TechTalkz.com Logo Ask the Expert

Go Back   TechTalkz.com Technology & Computer Troubleshooting Forums > Tech World > Computer Security
Reload this Page Cannot access Antivirus Sites/Google/Avast etc.
Register Forum Rules Getting Started! - Guide Blog Videos Gallery Members List Social Groups Mark Forums Read

Notices

Cannot access Antivirus Sites/Google/Avast etc.

Computer Security


Reply
Page 52 of 84 « First 2425051 52 535462 Last »
 
Thread Tools Display Modes
Old 27-03-2009, 12:48 PM   #511
Newbie
 
Join Date: Mar 2009
Posts: 2
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0 amon-r3 is an unknown quantity at this point


OS: Windows XP


Re: Cannot access Antivirus Sites/Google/Avast etc.
i have cured myself from this virus haha...finally...
all i have to do is uninstall the previous antivirus that is bitdefender...and install AntiVir Personal 9.0.0.386(freeware) and bingo the virus was detected and my day was saved...
but before u download the avira, make sure you can access the
Free antivirus - Avira AntiVir
website..if you cannot access than u cannot cure it with avira...but if u can..than download and update and scan ur pc..it seems that i was affected by Trojan.Crypt.XPACK.Gen
and it was hidden under the system32 file name c:\windows\system32\frdnpfm.dll

than after the avira quarentined the file...i was freeeeeeeeeeeeee from this stupid virus yeahhh
amon-r3 is offline   Reply With Quote
Old 28-03-2009, 12:12 AM   #512
ƒ(ψ)=ΘΊΧφ
 
bakuryu's Avatar
 
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87 bakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant future


OS: Windows XP Windows Vista Windows 7


Send a message via Yahoo to bakuryu
Re: Cannot access Antivirus Sites/Google/Avast etc.
That's great to see it's automatically removed.

Also close port 8790
Code:
netsh firewall set portopening protocol=TCP port=8790 scope=ALL profile=ALL
__________________
Please don't click here
bakuryu is offline   Reply With Quote
Thanked Users:
amon-r3 (28-03-2009)
Old 28-03-2009, 03:55 AM   #513
Newbie
 
Join Date: Mar 2009
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0 gpdude is an unknown quantity at this point


OS: Windows Vista


Re: Cannot access Antivirus Sites/Google/Avast etc.
I too am having a problem accessing antivirus websites or updating , here is my hyjack this log, hope u can help

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:20 PM, on 27/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\mobsync.exe
C:\Users\Owner\AppData\Roaming\Maxthon\Maxthon.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\downloads 2\HJT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | Compaq
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = myAOL | Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://*.eset.com
O15 - Trusted Zone: Facebook | Welcome to Facebook
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - 
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - 
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/reso...PUplden-ca.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - 
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - 
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - 
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - 
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F46CAD42-4C01-4CCE-81B8-8775DAFF13A3}: NameServer = 85.255.112.195,85.255.112.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.195,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.195,85.255.112.14
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 8965 bytes
Last edited by bakuryu; 28-03-2009 at 10:58 AM..
gpdude is offline   Reply With Quote
Old 28-03-2009, 11:08 AM   #514
ƒ(ψ)=ΘΊΧφ
 
bakuryu's Avatar
 
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87 bakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant future


OS: Windows XP Windows Vista Windows 7


Send a message via Yahoo to bakuryu
Re: Cannot access Antivirus Sites/Google/Avast etc.
Your log file seems ok.
There are some ActiveX entries which you can fix.
Code:
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} -
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} -
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} -
If you have not added Facebook to trusted sites you can fix this entry too.
Code:
O15 - Trusted Zone: Facebook | Welcome to Facebook
Make sure these are your correct settings for DNS servers : 85.255.112.195,85.255.112.14

Run Combofix and post a log file.
And make sure you have installed this patch : http://www.microsoft.com/technet/sec.../MS08-067.mspx
bakuryu is offline   Reply With Quote
Old 28-03-2009, 06:54 PM   #515
Newbie
 
Join Date: Mar 2009
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0 gpdude is an unknown quantity at this point


