TechTalkz.com Logo Ask the Expert

Go Back   TechTalkz.com Technology & Computer Troubleshooting Forums > Tech World > Computer Security
Reload this Page Cannot access Antivirus Sites/Google/Avast etc.
Register Forum Rules Getting Started! - Guide Blog Videos Gallery Members List Social Groups Mark Forums Read

Notices

Cannot access Antivirus Sites/Google/Avast etc.

Computer Security


Reply
Page 29 of 84 « First 192728 29 30313979 Last »
 
Thread Tools Display Modes
Old 03-02-2009, 06:11 PM   #281
Founder
 
Strider's Avatar
 
Join Date: Nov 2005
Location: The Last City Zion!
Posts: 3,873
Thanks: 369
Thanked 409 Times in 354 Posts
Rep Power: 67 Strider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just Great


OS: Windows XP Windows Server 2003 / Windows Server 2008 Windows Vista Windows 7 Linux


Re: Cannot access Antivirus Sites/Google/Avast etc.
Glad to see your problem is solved. Keep your antivirus up to date and use a Firewall like ZoneAlarm for avoiding further infections.
Strider is offline   Reply With Quote
Thanked Users:
MOBAJOBG (03-02-2009)
Old 03-02-2009, 07:06 PM   #282
ƒ(ψ)=Θº×φ
 
bakuryu's Avatar
 
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87 bakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant future


OS: Windows XP Windows Vista Windows 7


Send a message via Yahoo to bakuryu
Re: Cannot access Antivirus Sites/Google/Avast etc.
You still need to delete the following files :

c:\windows\system32\gmbbqpw.dll

Also see this one too :
TechTalkz.com Technology & Computer Troubleshooting Forums - View Single Post - Worms atack me:Worm/kido.Da, Worm/kido.Hc , Worm/kido.BY. Worm/kido.ED or Win32/Conficker.A Removal
__________________
Please don't click here
bakuryu is offline   Reply With Quote
Thanked Users:
MOBAJOBG (04-02-2009)
Old 03-02-2009, 09:32 PM   #283
Ace
Newbie
 
Ace's Avatar
 
Join Date: Feb 2009
Location: Manila,Philippines
Age: 21
Posts: 13
Thanks: 2
Thanked 0 Times in 0 Posts
Rep Power: 0 Ace is an unknown quantity at this point


OS: Windows XP


Re: Cannot access Antivirus Sites/Google/Avast etc.
Quote:
Originally Posted by Strider View Post
Hi Ace:

1. Can you access any antivirs sites using other browsers such as Mozilla Fire fox?

2. Can you access AVG website using this ip address: 193.86.103.19 ?

3. What happened to Combofix? What error did you get? Can you post a screenshot or quote the exact error message?
1.Nope, i cant access av websites on ie,firefox and chrome.

2.Yes sir.

3. I tried it again, this time a threat has been detected.
the error i stated last time was on the left.
__________________
Less Talk, Less Mistake.
Ace is offline   Reply With Quote
Old 03-02-2009, 10:42 PM   #284
ƒ(ψ)=Θº×φ
 
bakuryu's Avatar
 
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87 bakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant future


OS: Windows XP Windows Vista Windows 7


Send a message via Yahoo to bakuryu
Re: Cannot access Antivirus Sites/Google/Avast etc.
@Ace :::
use CCleaner to clean out your temporary files and then download and run ComboFix again.
Last edited by Strider; 04-02-2009 at 09:52 AM..
bakuryu is offline   Reply With Quote
Old 04-02-2009, 01:58 AM   #285
Newbie
 
Join Date: Feb 2009
Age: 23
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0 david06 is an unknown quantity at this point


OS: Windows XP


Re: Cannot access Antivirus Sites/Google/Avast etc.
strider thankyou for helping me and i really appreciate that,, i follow all your step but i had some problem..
i cant delete tbvdbni
i didnt found tbvdbn
olso didnt found mountpoints2
i use killbox to delete c:\windows\system32\zejffy.dll but i had a error saying that i cannot delete that file,, and didnt found c:\windows\system32\01.tmp
and when i try the last step it say that netsh isnt recognize as a internal or external command..

