Cannot access Antivirus Sites/Google/Avast etc.

michigan98gt · 23-07-2009, 05:47 AM

Here is my log file from Hijack This.

I exited out of AVG Free and Windows Defender. I dont have a clue what the hell to do from here and found you guys. Please help!!!

I cannot access any antivirus sites or antimalware sites.

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:08 PM, on 7/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\mshta.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Laptops, Desktop Computers, Monitors, Printers & PC Accessories
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Laptops, Desktop Computers, Monitors, Printers & PC Accessories
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Laptops, Desktop Computers, Monitors, Printers & PC Accessories
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\2.2.0.2880\NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC84ADE-54A9-4016-A6EB-CF02FE6A361C}: NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{812014AC-39C9-4937-9FFF-B79ADDCE1040}: NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 7448 bytes

snowedunder · 26-07-2009, 06:32 PM

Hello. So far after a few days of repairing my windows installation (without reformatting it) everything works fine. (I would just like to update you guys.) Repairing didn't take long, at most an hour.

That is if you have your Windows Installation CD. (Sometimes repairing doesn't work for some problems, but with this one it does.

)

car_lost · 31-07-2009, 08:44 PM

Hey guys I am having this same problem on my Asus 1000HE EeePc. I am running Windows 7 Build 7100. I can't visit any anti-virus websites nor microsoft.com. Every once in a while I will get an advertisement pop-up. I'm using AVG Free. I downloaded SpyBot S&D, ran it and it cleaned up a bunch of files, but I still cannot access any of the mentioned websites. I ran HijackThis and here is my log file:

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:09 AM, on 7/31/2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Carlos\Downloads\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/a/fiu.edu/?ac...0fiu.edu#inbox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MJCore - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Jcore\Jcore2.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Sys32V2Contoller] C:\Windows\mw2mmgr32\mw2mmgr32.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA8870] command.com /c del "C:\Program Files\WWShow\WWShow.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7907] cmd.exe /c del "C:\Program Files\WWShow\WWShow.dll"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4737] command.com /c del "C:\Program Files\WWShow\WWShow.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6009] cmd.exe /c del "C:\Program Files\WWShow\WWShow.dll"
O4 - HKLM\..\Policies\Explorer\Run: [application] C:\Program Files\ACSPMonitor\ASMonitor.exe hs
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [cft] C:\Windows\system32\config\systemprofile\AppData\R oaming\cft\cft.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cft] C:\Windows\system32\config\systemprofile\AppData\R oaming\cft\cft.exe (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6797 bytes

I was going to try the combo fix, but I am running Windows 7 and the instructions I saw are for Windows XP. Help would be greatly appreciated. Thank you.

car_lost · 03-08-2009, 04:10 AM

I could really use some help guys. I hope its just cuz its the weekend

car_lost · 03-08-2009, 06:59 AM

New development. I uninstalled AVG Free and all the websites started to work again. So I downloaded Avast. installed it and now I'm back where I started. Anti-Virus websites don't work and neither does Microsoft.com

Aaron · 03-08-2009, 07:27 AM

It doesnt seem this forum string is active any more :-( I've been waiting for weeks and dont know what to do or where else to go...

:-(
Aaron

Clutch · 06-08-2009, 08:18 PM

I have the same deal as everyone else. Can't update virus db, can't access windows updates, other A/V involved websites. I've tried the numerous steps, s&d which comes up clean, checked the host file which is clean, ran combofix, but to no avail. Here are the logs, any help would be appreciated.