OS: Windows Vista


Re: Cannot access Antivirus Sites/Google/Avast etc.
I checked my windows install log and the patch was there-here is the combofix log

Code:
ComboFix 09-03-27.02 - Owner 2009-03-28  7:16:29.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3582.2121 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
 * Created a new restore point
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Owner\AppData\Roaming\inst.exe
c:\windows\2.bat
c:\windows\system32\404Fix.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gaopdxserv.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gaopdxcounter
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
(((((((((((((((((((((((((   Files Created from 2009-02-28 to 2009-03-28  )))))))))))))))))))))))))))))))
.
2009-03-27 17:28 . 2009-03-27 17:28 <DIR> d-------- c:\users\All Users\Avira
2009-03-27 17:28 . 2009-03-27 17:28 <DIR> d-------- c:\programdata\Avira
2009-03-27 17:28 . 2009-03-27 17:28 <DIR> d-------- c:\program files\Avira
2009-03-27 17:28 . 2009-02-13 11:31 55,640 --a------ c:\windows\System32\drivers\avgntflt.sys
2009-03-27 15:50 . 2009-03-27 15:50 <DIR> d-------- c:\users\All Users\ESET
2009-03-27 15:50 . 2009-03-27 15:50 <DIR> d-------- c:\programdata\ESET
2009-03-27 15:50 . 2009-03-27 15:50 <DIR> d-------- c:\program files\ESET
2009-03-27 07:34 . 2009-03-27 07:34 <DIR> d-------- c:\program files\Alwil Software
2009-03-26 21:37 . 2009-03-26 21:37 <DIR> d-------- C:\AVGTemp
2009-03-26 03:01 . 2009-03-26 03:50 <DIR> d-------- c:\users\Owner\AppData\Roaming\DC++
2009-03-18 19:34 . 2009-03-18 19:34 <DIR> d-------- c:\users\All Users\FLEXnet
2009-03-18 19:34 . 2009-03-18 19:34 <DIR> d-------- c:\programdata\FLEXnet
2009-03-17 15:22 . 2009-03-17 15:22 <DIR> d-------- c:\users\Owner\AppData\Roaming\ScreenSeven
2009-03-17 15:09 . 2009-03-17 15:10 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-17 15:09 . 2008-11-06 10:37 3,596,288 --a------ c:\windows\System32\qt-dx331.dll
2009-03-17 15:09 . 2008-09-24 12:41 839,680 --a------ c:\windows\System32\lameACM.acm
2009-03-17 15:09 . 2008-12-07 12:08 795,648 --a------ c:\windows\System32\xvidcore.dll
2009-03-17 15:09 . 2008-11-06 10:33 684,032 --a------ c:\windows\System32\divx.dll
2009-03-17 15:09 . 2004-01-25 10:18 217,088 --a------ c:\windows\System32\yv12vfw.dll
2009-03-17 15:09 . 2008-12-07 12:08 130,048 --a------ c:\windows\System32\xvidvfw.dll
2009-03-17 15:09 . 2007-09-20 18:52 118,784 --a------ c:\windows\System32\ac3acm.acm
2009-03-17 15:09 . 2008-12-10 18:33 86,016 --a------ c:\windows\System32\dpl100.dll
2009-03-17 15:09 . 2009-02-09 12:56 67,584 --a------ c:\windows\System32\ff_vfw.dll
2009-03-17 15:09 . 2007-07-10 10:10 547 --a------ c:\windows\System32\ff_vfw.dll.manifest
2009-03-17 15:09 . 2008-10-03 06:30 414 --a------ c:\windows\System32\lame_acm.xml
2009-03-12 16:34 . 2009-03-25 23:56 <DIR> d-------- c:\windows\LastGood
2009-03-12 12:46 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-03-12 12:46 . 2009-01-15 12:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-03-12 12:45 . 2009-03-12 12:46 <DIR> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 12:45 . 2009-03-12 12:46 <DIR> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 12:45 . 2009-03-12 12:46 <DIR> d-------- c:\program files\iTunes
2009-03-12 12:45 . 2009-03-12 12:45 <DIR> d-------- c:\program files\iPod
2009-03-12 12:42 . 2009-03-12 12:42 <DIR> d-------- c:\program files\Bonjour
2009-03-12 12:41 . 2009-03-12 12:42 <DIR> d-------- c:\program files\QuickTime
2009-03-12 12:39 . 2009-03-12 12:39 <DIR> d-------- c:\windows\LastGood.Tmp