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:31, on 03-02-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
C:\WINDOWS\BisonCam\BisonHK.exe
C:\WINDOWS\BisonCam\DeLay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\HotKey_Driver\HotKeyDriver.exe
C:\Arquivos de programas\Adobe Media Player\Adobe Media Player.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Arquivos de programas\banda larga tmn\Modem.exe
C:\Arquivos de programas\banda larga tmn\ejectdisk.exe
C:\Documents and Settings\David\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [BisonHK] C:\WINDOWS\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Arquivos de programas\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: HotKeyDriver.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{23842016-5725-42A1-B397-5AA94741DB3C}: NameServer = 212.55.154.174 10.11.12.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EEEA62F-145B-4710-B2A1-7E12FB445517}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{23842016-5725-42A1-B397-5AA94741DB3C}: NameServer = 212.55.154.174 10.11.12.14
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4540 bytes
Code:
ComboFix 09-02-02.04 - David 2009-02-03 21:05:03.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1046.18.3069.2632 [GMT 0:00]
Executando de: c:\documents and settings\David\Desktop\Fix.exe
.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\autorun.inf

.
((((((((((((((((   Arquivos/Ficheiros criados de 2009-01-03 to 2009-02-03  ))))))))))))))))))))))))))))
.

2009-02-03 20:40 . 2009-02-03 20:40	<DIR>	d--------	c:\documents and settings\Administrador
2009-02-03 19:41 . 2009-02-03 19:41	<DIR>	d--------	C:\!KillBox
2009-02-02 20:17 . 2009-02-02 20:17	0	--a------	c:\windows\nsreg.dat
2009-02-02 01:31 . 2009-02-02 01:31	<DIR>	d--------	c:\arquivos de programas\Arquivos comuns\Adobe AIR
2009-02-02 01:31 . 2009-02-02 01:31	<DIR>	d--------	c:\arquivos de programas\Adobe Media Player
2009-02-02 01:27 . 2009-02-02 01:27	<DIR>	d--------	c:\arquivos de programas\Google
2009-02-02 00:04 . 2009-02-02 00:28	<DIR>	d--------	c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-02-02 00:04 . 2009-02-02 00:04	<DIR>	d--------	c:\arquivos de programas\Spybot - Search & Destroy
2009-02-01 20:58 . 2009-02-01 20:58	<DIR>	d--------	c:\documents and settings\David\Dados de aplicativos\Symantec
2009-02-01 20:27 . 2009-02-02 19:07	<DIR>	d--------	c:\documents and settings\All Users\Dados de aplicativos\Symantec
2009-02-01 20:26 . 2009-02-02 19:08	<DIR>	d--------	c:\arquivos de programas\Arquivos comuns\Symantec Shared
2009-02-01 19:03 . 2009-02-01 19:03	<DIR>	d--------	c:\arquivos de programas\REALTEK RTL8187B Wireless LAN Driver
2009-02-01 19:03 . 2007-12-25 03:20	288,000	-ra------	c:\windows\system32\drivers\RTL8187B.sys
2009-02-01 19:03 . 2007-12-25 03:20	288,000	-r-------	c:\windows\system\rtl8187B.sys
2009-02-01 18:28 . 2009-02-01 18:28	<DIR>	d--------	c:\documents and settings\David\Dados de aplicativos\InstallShield
2009-02-01 18:16 . 2009-02-01 18:16	<DIR>	d--------	c:\windows\system32\Lang
2009-02-01 18:16 . 2009-02-01 18:16	940,794	--a------	c:\windows\system32\LoopyMusic.wav
2009-02-01 18:16 . 2009-02-01 18:16	146,650	--a------	c:\windows\system32\BuzzingBee.wav
2009-02-01 18:15 . 2009-02-01 18:15	<DIR>	d--------	c:\arquivos de programas\HotKey_Driver
2009-02-01 18:15 . 2004-03-09 00:00	1,081,616	---------	c:\windows\system32\MSCOMCTL.OCX
2009-02-01 18:15 . 2004-03-09 00:00	662,288	---------	c:\windows\system32\MSCOMCT2.OCX
2009-02-01 18:15 . 2004-03-09 00:00	416,528	---------	c:\windows\system32\COMCT332.OCX
2009-02-01 18:15 . 2004-03-09 00:00	152,848	---------	c:\windows\system32\comdlg32.ocx
2009-02-01 18:15 . 1998-06-24 00:00	103,744	---------	c:\windows\system32\MSCOMM32.OCX
2009-02-01 18:15 . 1998-06-24 00:00	67,376	---------	c:\windows\system32\SYSINFO.OCX
2009-02-01 18:15 . 2005-07-19 11:42	5,120	---------	c:\windows\system32\CLEVOMOF.dll
2009-02-01 18:14 . 2004-02-12 06:49	356,352	-ra------	c:\windows\EMCRI.dll
2009-02-01 18:14 . 2007-04-10 09:50	66,432	-ra------	c:\windows\system32\drivers\EMS7SK.sys
2009-02-01 18:14 . 2007-04-10 09:50	46,080	-ra------	c:\windows\system32\drivers\ESD7SK.sys
2009-02-01 18:13 . 2009-02-01 18:13	<DIR>	d--------	c:\arquivos de programas\Synaptics
2009-02-01 18:13 . 2007-08-16 22:05	212,704	--a------	c:\windows\system32\drivers\SynTP.sys
2009-02-01 18:13 . 2007-08-16 22:12	196,608	--a------	c:\windows\system32\SynCtrl.dll
2009-02-01 18:13 . 2007-08-16 22:11	163,840	--a------	c:\windows\system32\SynCOM.dll
