Cannot access Antivirus Sites/Google/Avast etc.

**Strider** · 05-11-2009, 02:21 PM

@expapete:

Quote:

When I copy paste the path c:\windows\system32\gnbpbgl.dll in to the Run box and press Enter, I received this message 'You are attempting to open a file of "Application Extension" (.dll)'

That means the file is there. Use the following command in the Run box to delete it.

Code:

del /f /q c:\windows\system32\gnbpbgl.dll

Once done check the path c:\windows\system32\gnbpbgl.dll in the Run box again to see if the file it present.

Quote:

When I used the 'Find' function in Registry Editor, I found the following 2 entries;

Delete those entries after backing up the registry keys.

Post a Combofix log once the above steps are completed so that we can confirm the removal.

**Strider** · 05-11-2009, 02:46 PM

@aina: You've a number of unnecessary software installed in your computer. Check the Add/Remove programs from Control Panel and uninstall the ones you're not using.

Now as I aleady suggested, diable system restore in all the drives and reboot the computer in Safe Mode.

1. Delete the files c:\windows\system32\qzvfb.dll & c:\windows\VistaDrive.exe. Use Killbox if needed or use:

Code:

del /q /f c:\windows\system32\qzvfb.dll

Code:

del /q /f c:\windows\VistaDrive.exe

Copy paste the path c:\windows\system32\qzvfb.dll in Run box and make sure that the file is deleted. Same with c:\windows\VistaDrive.exe.

2. Open Registry Editor (Start > Run > regedit) and delete the following keys after taking registry backups.

Quote:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ergiai

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\e rgiai]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VistaDrive"="c:\windows\VistaDrive.exe" [2007-10-12 1596230]

Search for the string ergiai in the registry and delete all the references.

3. Once completed reboot in to normal mode, run ComboFix and post a fresh log file.

aina · 05-11-2009, 07:38 PM

when i booted my pc to the safe mode, my Run is missing. So I booted my pc to normal mode. When I tried to run

del /q /f c:\windows\system32\qzvfb.dll a box appears saying Windows cannot find del.

**Strider** · 05-11-2009, 10:16 PM

Quote:

del /q /f c:\windows\system32\qzvfb.dll a box appears saying Windows cannot find del.

Issue the command from the Command Prompt then (Start > Run > CMD).

wintersnight · 06-11-2009, 09:47 PM

I have the same problem as e30etakid. Combo Fix with boot installation looks promising, but one question: will that erase my hard drive?

**Strider** · 07-11-2009, 12:02 AM

Quote:

but one question: will that erase my hard drive?

Nope. It's a perfectly safe tool. The recovery console helps the tool to remove any 'in use' files, like drivers, installed by the malware.

atul484 · 07-11-2009, 01:28 PM

Dear e30etakid,

Here is the solution to your problem:
1) First change your browser to google chrome @ clicking
Google Chrome for Windows - Terms and Conditions Agreement
2) Uninstall FireFox browser
2) Remove already installed antivirus and install Kaspersky 2010 and run the full scan
3) It will also remove all registry errors.

It will definitely solve your problem

Any further clarification are welcome,

Regards,
Atul

Phaelok · 08-11-2009, 04:33 AM

Hey all, hope you can help me tonight.

Having a very similar problem to a lot of people on here. However i have managed to run Spybot S&D, which is scanning now having found 4 entries.

Ill post up my HJT log anyways:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:59 PM, on 11/7/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ssms.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Fred\My Documents\Downloads\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Koower.com
R3 - URLSearchHook: P2P MAX EN Atube Toolbar - {ee78981f-3768-4f82-9241-9aa5f3712651} - C:\Program Files\P2P_MAX_EN_Atube\tbP2P_.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: P2P MAX EN Atube Toolbar - {ee78981f-3768-4f82-9241-9aa5f3712651} - C:\Program Files\P2P_MAX_EN_Atube\tbP2P_.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: P2P MAX EN Atube Toolbar - {ee78981f-3768-4f82-9241-9aa5f3712651} - C:\Program Files\P2P_MAX_EN_Atube\tbP2P_.dll
O4 - HKLM\..\Run: [Windows Update] ssms.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunServices: [Windows Update] ssms.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4030 bytes

Cant get onto any anti-virus sites, and if i do it stops all my access, then it gradually comes back becoming faster if i dont browse onto antivirus sites.

I deleted a coupla registries related to P2P searches on firefox, hoping itll contribute to getting rid of the problem. Hope you guys can help! You all seem to be amazing in your knowledge!