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:07 AM, on 8/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://benchmark-us.com/cbktraxit/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://vs.mcafeeasap.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1230744111617
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://benchmarkdata.webex.com/clie...ex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BTGRANDOLPH.benchmark-us.com
O17 - HKLM\Software\..\Telephony: DomainName = BTGRANDOLPH.benchmark-us.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BTGRANDOLPH.benchmark-us.com
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5414 bytes

Code:

ComboFix 09-08-04.04 - csheehan 08/06/2009  9:12.2.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.736 [GMT -4:00]
Running from: c:\documents and settings\csheehan\Desktop\Fix.exe
Command switches used :: c:\documents and settings\csheehan\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: avast! antivirus 4.7.1001 [VPS 000737-2] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((   Files Created from 2009-07-06 to 2009-08-06  )))))))))))))))))))))))))))))))
.

2009-08-06 12:50 . 2009-08-06 12:50	--------	d-----w-	c:\program files\Trend Micro
2009-08-06 12:07 . 2009-08-06 12:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-06 12:07 . 2009-08-06 12:10	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-08-05 12:36 . 2007-04-30 15:39	23416	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-08-05 12:36 . 2007-04-30 15:38	43176	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-08-05 12:36 . 2007-04-30 15:37	26888	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-08-05 12:36 . 2007-04-30 15:35	95872	----a-w-	c:\windows\system32\AvastSS.scr
2009-08-05 12:36 . 2007-04-30 15:41	85952	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-08-05 12:36 . 2007-04-30 15:41	94552	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-08-05 12:36 . 2007-04-30 15:46	745600	----a-w-	c:\windows\system32\aswBoot.exe
2009-08-05 12:36 . 2003-03-18 21:20	1060864	----a-w-	c:\windows\system32\MFC71.dll
2009-08-05 12:36 . 2003-03-18 20:14	499712	----a-w-	c:\windows\system32\MSVCP71.dll
2009-08-05 12:36 . 2003-02-21 03:42	348160	----a-w-	c:\windows\system32\MSVCR71.dll
2009-08-05 12:36 . 2009-08-05 12:36	--------	d-----w-	c:\program files\Alwil Software
2009-08-04 18:22 . 2009-08-04 18:22	--------	d-----w-	c:\documents and settings\csheehan\Application Data\Malwarebytes
2009-08-04 18:22 . 2009-04-06 19:32	15504	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-08-04 18:21 . 2009-04-06 19:32	38496	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 18:21 . 2009-08-04 18:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-08-04 18:21 . 2009-08-04 18:21	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-04 17:58 . 2009-08-04 17:58	--------	d--h--w-	c:\windows\system32\GroupPolicy
2009-08-04 17:57 . 2009-08-04 17:57	17856	----a-w-	c:\documents and settings\csheehan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 16:58 . 2009-07-07 16:58	--------	d-----w-	c:\documents and settings\csheehan\Application Data\webex
2009-07-07 16:56 . 2009-07-07 16:58	--------	d-----w-	c:\program files\WebEx

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 12:35 . 2009-01-13 21:18	--------	d-----w-	c:\documents and settings\csheehan\Application Data\U3
2009-06-18 15:57 . 2009-05-08 16:14	127872	----a-w-	c:\documents and settings\csheehan\Application Data\Move Networks\uninstall.exe
2009-06-18 15:57 . 2009-03-23 17:21	--------	d-----w-	c:\documents and settings\csheehan\Application Data\Move Networks
2009-06-18 15:57 . 2009-06-16 06:35	4183416	----a-w-	c:\documents and settings\csheehan\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-06-18 15:57 . 2009-06-18 15:57	1685856	----a-w-	c:\documents and settings\csheehan\Application Data\Move Networks\MoveMediaPlayerWinSilent_071503000010.exe
2009-06-16 06:35 . 2009-06-16 06:35	97144	----a-w-	c:\documents and settings\csheehan\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-05-08 20:25 . 2009-05-08 20:25	20992	----a-w-	c:\windows\bw-uninstall.exe
2009-05-08 16:14 . 2009-05-01 06:30	4183416	----a-w-	c:\documents and settings\csheehan\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-05-08 16:14 . 2009-05-08 16:14	1685856	----a-w-	c:\documents and settings\csheehan\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
2009-03-21 14:06 . 2004-08-04 05:56	157680	--sha-r-	c:\windows\system32\aaxcgeh.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-08-06_12.34.23   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 12:56 . 2009-08-06 12:56	16384              c:\windows\Temp\Perflib_Perfdata_738.dat
+ 2009-08-06 12:56 . 2009-08-06 12:56	16384              c:\windows\Temp\Perflib_Perfdata_53c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-06 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 75392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5815:TCP"= 5815:TCP:mxbifzuy