2009-03-10 20:53 . 2008-12-15 21:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-10 20:53 . 2008-12-15 23:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-10 20:53 . 2008-12-15 23:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-10 20:53 . 2008-12-15 23:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-10 20:52 . 2009-02-08 21:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-10 20:52 . 2008-11-26 22:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-08 20:31 . 2009-03-08 20:32 <DIR> d-------- c:\program files\RivaTuner v2.24
2009-03-08 16:17 . 2009-03-08 16:18 <DIR> d-------- c:\program files\NVIDIA Corporation
2009-03-08 15:58 . 2009-03-08 15:58 197 --a------ c:\windows\ODBCINST.INI
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 03:58 --------- d-----w c:\program files\Autorun Eater
2009-03-27 21:29 --------- d-----w c:\program files\CustomXML
2009-03-27 13:47 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-27 13:45 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-27 13:26 --------- d-----w c:\programdata\avg8
2009-03-27 13:08 --------- d-----w c:\users\Owner\AppData\Roaming\uTorrent
2009-03-27 02:25 --------- d-----w c:\users\Owner\AppData\Roaming\Vso
2009-03-26 09:01 --------- d-----w c:\program files\DC++
2009-03-18 06:26 --------- d-----w c:\users\Owner\AppData\Roaming\Corel
2009-03-17 21:18 --------- d-----w c:\program files\Games
2009-03-14 21:34 --------- d-----w c:\users\Owner\AppData\Roaming\JewelMatch2
2009-03-12 23:11 --------- d-----w c:\programdata\NVIDIA
2009-03-12 22:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-12 22:17 --------- d-----w c:\users\Owner\AppData\Roaming\FrostWire
2009-03-12 18:45 --------- d-----w c:\program files\Common Files\Apple
2009-03-11 09:07 --------- d-----w c:\program files\Windows Mail
2009-03-11 09:01 --------- d-----w c:\programdata\Microsoft Help
2009-03-11 08:20 --------- d-----w c:\program files\a-squared Free
2009-03-08 22:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-08 21:46 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 22:09 --------- d-----w c:\program files\Trillian
2009-02-26 22:09 --------- d-----w c:\program files\MessengerDiscovery
2009-02-26 22:08 --------- d-----w c:\program files\Microsoft
2009-02-24 14:14 --------- d-----w c:\users\Owner\AppData\Roaming\Alawar
2009-02-22 02:45 --------- d-----w c:\programdata\WildTangent
2009-02-22 02:44 --------- d-----w c:\program files\WildGames
2009-02-20 22:59 --------- d-----w c:\program files\AVG
2009-02-20 15:21 --------- d-----w c:\users\Owner\AppData\Roaming\Malwarebytes
2009-02-20 15:21 --------- d-----w c:\programdata\Malwarebytes
2009-02-20 15:21 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-20 14:58 --------- d-----w c:\program files\Western Digital
2009-02-20 05:14 --------- d-----w c:\program files\Oxford Semiconductor
2009-02-19 22:21 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-19 22:21 --------- d-----w c:\program files\Common Files\Adobe
2009-02-11 17:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 17:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 05:27 --------- d-----w c:\program files\CCleaner
2009-02-07 01:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-07 00:49 --------- d-----w c:\users\Owner\AppData\Roaming\TrueCrypt
2009-02-07 00:47 215,872 ----a-w c:\windows\system32\drivers\truecrypt.sys
2009-01-30 04:22 --------- d-----w c:\program files\FreePOPs
2009-01-15 15:19 135,168 ----a-w c:\windows\System32\nvcod137.dll
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2009-01-07 22:20 36,896 ----a-w c:\windows\nvflash.sys
2009-01-07 18:28 453,152 ----a-w c:\windows\System32\nvuninst.exe
2009-01-06 21:51 36,640 ----a-w c:\windows\nvoclock.sys
2009-01-06 21:47 430,080 ----a-w c:\windows\ntuneoem.dll
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