2009-02-01 18:13 . 2007-08-16 22:26	147,456	--a------	c:\windows\system32\SynTPAPI.dll
2009-02-01 18:13 . 2007-08-16 23:10	110,592	--a------	c:\windows\system32\SynTPCo4.dll
2009-02-01 18:13 . 2007-10-14 05:00	43,264	-ra------	c:\windows\system32\drivers\SiSGbeXP.sys
2009-02-01 18:11 . 2009-02-03 20:56	<DIR>	d--------	c:\arquivos de programas\banda larga tmn
2009-02-01 18:11 . 2008-03-21 10:16	104,960	--a------	c:\windows\system32\drivers\ZTEusbser6k.sys
2009-02-01 18:11 . 2008-03-21 10:16	104,960	--a------	c:\windows\system32\drivers\ZTEusbnmea.sys
2009-02-01 18:11 . 2008-03-21 10:16	104,960	--a------	c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-02-01 18:10 . 2009-02-01 18:11	<DIR>	d--------	c:\windows\system32\SupportAppPT
2009-02-01 18:10 . 2008-04-13 11:45	26,368	--a--c---	c:\windows\system32\dllcache\usbstor.sys
2009-02-01 18:09 . 2009-02-01 18:09	<DIR>	d--------	c:\arquivos de programas\Realtek
2009-02-01 18:09 . 2009-02-01 19:03	<DIR>	d--h-----	c:\arquivos de programas\InstallShield Installation Information
2009-02-01 18:08 . 2009-02-01 18:08	<DIR>	d--------	c:\windows\nview
2009-02-01 18:08 . 2008-03-05 03:07	520,192	-r-------	c:\windows\RtlExUpd.dll
2009-02-01 18:08 . 2008-03-28 03:04	442,368	--a------	c:\windows\system32\nvudisp.exe
2009-02-01 18:08 . 2009-02-01 18:08	315,392	--a------	c:\windows\HideWin.exe
2009-02-01 18:08 . 2009-02-03 21:03	176,225	--a------	c:\windows\system32\nvapps.xml
2009-02-01 18:08 . 2008-03-28 03:04	17,937	--a------	c:\windows\system32\nvdisp.nvu
2009-02-01 18:07 . 2009-02-01 18:13	<DIR>	d--------	c:\arquivos de programas\Arquivos comuns\InstallShield
2009-02-01 18:07 . 2008-03-26 12:30	442,368	--a------	c:\windows\system32\NVUNINST.EXE
2009-02-01 18:04 . 2009-02-01 17:56	<DIR>	d--h-----	c:\documents and settings\David\Modelos
2009-02-01 18:04 . 2009-02-02 00:26	<DIR>	dr-------	c:\documents and settings\David\Meus documentos
2009-02-01 18:04 . 2009-02-01 17:45	<DIR>	dr-------	c:\documents and settings\David\Menu Iniciar
2009-02-01 18:04 . 2009-02-01 18:04	<DIR>	dr-------	c:\documents and settings\David\Favoritos
2009-02-01 18:04 . 2009-02-02 20:17	<DIR>	dr-h-----	c:\documents and settings\David\Dados de aplicativos
2009-02-01 18:04 . 2009-02-01 18:04	<DIR>	d--h-----	c:\documents and settings\David\Configurações locais
2009-02-01 18:04 . 2009-02-01 17:45	<DIR>	d--h-----	c:\documents and settings\David\Ambiente de rede
2009-02-01 18:04 . 2009-02-01 17:45	<DIR>	d--h-----	c:\documents and settings\David\Ambiente de impressão
2009-02-01 18:04 . 2009-02-02 01:31	<DIR>	d--------	c:\documents and settings\David
2009-02-01 18:03 . 2009-02-01 18:03	<DIR>	d---s----	c:\windows\system32\Microsoft
2009-02-01 18:03 . 2009-02-01 18:03	<DIR>	d--------	c:\documents and settings\NetworkService\Dados de aplicativos
2009-02-01 18:03 . 2009-02-03 21:05	<DIR>	d--h-----	c:\documents and settings\NetworkService\Configurações locais
2009-02-01 18:03 . 2009-02-01 18:03	<DIR>	d--------	c:\documents and settings\LocalService\Dados de aplicativos
2009-02-01 18:03 . 2009-02-03 21:05	<DIR>	d--h-----	c:\documents and settings\LocalService\Configurações locais
2009-02-01 18:03 . 2009-02-01 18:03	<DIR>	d--hs----	c:\documents and settings\LocalService
2009-02-01 18:03 . 2009-02-01 18:03	8,192	--a------	c:\windows\REGLOCS.OLD
2009-02-01 18:02 . 2009-02-01 17:56	<DIR>	d--h-----	c:\windows\system32\config\systemprofile\Modelos
2009-02-01 18:02 . 2009-02-01 17:45	<DIR>	d--------	c:\windows\system32\config\systemprofile\Meus documentos
2009-02-01 18:02 . 2009-02-01 17:45	<DIR>	dr-------	c:\windows\system32\config\systemprofile\Menu Iniciar
2009-02-01 18:02 . 2009-02-01 17:45	<DIR>	d--------	c:\windows\system32\config\systemprofile\Favoritos
2009-02-01 18:02 . 2009-02-01 17:45	<DIR>	dr-h-----	c:\windows\system32\config\systemprofile\Dados de aplicativos
2009-02-01 18:02 . 2009-02-03 21:05	<DIR>	dr-h-----	c:\windows\system32\config\systemprofile\Configurações locais
2009-02-01 18:02 . 2009-02-01 17:45	<DIR>	d--h-----	c:\windows\system32\config\systemprofile\Ambiente de rede
2009-02-01 18:02 . 2009-02-01 17:45	<DIR>	d--h-----	c:\windows\system32\config\systemprofile\Ambiente de impressão
2009-02-01 18:02 . 2009-02-01 18:03	<DIR>	d--hs----	c:\documents and settings\NetworkService
2009-02-01 18:02 . 2008-04-14 12:00	28,288	--a--c---	c:\windows\system32\dllcache\xjis.nls
2009-02-01 18:00 . 2009-02-01 18:00	<DIR>	d--------	c:\windows\system32\xircom
2009-02-01 18:00 . 2009-02-01 18:00	<DIR>	d--------	c:\arquivos de programas\microsoft frontpage