S2 vsmdloy;Task Time;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 1:56 AM 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
vsmdloy
.
.
------- Supplementary Scan -------
.
uStart Page = https://benchmark-us.com/cbktraxit/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mcafeeasap.com\vs
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-06 09:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsmdloy]
"ServiceDll"="c:\windows\system32\aaxcgeh.dll"
.
Completion time: 2009-08-06  9:17
ComboFix-quarantined-files.txt  2009-08-06 13:17
ComboFix2.txt  2009-08-06 12:35

Pre-Run: 35,396,685,824 bytes free
Post-Run: 35,354,779,648 bytes free

103	--- E O F ---	2009-04-15 07:02

michigan98gt · 07-08-2009, 08:38 PM

i found a way to fix it on my own. i think i downloaded Combofix, ran it in safe mode, then rebooted and downloaded spybot and updated my avg. They found a virus and repaired it. then i unistalled combofix and things been working fine since then.

**Strider** · 07-08-2009, 10:24 PM

Quote:

i found a way to fix it on my own. i think i downloaded Combofix, ran it in safe mode, then rebooted and downloaded spybot and updated my avg. They found a virus and repaired it. then i unistalled combofix and things been working fine since then.

This is exactly what we should do. I strongly suggest to remove AVG go for Avast/ a commercial AV once the infections are cleaned.

Quote:

It doesnt seem this forum string is active any more :-( I've been waiting for weeks and dont know what to do or where else to go...

Sorry guys, I've been busy with work.

All new posts will be answered properly.

StrongWall · 18-08-2009, 01:50 AM

Hi, i'm having the same problem.
I've cleaned the hosts file.
hijackhis:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:01:02 p.m., on 17/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\UAService.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgnsx.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\regedit.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARCHIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Media Key.lnk.disabled
O8 - Extra context menu item: Add to AMV Converter... - C:\Archivos de programa\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Archivos de programa\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132242771796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5352 bytes

combofix

Code:

ComboFix 09-04-03.01 - xx 2009-08-17 16:06:02.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.34.3082.18.511.109 [GMT -3:00]
Running from: c:\documents and settings\xx\Escritorio\Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

(((((((((((((((((((((((((   Files Created from 2009-07-17 to 2009-08-17  )))))))))))))))))))))))))))))))
.