2008-10-14 22:52 691 ----a-w c:\users\Owner\AppData\Roaming\GetValue.vbs
2008-10-14 22:52 35 ----a-w c:\users\Owner\AppData\Roaming\SetValue.bat
2008-05-15 18:37 174 --sha-w c:\program files\desktop.ini
2008-03-21 01:08 476,752 ----a-w c:\users\All Users\pswi_preloaded.exe
2008-03-21 01:08 476,752 ----a-w c:\programdata\pswi_preloaded.exe
2008-01-12 03:41 0 ----a-w c:\users\Owner\AppData\Roaming\wklnhst.dat
2008-01-12 01:21 47,360 ----a-w c:\users\Owner\AppData\Roaming\pcouffin.sys
2004-02-01 01:54 331,776 ----a-w c:\windows\inf\pdfinst2.exe
2008-03-11 18:56 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-03-11 18:56 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2008-03-21 01:01 8 --sha-r c:\windows\System32\E63F32AC2E.sys
2008-04-07 23:50 2,516 --sha-w c:\windows\System32\KGyGaAvL.sys
2008-03-30 20:54 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008033020080331\index.dat
2008-03-30 20:54 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-10-24 450560]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 92704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2008-11-27 501768]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
backup=c:\windows\pss\Memeo AutoSync Launcher.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad Muncher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wallpaper Manager
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00ERSRRRNKY]
--a------ 2006-12-28 17:25 1333760 c:\program files\Evidence Exterminator\eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
--a------ 2008-11-03 01:03 2780816 c:\program files\a-squared Anti-Malware\a2guard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2009-03-06 00:50 177472 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-08-04 13:32 289088 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
--a------ 2008-05-19 08:57 1400832 c:\program files\Curse\CurseClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-18 23:33 125952 c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 15:22 3739648 c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 19:10 1688872 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
--a------ 2007-03-07 12:09 44168 c:\windows\SMINST\Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2008-02-13 14:02 564496 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-02-13 14:06 2196240 c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2009-02-06 19:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2009-02-18 14:44 92704 c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2009-02-18 14:44 641568 c:\windows\System32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
--a------ 2007-03-02 15:55 1441792 c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TelusWCC_McciTrayApp]
--a------ 2006-03-10 12:01 543232 c:\program files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TELUS_McciTrayApp]
--a------ 2007-10-08 00:16 1462272 c:\program files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TEPA.exe]
--a------ 2007-05-14 10:10 2061816 c:\program files\TELUS\eProtect Advisor\TEPA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-08-17 12:59 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
--a------ 2008-10-24 12:09 450560 c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-18 23:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-12-17 18:13 3810544 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"00ERSRRRNKY"=c:\program files\Evidence Exterminator\eraser.exe
"<NO NAME>"=
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6894A267-4F09-4096-9B8B-D19B695A2BC4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E595F676-819A-4A9E-903E-F8FE8F6DA226}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CC1479A2-2D5A-4A47-9C34-6EB79C4F58D9}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2A096714-926A-4A20-B925-7A477A9B4BD2}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F50D91D6-1635-410F-A09A-7EA961120D7B}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{00B1CDBF-BE89-42D1-8BDC-7C1454D6E266}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FCB0EA8D-48CB-4D34-9F8F-87AD290CFAAC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{52F9E929-4DD6-47E4-A1B1-B142699F67A1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{7766CF62-D330-4883-A70A-E2C106FF1E60}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{C87125E2-8ED0-48AE-A49A-AB480661A721}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{87B9183E-72A3-4F1F-9AB7-275B6ADE8B24}"= UDP:c:\world of warcraft\Launcher.exe:World of Warcraft
"{4642969E-C88F-4E98-A98C-382C153BFDF7}"= TCP:c:\world of warcraft\Launcher.exe:World of Warcraft
"{AA136A6D-0972-4446-BBD4-2DF0F3EF54D2}"= UDP:6112:bliz
"{1B4DA07B-A01A-417C-880A-CB8A2D8D8E6C}"= UDP:6999:bliz
"{B1D3B760-2162-4044-9494-6F98DA9EDB6E}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{36D3DB6C-3BA8-44B4-8350-EF959588718C}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{36C751DA-ACE3-42D5-859E-6F2DB9DA3C1C}"= UDP:49482:Utorrent 49482
"{816496ED-7F0C-41AB-B4E4-26650ECB9304}"= UDP:6889:utorrent 6889
"{B227662B-EF36-4F09-A033-737644047846}"= TCP:6889:utorrent
"{09EF62D3-B623-4AD6-88C3-21EEAADB5D09}"= UDP:6881:utorrent 6881
"{838720DE-53DF-465D-A868-C3F0104AAEF1}"= UDP:60065:utorrent
"{5D192F6D-FC9E-4C1E-97D3-1625566AC6DE}"= TCP:60065:utorrent
"{6DF198A3-C0C7-41BB-878C-5868E218FED0}"= UDP:55641:utorrent 55641
"{1B460449-F806-4F8E-801C-99DF5667907C}"= TCP:55641:utorrent 55641
"{9DB27ECD-539C-4C00-B8D7-EED58AD0F69A}"= UDP:c:\program files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{052D2DC3-2C16-4D63-B2F0-1DE4290F2DD0}"= TCP:c:\program files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{EBE71B02-4309-46FF-B048-852F68A9ECA0}"= Disabled:UDP:c:\program files\K-Lite Codec Pack\Filters\ac3config.exe:AC3Filter
"{DD9E3E85-06DC-40F0-BFDB-D3511479C649}"= Disabled:TCP:c:\program files\K-Lite Codec Pack\Filters\ac3config.exe:AC3Filter
"{01443231-3833-47DE-8DD7-D940E80A9D9B}"= Disabled:UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{819AC7E9-D8F0-49D0-A20F-8AD7F2BBE3B6}"= Disabled:TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{C52F0CEC-F7F3-45E3-BFE0-D2D31E941104}c:\\users\\owner\\appdata\\roaming\\maxthon\\maxthon.exe"= UDP:c:\users\owner\appdata\roaming\maxthon\maxthon.exe:maxthon.exe
"UDP Query User{2A022B55-F2E5-4695-960F-5F75748D000D}c:\\users\\owner\\appdata\\roaming\\maxthon\\maxthon.exe"= TCP:c:\users\owner\appdata\roaming\maxthon\maxthon.exe:maxthon.exe
"{F0D047A5-9DC4-4315-A12F-1EB51069B5E4}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{DA64BE51-90CD-4096-9BA6-CE00487468D7}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{6B99454F-7128-417B-9AB3-1450E4258913}c:\\world of warcraft\\repair.exe"= UDP:c:\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{3187E667-57C6-4F19-970D-57B1F0F0E1F3}c:\\world of warcraft\\repair.exe"= TCP:c:\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{289A3237-2367-4266-B3AE-C30A4338F0A5}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{861F2D80-9473-4263-A80E-CF8F8BCE49DB}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"{E6D2B877-BAA2-492E-99B3-38420BA44869}"= Disabled:UDP:c:\program files\Sony\EverQuest II\PlaytheFae.exe:EverQuest II Play the Fae
"{7230EC5B-DD5A-485E-B24E-6D2A01D26C8D}"= Disabled:TCP:c:\program files\Sony\EverQuest II\PlaytheFae.exe:EverQuest II Play the Fae