.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 17:58	---------	d-----w	c:\arquivos de programas\Serviços on-line
2009-02-01 17:58	---------	d-----w	c:\arquivos de programas\Arquivos comuns\Serviços
2008-04-14 12:00	165,141	--sha-r	c:\windows\system32\zejffy.dll
.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-02 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-28 13529088]
"SynTPStart"="c:\arquivos de programas\Synaptics\SynTP\SynTPStart.exe" [2007-08-16 102400]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]
"DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-11 53248]
"nwiz"="nwiz.exe" [2008-03-28 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\David\Menu Iniciar\Programas\Inicializar\
Adobe Media Player.lnk - c:\arquivos de programas\Adobe Media Player\Adobe Media Player.exe [2/2/2009 01:31:06 261120]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
HotKeyDriver.lnk - c:\arquivos de programas\HotKey_Driver\HotKeyDriver.exe [1/2/2009 18:15:14 3641344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1755:TCP"= 1755:TCP:lxyzqxj
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S2 tbvdbni;Boot Shell;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 12:00:00 14336]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [1/2/2009 19:03:03 288000]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
tbvdbni
.
.
------- Scan Suplementar -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {23842016-5725-42A1-B397-5AA94741DB3C} = 212.55.154.174 10.11.12.14
TCP: {2EEEA62F-145B-4710-B2A1-7E12FB445517} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\David\Dados de aplicativos\Mozilla\Firefox\Profiles\gyopmgaj.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 21:05:45
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ... 