2009-08-16 16:16 . 2009-08-16 16:18    <DIR>    d----c---    c:\archivos de programa\Carnivores 2
2009-08-15 23:55 . 2009-08-15 23:55    <DIR>    d--------    c:\windows\Cache
2009-08-08 13:00 . 2009-08-16 00:10    <DIR>    d----c---    c:\archivos de programa\Trailer Park Tycoon
2009-08-08 12:59 . 2009-08-08 12:59    1,767    --a------    c:\windows\ST6UNST.002
2009-07-30 00:03 . 2009-07-30 00:03    <DIR>    d--------    c:\documents and settings\xx\Datos de programa\InstallShield Installation Information
2009-07-23 03:10 . 2004-08-19 15:42    77,312    --a------    c:\windows\system32\msiexec.exe
2009-07-23 03:10 . 2004-08-19 15:42    77,312    --a--c---    c:\windows\system32\dllcache\msiexec.exe
2009-07-21 19:39 . 2009-07-21 19:39    <DIR>    d----c---    c:\archivos de programa\Ashampoo
2009-07-21 17:43 . 2009-07-21 17:43    55,296    --a------    c:\windows\system32\84.scr
2009-07-21 14:48 . 2009-07-21 14:48    55,296    --a------    c:\windows\system32\01.scr
2009-07-21 06:07 . 2009-07-21 17:13    55,296    --a------    c:\windows\system32\27.scr
2009-07-21 01:29 . 2009-07-21 01:29    55,296    --a------    c:\windows\system32\21.exe
2009-07-20 23:48 . 2009-07-21 13:44    55,296    --a------    c:\windows\system32\52.scr
2009-07-20 22:36 . 2009-07-20 22:36    55,296    --a------    c:\windows\system32\57.scr
2009-07-20 20:52 . 2009-07-20 20:52    55,296    --a------    c:\windows\system32\60.scr
2009-07-20 20:32 . 2009-07-20 20:32    55,296    --a------    c:\windows\system32\74.exe
2009-07-19 21:47 . 2009-07-19 21:47    55,296    --a------    c:\windows\system32\70.scr
2009-07-19 04:30 . 2009-07-21 00:50    55,296    --a------    c:\windows\system32\21.scr
2009-07-19 02:22 . 2009-07-20 17:49    55,296    --a------    c:\windows\system32\74.scr
2009-07-18 05:58 . 2009-07-18 05:58    <DIR>    d--------    c:\documents and settings\xx\Datos de programa\DivX
2009-07-18 01:58 . 2009-05-01 18:03    120,056    ---------    c:\windows\system32\pxcpyi64.exe
2009-07-18 01:57 . 2009-07-23 03:15    <DIR>    d----c---    c:\archivos de programa\DivX

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 19:07    93,693,984    --sha-w    c:\windows\system32\drivers\fidbox.dat
2009-08-17 18:32    1,101,488    --sha-w    c:\windows\system32\drivers\fidbox.idx
2009-08-16 03:17    ---------    dc----w    c:\archivos de programa\Microsoft Games
2009-08-12 22:31    34    ----a-w    c:\documents and settings\xx\jagex_runescape_preferences.dat
2009-08-10 20:45    230,432    -c--a-w    C:\PA207.DAT
2009-08-09 12:25    335,752    ----a-w    c:\windows\system32\drivers\avgldx86.sys
2009-08-08 15:59    74,240    ----a-w    c:\windows\ST6UNST.EXE
2009-08-08 15:59    225,280    ------w    c:\windows\Setup1.exe
2009-08-02 01:32    ---------    d-----w    c:\documents and settings\xx\Datos de programa\Winamp
2009-08-01 21:59    ---------    dc----w    c:\archivos de programa\Warcraft III
2009-07-21 21:22    ---------    dc----w    c:\archivos de programa\Malwarebytes' Anti-Malware
2009-07-21 15:38    55,296    ----a-w    c:\windows\system32\20.scr
2009-07-13 16:36    38,160    ----a-w    c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 16:36    19,096    ----a-w    c:\windows\system32\drivers\mbam.sys
2009-07-08 18:48    ---------    dc----w    c:\archivos de programa\Winamp
2009-07-02 21:21    3,752    ----a-w    c:\windows\system32\mpupd.exe
2009-06-27 21:09    ---------    dc----w    c:\archivos de programa\Codemasters
2009-06-27 21:08    ---------    d--h--w    c:\archivos de programa\InstallShield Installation Information
2009-06-02 01:50    15,688    ----a-w    c:\windows\system32\lsdelete.exe
2009-05-27 21:05    3,165,983    ----a-w    c:\windows\system32\TWAT.EXE
2008-09-23 02:35    101,216    ----a-w    c:\documents and settings\xx\Datos de programa\GDIPFONTCACHEV1.DAT
2008-04-27 03:34    21    ----a-w    c:\archivos de programa\Archivos comunes\appop.log
2006-03-20 18:37    5,689,344    -c--a-w    c:\archivos de programa\mplayerc.exe
2006-06-15 23:33    233,472    ----a-w    c:\archivos de programa\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 21:43    204,895    ----a-w    c:\archivos de programa\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 17:41    77,824    ----a-w    c:\archivos de programa\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 16:10    426,081    ----a-w    c:\archivos de programa\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 15:19    458,752    ----a-w    c:\archivos de programa\mozilla firefox\plugins\imagickrt.dll
2006-04-10 21:35    139,264    ----a-w    c:\archivos de programa\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 14:10    204,800    ----a-w    c:\archivos de programa\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 14:42    106,496    ----a-w    c:\archivos de programa\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 14:22    212,992    ----a-w    c:\archivos de programa\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 14:21    167,936    ----a-w    c:\archivos de programa\mozilla firefox\plugins\RLVoiceUnpacker.dll
2009-02-23 04:15    81    --sh--r    c:\windows\CT4CET.bin
2005-05-13 20:12    217,073    --sha-r    c:\windows\meta4.exe
2005-10-24 14:13    66,560    --sha-r    c:\windows\MOTA113.exe
2005-10-14 00:27    422,400    --sha-r    c:\windows\x2.64.exe
2005-10-07 22:14    308,224    --sha-r    c:\windows\system32\avisynth.dll
2005-07-14 15:31    27,648    --sha-r    c:\windows\system32\AVSredirect.dll
2005-06-26 18:32    616,448    --sha-r    c:\windows\system32\cygwin1.dll
2005-06-22 01:37    45,568    --sha-r    c:\windows\system32\cygz.dll
2004-01-25 03:00    70,656    --sha-r    c:\windows\system32\i420vfw.dll
2006-04-27 13:24    2,945,024    --sha-r    c:\windows\system32\Smab.dll
2005-02-28 16:16    240,128    --sha-r    c:\windows\system32\x.264.exe
2004-01-25 03:00    70,656    --sha-r    c:\windows\system32\yv12vfw.dll
.

(((((((((((((((((((((((((((((   SnapShot_2009-07-23_ 2.51.29,10   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-21 16:17:57    81,920    ----a-w    c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-08-12 22:31:01    81,920    ----a-w    c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-07-21 16:17:57    49,152    ----a-w    c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-08-12 22:31:01    49,152    ----a-w    c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2008-04-12 22:09:23    53,248    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-07-30 03:03:12    53,248    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-04-12 22:09:23    12,800    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-07-30 03:03:13    12,800    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-04-12 22:09:23    473,600    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-07-30 03:03:13    473,600    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-04-12 22:09:20    567,296    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-30 03:03:08    567,296    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-12 22:09:20    576,000    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-30 03:03:14    576,000    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-12 22:09:24    145,920    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-07-30 03:03:14    145,920    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-04-12 22:09:24    159,232    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-07-30 03:03:15    159,232    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-04-12 22:09:24    364,544    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-07-30 03:03:15    364,544    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-04-12 22:09:24    178,176    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-07-30 03:03:16    178,176    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-04-12 22:09:22    223,232    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-07-30 03:03:11    223,232    ----a-w    c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2002-03-11 17:45:04    1,708,856    ----a-w    c:\windows\Cache\Adobe Reader 6.0.1\ESPBIG\instmsia.exe
+ 2002-03-11 18:06:30    1,822,520    ----a-w    c:\windows\Cache\Adobe Reader 6.0.1\ESPBIG\instmsiw.exe
+ 2003-11-04 05:21:17    217,088    ----a-w    c:\windows\Cache\Adobe Reader 6.0.1\ESPBIG\setup.exe
- 2005-03-18 19:23:10    53,248    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 20:23:10    53,248    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
- 2005-03-18 19:23:10    12,800    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 20:23:10    12,800    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
- 2005-03-18 19:23:14    473,600    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2005-03-18 20:23:14    473,600    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
- 2005-03-18 19:23:10    145,920    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 20:23:10    145,920    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
- 2005-03-18 19:23:10    159,232    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 20:23:10    159,232    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
- 2005-03-18 19:23:14    364,544    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 20:23:14    364,544    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
- 2005-03-18 19:23:12    178,176    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 20:23:12    178,176    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
- 2005-03-18 19:23:14    223,232    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2005-03-18 20:23:14    223,232    ----a-w    c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
- 2002-02-04 06:04:36    93,696    ----a-w    c:\windows\system32\msxml4r.dll
+ 2002-02-04 05:43:00    82,432    ----a-w    c:\windows\system32\msxml4r.dll
- 2008-11-23 05:26:58    63,016    ----a-w    c:\windows\system32\perfc009.dat
+ 2009-07-27 16:37:34    63,016    ----a-w    c:\windows\system32\perfc009.dat
- 2008-11-23 05:26:58    82,188    ----a-w    c:\windows\system32\perfc00A.dat
+ 2009-07-27 16:37:34    82,188    ----a-w    c:\windows\system32\perfc00A.dat
- 2008-11-23 05:26:58    402,406    ----a-w    c:\windows\system32\perfh009.dat
+ 2009-07-27 16:37:34    402,406    ----a-w    c:\windows\system32\perfh009.dat
- 2008-11-23 05:26:58    464,202    ----a-w    c:\windows\system32\perfh00A.dat
+ 2009-07-27 16:37:34    464,202    ----a-w    c:\windows\system32\perfh00A.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 13:37    1004800    --a--c---    c:\archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\archiv~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]

c:\documents and settings\xx\Men£ Inicio\Programas\Inicio\
Media Key.lnk.disabled [2007-05-08 682]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 17:34 11952 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 15:42 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-08-19 15:57 1667584 c:\archivos de programa\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ad-Watch"=c:\archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Archivos de programa\\IDM\\QUICKfind\\QFServer.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Archivos de programa\\EA GAMES\\Command and Conquer Generals\\game.dat"=
"c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
"c:\\Archivos de programa\\Warcraft III\\Warcraft III.exe"=
"%windir%"= msdrv32.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2256:TCP"= 2256:TCP:*:Disabled:WWW
"6223:TCP"= 6223:TCP:*:Disabled:WWW

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2006-02-17 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2006-02-17 44928]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-25 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-25 108552]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2006-04-29 12856]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [2006-04-29 8576]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2009-02-23 31616]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [2006-02-17 28160]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-01-29 40832]
S3 PAC207;i-Look 110;c:\windows\system32\drivers\PFC027.SYS [2009-02-23 618112]
S3 SASENUM;SASENUM;c:\archivos de programa\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - avg8wd
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - Lavasoft Ad-Aware Service
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - Messenger
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - UserAccess
*Deregistered* - vaszpoqbj
*Deregistered* - vsmon
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - WZCSVC

NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
winmgmt
wscsvc
BITS
ShellHWDetection
helpsvc
vaszpoqbj

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d0f5fad-100a-11de-b818-0015f268ba51}]
\Shell\AutoRun\command - h:\recycler\Sysyery.bat
\Shell\open\Command - h:\recycler\Sysyery.bat
\Shell\open2\Command - h:\recycler\Sysyery.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcd586e2-ea26-11dd-815f-0015f268ba51}]
\Shell\AutoRun\command - i:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\service.exe
\Shell\open\command - i:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\service.exe
.
Contents of the 'Scheduled Tasks' folder

2009-08-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\archivos de programa\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-06 22:48]

2009-08-02 c:\windows\Tasks\Liberador de espacio en disco.job
- c:\windows\system32\cleanmgr.exe [2004-08-19 10:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ar/
IE: Add to AMV Converter... - c:\archivos de programa\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\archivos de programa\MP3 Player Utilities 4.13\MediaManager\grab.html
FF - ProfilePath - c:\documents and settings\xx\Datos de programa\Mozilla\Firefox\Profiles\ozldzch8.default\
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\documents and settings\xx\Datos de programa\Mozilla\Firefox\Profiles\ozldzch8.default\extensions\{35E20BC7-2CC1-4BE3-A122-25A2ED877C73}\plugins\npmozax.dll
FF - plugin: c:\documents and settings\xx\Datos de programa\Mozilla\Firefox\Profiles\ozldzch8.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

---- FIREFOX POLICIES ----
c:\archivos de programa\Mozilla Firefox\defaults\pref\ff.js - pref("capability.policy.default.ClassID.CID1FD3325A-2091-4E2B-A142-F8D1D0BC1EAB", "AllAccess");.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 16:06:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet015\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\xx\CONFIG~1\Temp\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet015\Services\vaszpoqbj]
"ServiceDll"="c:\windows\system32\uueraya.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet015\Services\Wmdmman]
"ServiceDll"="c:\windows\system32\qkokv.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@DACL=(02 0000)
.
Completion time: 2009-08-17 16:12:02
ComboFix-quarantined-files.txt  2009-08-17 19:10:42
ComboFix2.txt  2009-07-23 05:55:13
ComboFix3.txt  2009-04-06 01:55:07
ComboFix4.txt  2009-04-04 18:03:44

Pre-Run: 11.795.709.952 bytes libres
Post-Run: 11,805,106,176 bytes libres

Current=15 Default=15 Failed=14 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
359

this has happened to me before and the last time there was aproblem with svchost
please help

26-07-2009, 06:32 PM	#702
snowedunder Newbie Join Date: Jul 2009 Posts: 4 Thanks: 0 Thanked 0 Times in 0 Posts Rep Power: 0 OS:	Re: Cannot access Antivirus Sites/Google/Avast etc. Hello. So far after a few days of repairing my windows installation (without reformatting it) everything works fine. (I would just like to update you guys.) Repairing didn't take long, at most an hour. That is if you have your Windows Installation CD. (Sometimes repairing doesn't work for some problems, but with this one it does. )

03-08-2009, 04:10 AM	#704
car_lost Newbie Join Date: Jul 2009 Age: 25 Posts: 3 Thanks: 0 Thanked 0 Times in 0 Posts Rep Power: 0 OS:	Re: Cannot access Antivirus Sites/Google/Avast etc. I could really use some help guys. I hope its just cuz its the weekend

03-08-2009, 06:59 AM	#705
car_lost Newbie Join Date: Jul 2009 Age: 25 Posts: 3 Thanks: 0 Thanked 0 Times in 0 Posts Rep Power: 0 OS:	Re: Cannot access Antivirus Sites/Google/Avast etc. New development. I uninstalled AVG Free and all the websites started to work again. So I downloaded Avast. installed it and now I'm back where I started. Anti-Virus websites don't work and neither does Microsoft.com

03-08-2009, 07:27 AM	#706
Aaron Newbie Join Date: Jul 2009 Posts: 4 Thanks: 0 Thanked 0 Times in 0 Posts Rep Power: 0 OS:	Re: Cannot access Antivirus Sites/Google/Avast etc. It doesnt seem this forum string is active any more :-( I've been waiting for weeks and dont know what to do or where else to go... :-( Aaron

07-08-2009, 08:38 PM	#708
michigan98gt Newbie Join Date: Jul 2009 Age: 29 Posts: 4 Thanks: 0 Thanked 0 Times in 0 Posts Rep Power: 0 OS:	Re: Cannot access Antivirus Sites/Google/Avast etc. i found a way to fix it on my own. i think i downloaded Combofix, ran it in safe mode, then rebooted and downloaded spybot and updated my avg. They found a virus and repaired it. then i unistalled combofix and things been working fine since then.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

New To Site?	Need Help?
Register to Participate Meet our Staff Refer Forum Rules Contact Us	Frequently Asked Questions Did you forget your password? Mark Forums Read

Cannot access Antivirus Sites/Google/Avast etc.

Computer Security