"TCP Query User{549DC533-BADC-4E81-9F39-17A6DDEC72DE}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{AF878FBB-5CFE-400F-A9FC-75D481A713E1}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{73DC445F-0101-4209-A89D-5FBD30805D22}"= UDP:c:\program files\Funcom\Age of Conan\ConanPatcher.exe:ConanPatcher
"{89B3F269-21FA-46B4-B621-D2D6281EC8CA}"= TCP:c:\program files\Funcom\Age of Conan\ConanPatcher.exe:ConanPatcher
"{0D3FDE01-7147-4F5A-AD58-B811CC3A311B}"= UDP:c:\program files\Funcom\Age of Conan\PatcherSetup.exe:PatcherSetup
"{0D5282EA-86BC-4E36-AC52-F03CAF1C44C1}"= TCP:c:\program files\Funcom\Age of Conan\PatcherSetup.exe:PatcherSetup
"{C7F38BC2-342B-42FA-BF0F-A8F866DDF8C5}"= UDP:c:\program files\Funcom\Age of Conan\AgeOfConan.exe:AgeOfConan
"{D28DDCD6-7175-4FA3-8B3C-CAC026A9E5A6}"= TCP:c:\program files\Funcom\Age of Conan\AgeOfConan.exe:AgeOfConan
"TCP Query User{E7C4AE72-8651-41E6-B56B-47A4AB3757CD}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian
"UDP Query User{E2FC2444-6F71-4CDB-926F-3286EF95494F}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian
"{E35F7F61-D36B-469D-8D1A-129DA12B475B}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{FE39903E-A371-4082-9E4D-84F8D9C2E0D9}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{8998D3FA-FA56-467C-AB2C-1632C86213A6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{45D7CB8F-0B0E-4C59-9546-B719628E9CBB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{4DF62835-0BEB-4ECA-9BCE-A5EDD6A048B1}"= UDP:C:3\System\Apps\A43CC63D-8C20-477e-9e7c-4863d3d4c010\Exec\htskapp.exe:htskapp.exe
"{8EE8B0DC-EB97-48FC-86AB-F7FCC21C83B3}"= TCP:C:3\System\Apps\A43CC63D-8C20-477e-9e7c-4863d3d4c010\Exec\htskapp.exe:htskapp.exe
"{FF1DD1A9-9B7D-4A9C-BC16-D4D622A1D341}"= UDP:C:4\System\Apps\A43CC63D-8C20-477e-9e7c-4863d3d4c010\Exec\htskapp.exe:htskapp.exe
"{FD0808A7-B4BE-4FA9-9FDB-D3E15784582A}"= TCP:C:4\System\Apps\A43CC63D-8C20-477e-9e7c-4863d3d4c010\Exec\htskapp.exe:htskapp.exe
"{ADAA99C3-3163-4007-908E-FBE3F79FF2D0}"= UDP:C:5\System\Apps\A43CC63D-8C20-477e-9e7c-4863d3d4c010\Exec\htskapp.exe:htskapp.exe
"{68315BAC-B4AB-43F3-9716-C8A37D766F2D}"= TCP:C:5\System\Apps\A43CC63D-8C20-477e-9e7c-4863d3d4c010\Exec\htskapp.exe:htskapp.exe
"{D8AC31DE-11C5-48FA-96CA-8A27DC8A1C3D}"= UDP:C:6\System\Apps\A43CC63D-8C20-477e-9e7c-4863d3d4c010\Exec\htskapp.exe:htskapp.exe
"{3BF5FE99-D37D-48C1-BA44-C361C6A43ABA}"= TCP:C:6\System\Apps\A43CC63D-8C20-477e-9e7c-4863d3d4c010\Exec\htskapp.exe:htskapp.exe
"{E3510D0E-511B-4EBF-8D86-713998449283}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{06D6C8DB-B4BF-4A82-AFC5-F12BD94FE65C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2D7BECDE-AEEE-4C3E-B536-C221B37EC992}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2E43AE52-2A6B-4C30-BAD3-5044ADB0D0CF}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{30E16E8D-522A-48B4-89F8-C787E55D2E7C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FF7B96E9-2D94-46DE-9E5C-F45D42EC99DE}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{65BBF1DC-83FE-4680-BD20-E212A6CBAEA3}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A1A0D847-42CD-4FEF-985C-BE32E665051C}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{7EAB6527-91D1-4762-BF08-46A3476C04E1}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{D57B5EDC-0857-4AEA-8617-BBE82A3F32C6}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{EFFD076B-4694-4584-B25D-05EF306B7610}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{5C74AA13-B01A-4C46-A5D6-97E74BF6C4D0}"= UDP:c:\program files\DC++\DCPlusPlus.exe:DC++
"{23038ABD-B29F-4A3E-B05A-9F0C2D7C1B60}"= TCP:c:\program files\DC++\DCPlusPlus.exe:DC++