Procurando entradas auto inicializáveis ocultas ... 

Procurando ficheiros/arquivos ocultos ... 

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tbvdbni]
"ServiceDll"="c:\windows\system32\zejffy.dll"
.
Tempo para conclusão: 2009-02-03 21:06:28
ComboFix-quarantined-files.txt  2009-02-03 21:06:26
ComboFix2.txt  2009-02-03 20:23:04
ComboFix3.txt  2009-02-02 19:13:59

Pré-execução: 10 pasta(s) 315.014.819.840 bytes disponíveis
Pós execução: 10 pasta(s) 315,007,426,560 bytes disponíveis

165
david06 is offline   Reply With Quote
Old 04-02-2009, 09:03 AM   #286
Newbie
 
Join Date: Feb 2009
Posts: 4
Thanks: 2
Thanked 0 Times in 0 Posts
Rep Power: 0 MOBAJOBG is an unknown quantity at this point


OS: Windows 98 / Windows ME Windows XP


Talking Re: Cannot access Antivirus Sites/Google/Avast etc.
Quote:
Originally Posted by bakuryu View Post
Thanks, superbakuryu for the additional guidance. I've managed to delete the gmbbqpw.dll with Read-only, Archive, System & Hidden attribute by granting permission. FixDownadup.exe was executed with success.

1. Based on superStrider's advice, vvtvrbue and zjbieyc value data entries have been purged from [HKEY_LOCAL_MACHINE\SOFTWARE\Microsft\Windows NT\CurrentVersion\SvcHost\netsvcs].
2. As a matter of extra precaution, I'd removed [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\v vtvrbue], [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\z jbieyc], [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\v vtvrbue] and [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\z jbieyc] by granting permission.
3. Finally, to complete the procedures [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_VVTVRBUE], [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_ZJBIEYC], [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_VVTVRBUE], [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_ZJBIEYC] were removed by granting permission.

Conclusion: My FireFox 3.0.5 browser can already connect to the anti-virus sites after having performed superStrider's approach but the huge difference now is, I can access those sites faster by at least 2.5 times.


Code:
ComboFix 09-02-02.04 - Administrator 2009-02-04 10:40:42.13 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.823 [GMT 8:00]
Running from: c:\documents and settings\Muhammad Ong\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Muhammad Ong\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
FW: Norton AntiVirus *enabled*
.

(((((((((((((((((((((((((   Files Created from 2009-01-04 to 2009-02-04  )))))))))))))))))))))))))))))))
.

2009-02-04 07:37 . 2009-02-04 07:37    <DIR>    d--------    c:\documents and settings\Administrator
2009-02-03 16:52 . 2009-02-03 19:16    <DIR>    d--------    c:\program files\Spybot - Search & Destroy
2009-02-03 14:12 . 2009-02-03 14:12    145    --a------    c:\windows\Shortcut to CD Drive.lnk
2009-02-03 13:15 . 2009-02-03 13:16    4,507    --a------    c:\windows\imsins.BAK
2009-02-03 12:34 . 2009-02-03 12:34    <DIR>    d--------    c:\program files\CCleaner
2009-02-03 11:33 . 2009-02-03 11:33    <DIR>    d--h-----    c:\windows\PIF
2009-02-03 10:40 . 2009-02-03 17:17    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-03 09:51 . 2009-02-03 09:51    <DIR>    d--------    C:\!KillBox
2009-02-03 02:22 . 2009-02-03 02:22    <DIR>    d--------    c:\program files\Windows Installer Clean Up
2009-02-03 02:21 . 2009-02-03 02:21    <DIR>    d--------    c:\program files\MSECACHE
2009-02-02 09:46 . 2008-09-20 00:37    121,856    --a------    c:\windows\system32\schtasks.exe
2009-02-01 22:25 . 2009-02-01 22:25    <DIR>    d--------    c:\program files\DFX
2009-02-01 17:01 . 2009-02-01 17:01    724,992    --a------    c:\windows\iun6002.exe
2009-02-01 15:20 . 2009-02-02 00:21    <DIR>    d-a------    c:\documents and settings\All Users\Application Data\TEMP
2009-02-01 15:20 . 2006-09-28 16:05    2,414,360    --a------    c:\windows\system32\d3dx9_31.dll
2009-01-31 06:40 . 2009-02-04 07:47    <DIR>    d--------    c:\program files\HyCam2
2009-01-25 00:23 . 2009-01-25 00:23    <DIR>    d--------    c:\program files\Asteroids Extreme
2009-01-21 01:35 . 2009-01-21 01:35    <DIR>    d--------    c:\documents and settings\Muhammad Ong\Application Data\dvdcss
2009-01-18 11:55 . 2006-03-29 08:50    671,744    --a------    c:\windows\system32\DolbyHph.dll
2009-01-18 11:55 . 2006-03-29 08:51    60,416    --a------    c:\windows\system32\DSETUP.dll
2009-01-18 11:55 . 2006-03-29 08:49    9,856    --a------    c:\windows\system32\drivers\pfc.sys
2009-01-18 10:59 . 2007-07-26 09:25    47,360    -ra------    c:\windows\system32\drivers\Surroundhp_kern_i386.sys
2009-01-18 10:59 . 2007-07-26 09:25    47,104    -ra------    c:\windows\system32\drivers\tshd4_kern_i386.sys
2009-01-18 10:59 . 2007-07-26 09:25    42,112    -ra------    c:\windows\system32\drivers\csiidecoder_kern_i386.sys
2009-01-18 10:59 . 2007-07-26 09:25    39,808    -ra------    c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2009-01-18 10:59 . 2007-07-26 09:25    32,000    -ra------    c:\windows\system32\drivers\wowhd_kern_i386.sys
2009-01-18 10:17 . 2009-01-18 10:17    <DIR>    d--------    c:\program files\Common Files\DFX
2009-01-18 10:17 . 2009-01-18 10:17    <DIR>    d--------    c:\documents and settings\All Users\Application Data\DFX
2009-01-18 09:24 . 2009-01-18 09:34    <DIR>    d--------    c:\documents and settings\Muhammad Ong\Application Data\vlc
2009-01-17 19:16 . 2009-01-17 19:16    <DIR>    d--------    c:\windows\system32\scripting
2009-01-17 19:16 . 2009-01-17 19:16    <DIR>    d--------    c:\windows\system32\en
2009-01-17 19:16 . 2009-01-17 19:16    <DIR>    d--------    c:\windows\system32\bits
2009-01-17 19:16 . 2009-01-17 19:16    <DIR>    d--------    c:\windows\l2schemas
2009-01-17 19:15 . 2009-01-17 19:15    <DIR>    d--------    c:\windows\ServicePackFiles
2009-01-17 19:10 . 2009-01-17 19:10    <DIR>    d--------    c:\windows\EHome
2009-01-17 18:11 . 2009-01-17 18:10    5,154,304    --a------    c:\windows\WindowsDefender.msi
2009-01-17 18:05 . 2009-01-17 18:04    894,504    --a------    c:\windows\WGAPluginInstall.exe
2009-01-17 17:50 . 2009-01-17 17:44    9,237,440    --a------    c:\windows\system32\windows-kb890830-v2.6.exe
2009-01-11 09:55 . 2009-01-11 09:55    <DIR>    d--------    c:\documents and settings\Muhammad Ong\Application Data\ImgBurn
2009-01-11 08:36 . 2009-01-11 08:36    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Winferno
2009-01-11 08:34 . 2009-01-11 08:34    <DIR>    d--------    c:\program files\VideoLAN
2009-01-11 08:31 . 2006-07-24 08:56    212,240    --a------    c:\windows\system32\Richtx32.ocx
2009-01-10 14:30 . 2009-01-10 14:18    <DIR>    d--------    c:\program files\AviSynth 2.5
2009-01-10 14:30 . 2004-02-22 10:11    719,872    --a------    c:\windows\system32\devil.dll
2009-01-10 14:30 . 2007-05-17 17:30    318,976    --a------    c:\windows\system32\avisynth.dll
2009-01-10 14:30 . 2005-02-13 07:00    186,880    -r-hs----    c:\windows\system32\RLOgg.ax
2009-01-10 14:30 . 2005-01-18 07:26    179,200    -r-hs----    c:\windows\system32\DiracSplitter.ax
2009-01-10 14:30 . 2006-08-16 22:53    175,104    -r-hs----    c:\windows\system32\CoreAAC.ax
2009-01-10 14:30 . 2005-02-06 07:00    92,672    -r-hs----    c:\windows\system32\RLVorbisDec.ax
2009-01-10 14:30 . 2005-02-23 00:55    81,920    -r-hs----    c:\windows\system32\aac_parser.ax
2009-01-10 14:30 . 2005-02-13 07:00    67,584    -r-hs----    c:\windows\system32\RLTheoraDec.ax
2009-01-10 14:30 . 2005-02-13 07:00    51,712    -r-hs----    c:\windows\system32\RLSpeexDec.ax
2009-01-10 14:18 . 2009-01-10 14:18    <DIR>    d--------    c:\program files\Common Files\DVDVideoSoft

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 14:38    ---------    d--h--w    c:\program files\InstallShield Installation Information
2009-01-27 16:20    ---------    d-----w    c:\documents and settings\Muhammad Ong\Application Data\AdobeUM
2008-12-13 06:40    3,593,216    ----a-w    c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57    333,952    ----a-w    c:\windows\system32\drivers\srv.sys
2008-12-11 10:57    333,952    ------w    c:\windows\system32\dllcache\srv.sys
2008-12-05 02:20    20,747    ----a-w    c:\windows\system32\drivers\AegisP.sys
2008-12-05 02:20    ---------    d-----w    c:\program files\Linksys
2006-10-17 06:16    67,248    -c--a-w    c:\documents and settings\Muhammad Ong\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-01 180269]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"CHotkey"="c:\apps\Chicony\chicony.bat" [2005-09-28 54]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-06 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-06 155648]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 c:\windows\SoundMan.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\Logi_MwX.Exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 c:\windows\ALCWZRD.EXE]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5805:TCP"= 5805:TCP:*:Disabled:Unspecified

R3 HabuFltr;Habu Mouse;c:\windows\system32\drivers\habu.sys [2007-09-29 27776]
R3 SaiHF51A;SaiHF51A;c:\windows\system32\drivers\SaiHF51A.sys [2008-09-07 135048]
R3 SaiUF51A;SaiUF51A;c:\windows\system32\drivers\SaiUF51A.sys [2008-09-07 28544]
S3 WLANFVNETusb(505_2958)(R);WLAN FVNETusb(505_2958)(R) Service for USB Wireless LAN Card;c:\windows\system32\drivers\ainu58x.sys [2003-05-30 98304]
.
Contents of the 'Scheduled Tasks' folder

2005-12-21 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-14 08:12]
.
.
------- Supplementary Scan -------
.
TCP: {F2AD83C7-72F0-48AB-A3B3-1F8E984A0964} = 202.188.0.133,202.188.1.5
FF - ProfilePath - 
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 10:42:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-04 10:44:25
ComboFix-quarantined-files.txt  2009-02-04 02:44:24
ComboFix2.txt  2009-02-04 01:58:41
ComboFix3.txt  2009-02-04 01:14:24
ComboFix4.txt  2009-02-03 17:05:55
ComboFix5.txt  2009-02-04 02:40:06

Pre-Run: 52,988,440,576 bytes free
Post-Run: 52,971,933,696 bytes free

138    --- E O F ---    2009-01-19 22:56:55
Last edited by MOBAJOBG; 04-02-2009 at 09:27 AM..
MOBAJOBG is offline   Reply With Quote
Old 04-02-2009, 09:55 AM   #287
Founder
 
Strider's Avatar
 
Join Date: Nov 2005
Location: The Last City Zion!
Posts: 3,873
Thanks: 369
Thanked 409 Times in 354 Posts
Rep Power: 67 Strider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just Great


OS: Windows XP Windows Server 2003 / Windows Server 2008 Windows Vista Windows 7 Linux


Re: Cannot access Antivirus Sites/Google/Avast etc.
@Ace:

After running Ccleaner, disable AVG's Resident Protection (or just turn off all AVG's protection) and run Combofix.
Strider is offline   Reply With Quote
Old 04-02-2009, 10:02 AM   #288
Founder
 
Strider's Avatar
 
Join Date: Nov 2005
Location: The Last City Zion!
Posts: 3,873
Thanks: 369
Thanked 409 Times in 354 Posts
Rep Power: 67 Strider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just Great


OS: Windows XP Windows Server 2003 / Windows Server 2008 Windows Vista Windows 7 Linux


Re: Cannot access Antivirus Sites/Google/Avast etc.
@david06:

Quote:
i cant delete tbvdbni
You mean, you can't delete a registry entry. Are you sure you're doing these steps in Safe Mode? They won't work if you do in normal mode.


Quote:
NameServer = 208.67.222.222,208.67.220.220
NameServer = 212.55.154.174 10.11.12.14
Are these IPs belongs to your ISP?
Strider is offline   Reply With Quote
Old 04-02-2009, 10:06 AM   #289
Founder
 
Strider's Avatar
 
Join Date: Nov 2005
Location: The Last City Zion!
Posts: 3,873
Thanks: 369
Thanked 409 Times in 354 Posts
Rep Power: 67 Strider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just GreatStrider is just Great


OS: Windows XP Windows Server 2003 / Windows Server 2008 Windows Vista Windows 7 Linux


Re: Cannot access Antivirus Sites/Google/Avast etc.
@MOBAJOBG: Excellent mate. So, what are the problems left now?
Strider is offline   Reply With Quote
Old 04-02-2009, 10:43 AM   #290
Junior Member (25+)
 
Join Date: Jan 2009
Posts: 47
Thanks: 3
Thanked 0 Times in 0 Posts
Rep Power: 0 Speedgraphic is an unknown quantity at this point


OS: Windows XP


Re: Cannot access Antivirus Sites/Google/Avast etc.
OK. I did as Bakuyru said and ran Kaspersky. However, I ran a scan but I could not activate it or update it, as with AVG, nether can access their own websites, I can't access them with Firefox ether.

Her is what kaspersky turned up:
Code:
2/3/2009 8:57:32 PM	Task started	
2/3/2009 8:58:55 PM	Detected: Viruslist.com - Sun Java JDK / JRE Multiple Vulnerabilities	c:\program files\java\jre1.5.0_07\bin\javaws.exe	
2/3/2009 8:58:55 PM	Detected: Viruslist.com - Apple QuickTime Multiple Vulnerabilities	c:\program files\quicktime\quicktimeplayer.exe	
2/3/2009 8:58:56 PM	Detected: Viruslist.com - Winamp "NowPlaying" Unspecified Vulnerability	c:\program files\winamp\winamp.exe	
2/3/2009 8:58:58 PM	Detected: Viruslist.com - Apple iTunes "covr" Atom Buffer Overflow Vulnerability	c:\program files\itunes\itunes.exe	
2/3/2009 8:59:26 PM	Detected: Viruslist.com - Sun Java JDK / JRE Multiple Vulnerabilities	c:\windows\system32\java.exe	
2/3/2009 9:00:01 PM	Task stopped	
2/3/2009 9:00:42 PM	Task started	
2/3/2009 9:06:52 PM Detected: Exploit.Java.Gimsh.b c:\Documents and Settings\Jerks\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4a5d57d0-1e91c3db.zip/vmain.class 
2/3/2009 9:06:52 PM Untreated: Exploit.Java.Gimsh.b c:\Documents and Settings\Jerks\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4a5d57d0-1e91c3db.zip/vmain.class Postponed 
2/3/2009 9:06:53 PM Detected: Exploit.Java.Gimsh.a c:\Documents and Settings\Jerks
2/3/2009 9:33:47 PM Detected: Viruslist.com - Apple QuickTime Multiple Vulnerabilities c:\program files\quicktime\PictureViewer.Resources\de.lproj\PictureViewerLocalized.qtr

And HJT:

L
Code:
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:27 PM, on 2/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jerks\Desktop\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194607305656
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: G,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 11222 bytes

Sorry for the long post. Any advice?

Thanks in advance.
Last edited by Strider; 04-02-2009 at 11:40 AM..
Speedgraphic is offline   Reply With Quote
Reply
Page 29 of 84 « First 192728 29 30313979 Last »

Tags
antivirus, cleanup, infection, virus, virus removal

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode



< Home - Windows Help - MS Office Help - Hardware Support >


New To Site? Need Help?

All times are GMT +5.5. The time now is 05:26 AM.

Contact Us - TechTalkz.com Technology & Computer Troubleshooting Forums - Top

vBulletin, Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright © 2005-2010, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional