.

About 6 months back, a computer at work(mine) wasn't able to connect through http but I was able to download using bitorrent . Due to time contraints, had to fix it with a backup image. But before you go into safe mode, could you test ESET's Undll on those dll files in normal mode? I've been wanting to test it on an infected system for some time now . See if Undll is able to unload those dll's successfully from memory.

Any idea how your computer got infected so fast after a fresh install? Maybe some software installer that you have is infected? Post another log afterwards if you want to. Also get a firewall to go with ESET Nod32 antivirus.

 

[Deleted member 26636]

actually i copied some data from a friend through a pen drive..the problem started after that..but i've fixed it now..it was indeed due to malware..used process explorer to kill the running processes & then deleted the files..everything is running fine now...but there is still one file- wvUkHbBs.dll in system 32 folder that won't go away..i've tried every possible way to delete it..it doesn't get unregistered or deleted..i've used softwares such as killbox , old timer tools OTMoveIt2, Unlocker etc..in normal & safe mode but the file just won't go away..i'll try eset undll on it..

offtopic-- whenever i start a new application kaspersky antivirus analyses it automatically which sometimes takes about 15 seconds..how do i disable this?

 

[dheeraj_kumar]

Its for your own protection - why would you want to disable it?

Pardon the reference, but its like wearing a condom with a hole.

 

[Deleted member 26636]

well i mostly use my pc to run photoshop ,3ds max or maya..whenever i run these programmes..kaspersky analyses them..is there no way to add them to some sort of exclusion list? and if possible, how can i disable this feature?


@afonofa :-ESET's UNDLL worked..the file wvukhbbs.dll is no longer present in my system...thanx a lot..!!

 

[afonofa]

You cannot disable application analysis. It doesn't really bother me. It only analyses the first time I start a program. But if you want to exclude certain applications and/or folders from analysis you can add them to:

Settings 
> Threats and exclusions 
> Trusted zone 
> Exclusion rules(for folders/other files) OR Trusted Applications(for .exe's)

I don't get why ESET can't integrate Undll into their antivirus/smart security. I hope they do it soon in a future build. They'll keep losing users to Kaspersky this way.

You are welcome 767hsm.221bx. Thank your friend too for giving us the chance to test Undll . Btw how do you pronounce your id?

 

[Deleted member 26636]

^ well my id was supposed to be a password...but i couldn't find a suitable word for the id..so used it..its not meant to be pronounced in any way..just read the individual characters as they are written..

 

[afonofa]

ok so you are either

seven-six-seven-h-s-m-dot-two-two-one-b-x

or

saat-chey-saat-huh-sa-ma-bindu-do-do-ek-makkhi-kulhaadi

 

[dheeraj_kumar]

um...

boeing 767
high school musical
221b baker street
x

just a guess

 

[Deleted member 26636]

well i'll tell you how it came about...my name is himadri sekhar mahanta(i'm from assam). my first names got 7 letters,middle name has 6 & the last name also has 7...so 767..hsm are my initials...the dot doesn't mean anything..221b is indeed for 221b baker street as sherlock holmes has always been my favourite detective...and finally x is my favourite letter as it stands for power,mystery & has a strong feel to it.