Spybot found the following

Code:

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, fixed)
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Win32.Qhost.aei: [SBI $F5CD2FD9] Autorun settings (Windows Update) (Registry value, fixed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update

Win32.Qhost.aei: [SBI $F5CD2FD9]  Program file (File, fixed)
  C:\WINDOWS\system32\ssms.exe
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.Qhost.aei: [SBI $F5CD2FD9] Autorun settings (Windows Update) (Registry value, fixed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Windows Update

Right Media: Tracking cookie (Internet Explorer: Fred) (Cookie, fixed)
  

DoubleClick: Tracking cookie (Internet Explorer: Fred) (Cookie, fixed)
  

Statcounter: Tracking cookie (Internet Explorer: Fred) (Cookie, fixed)
  


--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-11-07 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2009-10-20 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2009-10-13 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-10-27 Includes\HijackersC.sbi (*)
2009-10-20 Includes\Keyloggers.sbi (*)
2009-10-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-11-03 Includes\Malware.sbi (*)
2009-11-03 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-10-20 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-11-04 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2009-11-03 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-11-03 Includes\Trojans.sbi (*)
2009-11-03 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Here is also the combofix log:

Code:

ComboFix 09-11-07.02 - Fred 11/07/2009 23:25.2.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.1.1252.1.1033.18.1535.1182 [GMT 0:00]
Running from: c:\documents and settings\Fred\My Documents\Downloads\Fix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Fred\Application Data\Desktopicon
c:\documents and settings\Fred\Application Data\Desktopicon\eBay.ico
c:\documents and settings\Fred\Application Data\Desktopicon\uninst.exe
c:\windows\system32\Data

-- Previous Run --

c:\windows\system32\qmgr.dll . . . is infected!!

--------

c:\windows\system32\qmgr.dll . . . is infected!!

.
(((((((((((((((((((((((((   Files Created from 2009-10-07 to 2009-11-07  )))))))))))))))))))))))))))))))
.

2009-11-07 23:13 . 2009-11-07 23:13	--------	d-----w-	C:\Fix
2009-11-07 22:29 . 2009-11-07 22:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-07 22:29 . 2009-11-07 22:29	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-11-07 20:19 . 2009-11-07 20:24	664	----a-w-	c:\windows\system32\d3d9caps.dat
2009-11-07 13:39 . 2009-11-07 13:39	--------	dc----w-	c:\windows\system32\DRVSTORE
2009-11-07 13:39 . 2009-11-07 13:39	--------	d-----w-	c:\windows\system32\AGEIA
2009-11-07 13:39 . 2009-11-07 13:39	--------	d-----w-	c:\program files\AGEIA Technologies
2009-11-07 13:18 . 2009-11-07 13:18	--------	d-----w-	c:\program files\Flying Lab Software
2009-11-07 13:18 . 2009-11-07 13:18	--------	d-----w-	c:\program files\Sony
2009-11-04 22:49 . 2009-11-04 22:49	56	---ha-w-	c:\windows\system32\ezsidmv.dat
2009-11-04 22:49 . 2009-11-07 20:05	--------	d-----w-	c:\documents and settings\Fred\Application Data\skypePM
2009-11-04 22:48 . 2009-11-07 23:22	--------	d-----w-	c:\documents and settings\Fred\Application Data\Skype
2009-11-04 22:48 . 2009-11-04 22:48	--------	d-----w-	c:\program files\Common Files\Skype
2009-11-04 22:48 . 2009-11-04 22:48	--------	d-----r-	c:\program files\Skype
2009-11-04 22:48 . 2009-11-04 22:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
2009-11-03 18:18 . 2009-11-03 18:18	--------	d-----w-	c:\program files\Conduit
2009-11-03 18:18 . 2009-11-03 18:18	--------	d-----w-	c:\documents and settings\Fred\Local Settings\Application Data\Conduit
2009-11-03 18:18 . 2009-11-07 22:54	--------	d-----w-	c:\program files\P2P_MAX_EN_Atube
2009-11-03 18:18 . 2009-11-05 21:10	--------	d-----w-	c:\documents and settings\Fred\Local Settings\Application Data\P2P_MAX_EN_Atube
2009-11-03 18:18 . 2009-11-03 18:18	--------	d-----w-	c:\program files\DsNET Corp
2009-11-03 11:15 . 2009-11-03 11:15	--------	d-----w-	c:\documents and settings\Fred\Application Data\Creative
2009-11-03 06:13 . 2009-11-03 06:13	--------	d-----w-	c:\documents and settings\Fred\Local Settings\Application Data\Adobe
2009-11-03 06:13 . 2009-11-03 06:13	--------	d-----w-	c:\program files\Common Files\Adobe
2009-11-02 22:53 . 2000-05-11 01:00	90112	------w-	c:\windows\Updreg.EXE
2009-11-02 22:53 . 1996-05-23 02:24	24976	------w-	c:\windows\CTRES.DLL
2009-11-02 22:53 . 2000-03-20 03:10	40960	------w-	c:\windows\system32\AC3API.DLL
2009-11-02 22:53 . 1998-06-05 02:00	84992	------w-	c:\windows\system32\SFCVRT32.DLL
2009-11-02 22:53 . 1995-01-13 06:10	149504	------w-	c:\windows\system32\MFCANS32.DLL
2009-11-02 22:53 . 1995-01-13 06:10	108032	------w-	c:\windows\system32\MFCUIA32.DLL
2009-11-02 22:53 . 1994-12-05 03:11	53552	------w-	c:\windows\CTCCW.DLL
2009-11-02 22:53 . 1998-10-20 08:05	54784	------w-	c:\windows\system32\INETWH32.DLL
2009-11-02 22:53 . 1998-01-08 01:00	1048576	------w-	c:\windows\system32\SFMAN.DAT
2009-11-02 22:53 . 1995-08-30 02:02	82432	------w-	c:\windows\system32\CTWFLT32.DLL
2009-11-02 22:53 . 1995-07-13 02:01	26768	------w-	c:\windows\system32\CTL3D.DLL
2009-11-02 22:53 . 2009-11-02 22:53	--------	d-----w-	c:\windows\system32\Defaults
2009-11-02 20:25 . 2009-11-02 20:25	--------	d-----w-	c:\documents and settings\Fred\Local Settings\Application Data\Identities
2009-11-02 20:06 . 2009-11-02 20:06	336	----a-w-	c:\windows\system32\d3d8caps.dat
2009-11-02 20:06 . 2009-11-02 20:06	--------	d-----w-	c:\program files\SystemRequirementsLab
2009-11-02 20:05 . 2009-11-02 20:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-02 20:04 . 2009-11-02 20:04	--------	d-----w-	c:\program files\NVIDIA Corporation
2009-11-02 20:04 . 2009-11-02 20:04	--------	d-----w-	C:\NVIDIA
2009-11-02 19:47 . 2009-11-02 19:47	--------	d-----w-	c:\documents and settings\Fred\Application Data\Turbine
2009-11-02 19:07 . 2009-11-02 19:56	--------	d-----w-	c:\documents and settings\Fred\Application Data\GetRightToGo
2009-11-02 19:01 . 2009-11-02 19:01	127	----a-w-	c:\documents and settings\Fred\Local Settings\Application Data\fusioncache.dat
2009-11-02 19:01 . 2009-11-02 19:01	16760	----a-w-	c:\documents and settings\Fred\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-02 19:01 . 2009-11-02 19:01	--------	d-----w-	c:\documents and settings\Fred\Local Settings\Application Data\Turbine
2009-11-02 18:57 . 2007-03-12 16:42	3495784	----a-w-	c:\windows\system32\d3dx9_33.dll
2009-11-02 18:57 . 2009-11-02 18:57	--------	d-----w-	c:\windows\Logs
2009-11-02 18:57 . 2003-05-30 09:00	1962496	----a-w-	c:\windows\system32\quartz.dll
2009-11-02 18:57 . 2002-12-12 00:14	13312	----a-w-	c:\windows\system32\msdmo.dll
2009-11-02 18:57 . 2003-05-30 09:00	132608	----a-w-	c:\windows\system32\devenum.dll
2009-11-02 18:57 . 2004-07-09 04:27	381952	----a-w-	c:\windows\system32\dsound.dll
2009-11-02 18:57 . 2004-07-09 04:27	230400	-c--a-w-	c:\windows\system32\dllcache\dplayx.dll
2009-11-02 18:57 . 2003-03-24 09:00	68096	----a-w-	c:\windows\system32\dpnhupnp.dll
2009-11-02 18:57 . 2002-12-12 00:14	3072	----a-w-	c:\windows\system32\dpnlobby.dll
2009-11-02 18:49 . 2002-08-29 01:32	21760	-c--a-w-	c:\windows\system32\dllcache\usbstor.sys
2009-11-02 18:05 . 2005-05-26 15:34	2297552	----a-w-	c:\windows\system32\d3dx9_26.dll
2009-11-02 18:03 . 2009-11-06 22:51	--------	d-----w-	c:\documents and settings\Fred\Local Settings\Application Data\ApplicationHistory
2009-11-02 18:02 . 2009-11-02 18:03	--------	d-----w-	c:\windows\system32\URTTemp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 13:38 . 2009-11-07 13:38	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-11-07 13:18 . 2009-11-02 17:16	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-11-02 22:53 . 2009-11-02 17:15	--------	d-----w-	c:\program files\Creative
2009-11-02 17:34 . 2009-11-02 17:34	--------	d-----w-	c:\documents and settings\All Users\Application Data\MSN Messenger 6.1.0114
2009-11-02 17:34 . 2009-11-02 17:34	--------	d-----w-	c:\program files\MSN Messenger
2009-11-02 17:30 . 2009-11-02 17:30	--------	d-----w-	c:\program files\Codemasters
2009-11-02 17:23 . 2009-11-02 17:23	--------	d-----w-	c:\program files\Microsoft ActiveSync
2009-11-02 17:22 . 2009-11-02 17:22	0	----a-w-	c:\windows\nsreg.dat
2009-11-02 17:16 . 2009-11-02 17:16	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-11-02 17:05 . 2009-11-02 17:05	--------	d-----w-	c:\program files\microsoft frontpage
2009-11-02 17:05 . 2009-11-02 17:05	2678	----a-w-	c:\windows\java\Packages\Data\DR97F1JH.DAT
2009-11-02 17:05 . 2009-11-02 17:05	558142	----a-w-	c:\windows\java\Packages\9ZF9Z31B.ZIP
2009-11-02 17:05 . 2009-11-02 17:05	2678	----a-w-	c:\windows\java\Packages\Data\9RHVX3LB.DAT
2009-11-02 17:05 . 2009-11-02 17:05	155995	----a-w-	c:\windows\java\Packages\WW4271BB.ZIP
2009-11-02 17:05 . 2009-11-02 17:05	2678	----a-w-	c:\windows\java\Packages\Data\ZN7D3NBB.DAT
2009-11-02 17:05 . 2009-11-02 17:05	2678	----a-w-	c:\windows\java\Packages\Data\4VR77FNN.DAT
2009-11-02 17:05 . 2009-11-02 17:05	2678	----a-w-	c:\windows\java\Packages\Data\3V9B1B57.DAT
2009-11-02 17:05 . 2009-11-02 17:05	70691	----a-w-	c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-11-02 17:03 . 2009-11-02 17:03	21640	----a-w-	c:\windows\system32\emptyregdb.dat
2009-09-27 18:19 . 2009-09-27 18:19	3674112	----a-w-	c:\windows\system32\nvwssr.dll
2009-09-27 16:12 . 2009-09-27 16:12	888832	----a-w-	c:\windows\system32\nvapi.dll
2009-09-27 16:12 . 2009-09-27 16:12	7655872	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 16:12 . 2009-09-27 16:12	5900416	----a-w-	c:\windows\system32\nv4_disp.dll
2009-09-27 16:12 . 2009-09-27 16:12	2194024	----a-w-	c:\windows\system32\nvcuvid.dll
2009-09-27 16:12 . 2009-09-27 16:12	2007040	----a-w-	c:\windows\system32\nvcuda.dll
2009-09-27 16:12 . 2009-09-27 16:12	1714792	----a-w-	c:\windows\system32\nvcuvenc.dll
2009-09-27 16:12 . 2009-09-27 16:12	170600	----a-w-	c:\windows\system32\nvcodins.dll
2009-09-27 16:12 . 2009-09-27 16:12	170600	----a-w-	c:\windows\system32\nvcod.dll
2009-09-27 16:12 . 2009-09-27 16:12	1604482	----a-w-	c:\windows\system32\nvdata.bin
2009-09-27 16:12 . 2009-09-27 16:12	10756096	----a-w-	c:\windows\system32\nvoglnt.dll
2002-08-29 12:00 . 2002-08-29 12:00	170478	--sha-r-	c:\windows\system32\utcrz.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2003-08-19 4685824]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2009-09-27 86016]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

S2 moahtuq;Support Monitor;c:\windows\system32\svchost.exe -k netsvcs [8/29/2002 12:00 PM 12800]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
moahtuq
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\documents and settings\Fred\Application Data\Mozilla\Firefox\Profiles\ed71f9ro.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/Result***t.aspx?ctid=CT2189222&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - P2P MAX EN Atube Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EE78981F-3768-4F82-9241-9AA5F3712651} - (no file)
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-eBay Icon - c:\documents and settings\Fred\Application Data\Desktopicon\uninst.exe
AddRemove-HijackThis - c:\documents and settings\Fred\My Documents\Downloads\HijackThis.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 23:32
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\moahtuq]
"ServiceDll"="c:\windows\System32\utcrz.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(572)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3652)
c:\windows\System32\msi.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\System32\ODBC32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\System32\RUNDLL32.EXE
c:\windows\System32\CTsvcCDA.EXE
c:\windows\System32\MsPMSPSv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-11-07 23:34 - machine was rebooted
ComboFix-quarantined-files.txt  2009-11-07 23:34

Pre-Run: 55,105,302,528 bytes free
Post-Run: 55,093,075,968 bytes free

- - End Of File - - 67B01A6C6EFB1663536E8C60EB3992FB

Moccasin · 11-11-2009, 12:01 PM

Quote:

Originally Posted by Strider

Hi Keith,

It seems that you have a spyware installed in your computer. From the post I understand that you can't access websites of antivirus companies and search engines. or is it just of avast.com and Google?

Could you please check if you can access ESET NOD32 download page?

Best Free Antivirus: ESET! Try free antivirus programs for 30 days.
If possible download the Antivirus and install it. Do a scan in safe mode after disabling system restore.

Also try getting Spybot S&D, update it and do a complete scan.

The home of Spybot-S&D!

If both the above sites can't access from your machine post back and we'll have a manual clean up. For that download Hijackthis and do a scan. Attach the log file generated in your reply.

HijackThis - Trend Micro USA

Hi I am having the same issue and it is driving me crazy. I have downloaded the Combofix.exe and was wondering if you could help me with running it? Look forward to hearing from you.

**Strider** · 11-11-2009, 03:32 PM

@Moccasin:

1. Disable System Restore in all the drives.

2. Run Combofix and post the log file here.

05-11-2009, 07:38 PM	#773
aina Newbie Join Date: Nov 2009 Posts: 3 Thanks: 0 Thanked 0 Times in 0 Posts Rep Power: 0 OS:	Re: Cannot access Antivirus Sites/Google/Avast etc. when i booted my pc to the safe mode, my Run is missing. So I booted my pc to normal mode. When I tried to run del /q /f c:\windows\system32\qzvfb.dll a box appears saying Windows cannot find del.

06-11-2009, 09:47 PM	#775
wintersnight Newbie Join Date: Nov 2009 Posts: 1 Thanks: 0 Thanked 0 Times in 0 Posts Rep Power: 0 OS:	Re: Cannot access Antivirus Sites/Google/Avast etc. I have the same problem as e30etakid. Combo Fix with boot installation looks promising, but one question: will that erase my hard drive?

07-11-2009, 01:28 PM	#777
atul484 Junior Member (25+) Join Date: Nov 2009 Posts: 70 Thanks: 0 Thanked 5 Times in 5 Posts Rep Power: 0 OS:	Re: Cannot access Antivirus Sites/Google/Avast etc. Dear e30etakid, Here is the solution to your problem: 1) First change your browser to google chrome @ clicking Google Chrome for Windows - Terms and Conditions Agreement 2) Uninstall FireFox browser 2) Remove already installed antivirus and install Kaspersky 2010 and run the full scan 3) It will also remove all registry errors. It will definitely solve your problem Any further clarification are welcome, Regards, Atul

11-11-2009, 03:32 PM	#780
Strider Founder Join Date: Nov 2005 Location: The Last City Zion! Posts: 3,539 Thanks: 287 Thanked 345 Times in 298 Posts Rep Power: 62 OS:	Re: Cannot access Antivirus Sites/Google/Avast etc. @Moccasin: 1. Disable System Restore in all the drives. 2. Run Combofix and post the log file here. __________________ Want to ask a question? Try This! A guide on how to post a question, reply to a post etc.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

New To Site?	Need Help?
Register to Participate Meet our Staff Refer Forum Rules Contact Us	Frequently Asked Questions Did you forget your password? Mark Forums Read

Cannot access Antivirus Sites/Google/Avast etc.

Computer Security