"TCP Query User{0795621A-E26C-4370-9252-14B39F3F446F}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{B159B190-3C50-44DA-B891-713C8FFAEFF2}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"TCP Query User{AB38BCA4-20D9-4A9F-91EA-ADBC635BBE97}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{2857F945-9F35-458C-87EE-D0DA0A952D95}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"{3ACF851E-4DA1-4DFD-B0B0-7700688560A7}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{112CBC33-5D4E-47ED-AA08-877581172DB6}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{E6FF4828-2E75-4161-B55B-435D51FDF02B}"= UDP:c:\program files\Games\Call Of Atlantis\Call of Atlantis.exe: Call Of Atlantis
"{445E5061-82CD-42FA-BF2F-AF5CD4402E04}"= TCP:c:\program files\Games\Call Of Atlantis\Call of Atlantis.exe: Call Of Atlantis
"{8FFC3812-AB78-4FE9-BFED-425E2A4F409D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{4167E8F6-8921-4AF2-822E-38FA18F9CAA1}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{AA506897-E02A-44B0-B98F-BC5ADA821A9C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BA782525-2991-408F-9555-D20AE487E20C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{22E1B0F2-89F1-4A08-9B37-DE6CD62E2F2D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B6299BCC-47C4-479A-B387-0178EF75E76A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4988E67D-4E20-4C9F-84B2-EAD9C4F2A4CE}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{D2077563-586F-471D-8299-9030E84BCE17}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{C1FA2027-4816-42C5-BA40-F9CA8C61EF23}"= UDP:c:\program files\AVG\AVG8\avgui.exe:AVG User Interface
"{6E4AB945-BD47-4E1E-9570-46E8EE70F150}"= TCP:c:\program files\AVG\AVG8\avgui.exe:AVG User Interface
"{E466C78E-9C8C-4A4C-95E2-7E048CAA99FC}"= UDP:c:\program files\ESET\ESET NOD32 Antivirus\egui.exe:ESET NOD32 Antivirus
"{68A956FF-AD15-4E4D-92D4-E6605E42A79E}"= TCP:c:\program files\ESET\ESET NOD32 Antivirus\egui.exe:ESET NOD32 Antivirus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [2008-12-24 20392]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-03-13 33800]
R1 OxFWLF;OxFWLF;c:\windows\System32\drivers\OxFWLF.sys [2009-02-19 12672]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-27 108289]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-20 1153368]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-10-24 102400]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2007-11-06 34064]
S3 OXUDIDRV;OXUDIDRV;c:\windows\System32\drivers\OXUDIDRV_X32.sys [2009-02-19 17792]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [2007-07-06 31768]
S4 EraserThread;Eraser Service;c:\program files\Evidence Exterminator\erasrv.exe [2008-04-20 449536]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9ef83f-b4d3-11dc-b518-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
2009-03-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-03-06 15:24]
2009-03-26 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-03-06 15:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: bluemountain.com\www
Trusted Zone: eset.com
Trusted Zone: facebook.com\www
Trusted Zone: isohunt.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9}
DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D}
FF - ProfilePath - 
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 07:19:22
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...  
scanning hidden autostart entries ... 
scanning hidden files ...  
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-03-28  7:22:04
ComboFix-quarantined-files.txt  2009-03-28 13:22:02
Pre-Run: 111,732,670,464 bytes free
Post-Run: 111,543,922,688 bytes free
411 --- E O F --- 2009-03-26 20:45:34
Last edited by bakuryu; 28-03-2009 at 09:54 PM..
gpdude is offline   Reply With Quote
Old 28-03-2009, 06:59 PM   #516
Newbie
 
Join Date: Mar 2009
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0 gpdude is an unknown quantity at this point


OS: Windows Vista


Re: Cannot access Antivirus Sites/Google/Avast etc.
just checked the net as before not only could i not update spybot or nod32 but i couldn't access any secure sites such as eset's own, now after combofix, updating seems to be back on and i can access the sites.God I hope this lasts-I have no idea how I got hit by this in the first plae.I greatly appreciate the help
gpdude is offline   Reply With Quote
Old 28-03-2009, 10:17 PM   #517
ƒ(ψ)=ΘΊΧφ
 
bakuryu's Avatar
 
Join Date: May 2006
Location: India
Age: 24
Posts: 6,621
Thanks: 19
Thanked 649 Times in 605 Posts
Rep Power: 87 bakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant future


OS: Windows XP Windows Vista Windows 7


Send a message via Yahoo to bakuryu
Re: Cannot access Antivirus Sites/Google/Avast etc.
Have you manually disables Security Center monitoring and disable Symantec Firewall ? Then enable both Security Center, and the firewall.

and use CCleaner and clear our your temporary files and cache.
bakuryu is offline   Reply With Quote
Old 29-03-2009, 08:08 AM   #518
Newbie
 
Join Date: Mar 2009
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0 gpdude is an unknown quantity at this point


OS: Windows Vista


Re: Cannot access Antivirus Sites/Google/Avast etc.
I am using windows firewall with nod32 and spybot, and after combofix and cleaning everything, things seem ok...so far
gpdude is offline   Reply With Quote
Old 29-03-2009, 02:20 PM   #519
Junior Member (25+)
 
Join Date: Mar 2009
Posts: 31
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0 sandman is an unknown quantity at this point


OS: Windows XP


Re: Cannot access Antivirus Sites/Google/Avast etc.
hi sandman here, i actually discovered this forum because of the same problem that i have of blocked AV sites and my avg not updating.
i already downloaded combofix, hijackthis and disabled my system restore but i dont know how to go from there. i read this thread and i can see that the mods are really good at this stuff. i dont know much about computers so i'm afraid of doing anything that might harm it even more. i hope you guys can help me
thanks in advance

this is the log of hijackthis:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:03 PM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\USB Video Camera\Monitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\REBECC~1\LOCALS~1\Temp\Rar$EX00.141\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=explorer.exe, xmss.exe
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 securityresponse.symantec.com
O1 - Hosts: 82.98.235.133 speed-runner.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 us.mcafee.com
O1 - Hosts: 82.98.235.133 Best Anti-Virus Software & Internet Security - Kaspersky Lab
O1 - Hosts: 82.98.235.133 Home and Home Office Store
O1 - Hosts: 82.98.235.133 Symantec - AntiVirus, Anti-Spyware, Endpoint Security, Backup, Storage Solutions
O1 - Hosts: 82.98.235.133 www.winmx.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB55.dll (file missing)
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [0c7c38d3] rundll32.exe "C:\WINDOWS\system32\nksggsiu.dll",b
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\USB Video Camera\Monitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: bw+0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {ABC4091E-03D1-49DC-B1F9-8DCDB5C68A93} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL tiigts.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

--
End of file - 21071 bytes
Last edited by bakuryu; 29-03-2009 at 08:47 PM..
sandman is offline   Reply With Quote
Old 29-03-2009, 02:55 PM   #520
Newbie
 
Join Date: Mar 2009
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0 josh0429 is an unknown quantity at this point


OS: Windows XP


Re: Cannot access Antivirus Sites/Google/Avast etc.
I cannot open antivirus sites too. it says address not found. please help me
here is myu hijackthis file.


Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:23 madforelmo, on 3/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
D:\Program Files\Winamp\winampa.exe
D:\Itunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Garena Portal - Connecting world gamers | Garena | Dota | Garena Fire | Garena TV | Warcraft | Game | Lan Games | Esports
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Make A Voozie] "C:\Documents and Settings\All Users.WINDOWS\Application Data\Make A Voozie\VoozieMaker.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [autoMe] wscript.exe "C:\WINDOWS\samok.vbs"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - ?p=ZUfox000
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8388 bytes
Thank you and sorry for the bother
Last edited by bakuryu; 29-03-2009 at 08:47 PM..
josh0429 is offline   Reply With Quote
Reply
Page 52 of 84 « First 2425051 52 535462 Last »

Tags
antivirus, cleanup, infection, virus, virus removal

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode



< Home - Windows Help - MS Office Help - Hardware Support >


New To Site? Need Help?

All times are GMT +5.5. The time now is 03:50 AM.

Contact Us - TechTalkz.com Technology & Computer Troubleshooting Forums - Top

vBulletin, Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright © 2005-2010, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional