Blocked access to Anti Virus Sites

michigan98gt · 27-07-2009, 03:33 AM

I cannot download any updates for AVG or Windows Defender. All anti virus sites are blocked and I always get a page connection error when trying to access them. Here is a copy of my latest Hijack This:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:14 PM, on 7/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Laptops, Desktop Computers, Monitors, Printers & PC Accessories
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Laptops, Desktop Computers, Monitors, Printers & PC Accessories
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Laptops, Desktop Computers, Monitors, Printers & PC Accessories
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\2.2.0.2880\NPIEAddOn.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC84ADE-54A9-4016-A6EB-CF02FE6A361C}: NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{812014AC-39C9-4937-9FFF-B79ADDCE1040}: NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 7375 bytes

**Strider** · 27-07-2009, 05:43 PM

You may try to clean the infections using ComboFix.

1. Download the latest ComboFix from here.

2. Use it as per the instructions here and post the log for detailed analysis.

Btw. from the HJT log. Are these your ISPs name server ips? Can you call them up and verify?

Code:

O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC84ADE-54A9-4016-A6EB-CF02FE6A361C}: NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{812014AC-39C9-4937-9FFF-B79ADDCE1040}: NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105

You may Fix these entries from Hijackthis if your ISP has nothing to do with those IP addresses.

michigan98gt · 28-07-2009, 09:58 AM

I didnt contact my isp to ask them about those codes but I can now update my anti virus definitions. I am installing spybot and updating defender and avg as i speak. Here is the Combofix log:

Code:

ComboFix 09-07-27.02 - Justin 07/27/2009 22:04.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.1.1033.18.3062.1611 [GMT -4:00]
Running from: c:\users\Justin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2347180839-3205931739-3509662-500
c:\$recycle.bin\S-1-5-21-2988004848-2033862068-895597366-500
c:\program files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
c:\program files\ShoppingReport
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\ZangoSA
c:\programdata\ZangoSA\ZangoSA.dat
c:\programdata\ZangoSA\ZangoSA_kyf.dat
c:\programdata\ZangoSA\ZangoSAAbout.mht
c:\programdata\ZangoSA\ZangoSAau.dat
c:\programdata\ZangoSA\ZangoSAEULA.mht
c:\users\Justin\AppData\Roaming\WeatherDPA
c:\users\Justin\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
c:\users\Justin\AppData\Roaming\Zango
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
(((((((((((((((((((((((((   Files Created from 2009-06-28 to 2009-07-28  )))))))))))))))))))))))))))))))
.

2009-07-28 02:12 . 2009-07-28 02:12    --------    d-----w-    c:\users\Justin\AppData\Local\temp
2009-07-25 05:17 . 2009-07-25 05:17    --------    d-----w-    c:\program files\Eusing Free Registry Cleaner
2009-07-25 05:00 . 2009-07-25 05:04    --------    d-----w-    c:\program files\a-squared Free
2009-07-25 04:56 . 2008-06-19 21:24    28544    ----a-w-    c:\windows\system32\drivers\pavboot.sys
2009-07-25 04:55 . 2009-07-25 04:55    --------    d-----w-    c:\program files\Panda Security
2009-07-25 02:47 . 2009-07-25 02:47    832144    ----a-w-    c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-07-25 02:47 . 2009-07-25 02:47    --------    d-----w-    c:\programdata\AVG Security Toolbar
2009-07-22 23:12 . 2009-07-22 23:12    --------    d-----w-    c:\program files\Trend Micro
2009-07-09 16:13 . 2009-07-09 16:31    --------    d-----w-    c:\users\Justin\Ringtone
2009-07-08 22:03 . 2009-07-08 22:03    --------    d-----w-    c:\users\Justin\AppData\Local\AVG Security Toolbar

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 03:17 . 2009-05-07 23:16    --------    d-----w-    c:\program files\Graboid
2009-07-25 02:47 . 2009-01-23 21:05    11952    ----a-w-    c:\windows\system32\avgrsstx.dll
2009-07-25 02:47 . 2009-01-23 21:05    327688    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2009-07-25 02:47 . 2009-01-23 21:05    27784    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2009-07-25 02:40 . 2009-06-04 16:59    --------    d-----w-    c:\users\Justin\AppData\Roaming\uTorrent
2009-07-25 02:40 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Photo Gallery
2009-07-25 02:40 . 2009-01-26 17:28    --------    d-----w-    c:\program files\LimeWire
2009-06-25 22:15 . 2009-01-26 17:28    --------    d-----w-    c:\users\Justin\AppData\Roaming\LimeWire
2009-06-17 01:49 . 2009-01-23 21:05    --------    d-----w-    c:\programdata\avg8
2009-06-05 18:55 . 2009-01-26 14:55    --------    d-----w-    c:\users\Justin\AppData\Roaming\DAEMON Tools Lite
2009-06-05 18:54 . 2009-06-05 18:53    --------    d-----w-    c:\program files\DAEMON Tools Lite
2009-06-05 18:53 . 2009-06-05 18:53    --------    d-----w-    c:\program files\DAEMON Tools Toolbar
2009-06-05 18:48 . 2009-01-26 14:55    721904    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-06-05 17:26 . 2009-05-07 23:56    --------    d-----w-    c:\users\Justin\AppData\Roaming\vlc
2009-06-05 05:23 . 2009-06-05 05:23    --------    d-----w-    c:\users\Justin\AppData\Roaming\DivX
2009-06-05 02:21 . 2009-06-05 01:47    --------    d-----w-    c:\program files\DivX
2009-06-05 02:21 . 2009-01-08 06:36    --------    d-----w-    c:\program files\Common Files\PX Storage Engine
2009-06-05 02:20 . 2009-06-05 02:20    --------    d-----w-    c:\program files\Common Files\DivX Shared
2009-06-05 01:59 . 2009-06-05 01:48    --------    d-----w-    c:\program files\Google
2009-06-04 16:59 . 2009-06-04 16:59    --------    d-----w-    c:\program files\uTorrent
2009-05-21 14:20 . 2009-05-21 14:20    738120    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-17 16:30 . 2009-05-17 16:30    416128    ----a-w-    c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-13 21:54 . 2009-05-13 21:54    90112    ----a-w-    c:\windows\system32\dpl100.dll
2009-05-13 21:54 . 2009-05-13 21:54    823296    ----a-w-    c:\windows\system32\divx_xx0c.dll
2009-05-13 21:54 . 2009-05-13 21:54    823296    ----a-w-    c:\windows\system32\divx_xx07.dll
2009-05-13 21:54 . 2009-05-13 21:54    815104    ----a-w-    c:\windows\system32\divx_xx0a.dll
2009-05-13 21:54 . 2009-05-13 21:54    811008    ----a-w-    c:\windows\system32\divx_xx16.dll
2009-05-13 21:54 . 2009-05-13 21:54    802816    ----a-w-    c:\windows\system32\divx_xx11.dll
2009-05-13 21:54 . 2009-05-13 21:54    685056    ----a-w-    c:\windows\system32\DivX.dll
2009-05-08 01:14 . 2009-02-06 03:29    108552    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2009-07-25 09:27 . 2009-01-23 20:44    134648    ----a-w-    c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-13 21:55 . 2009-05-13 21:55    1044480    ----a-w-    c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55    200704    ----a-w-    c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-01-08 07:55 . 2009-01-08 07:54    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07    1004800    ----a-w-    c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-22 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-25 1948440]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"UDP Query User{4948C89D-3DCA-423D-96DD-D822D80707D7}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{BF6D4D58-24A4-45B4-A085-1589265079C7}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B7D8E262-E6A1-4D2B-824A-EC0CE6527B5C}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{0173FE2A-3E69-49F0-B4B8-2280F2F2EE23}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"{23EEF413-497A-4D18-8B62-075F3BFA57C8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{97606983-84EB-4578-8F18-110FAF2E448B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{00649282-46EC-4B05-A8F0-67C91E31239F}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CE55DA5B-3AE3-4589-A692-23DF5C858678}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A2AC108A-4CBE-4AF8-8721-DDEDD46990FC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{3799E28B-4E64-4C74-8489-3BFE871554BA}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{9DEAF71D-C166-4654-9C2C-A740667F39D5}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8D341686-709D-4BE9-A9FE-2E990E3CB842}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{1EA6E440-8835-4B32-9228-B6EC9508FA78}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{52B8A356-AD3D-4D7C-AF9C-CAF51D6DCB4C}"= TCP:c:\program files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"{ECC20D9E-3143-4061-8360-C2DBFD5B284B}"= UDP:c:\program files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"{CE6F80E1-4BA0-4356-A840-7AAAE5FA8691}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{A51938C7-0503-4127-8827-5A0B15BAA518}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{10940D5E-8874-4DDB-AA83-C289705126D9}"= UDP:990:LocalSubnet:LocalSubnet|IF={E83AC495-2954-4480-B013-CB02A8D19C07}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{F258F3EB-5E71-4659-A1C6-C3E82728403F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{673DBD26-23EE-429F-A0C2-EC3F264622E3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{64571B1B-0FD7-47F9-AE47-D0B8F14C157C}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{C6218FAB-A8AF-4095-B30C-BC78A3932645}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [7/25/2009 12:56 AM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [1/23/2009 5:05 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2/5/2009 11:29 PM 108552]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [2/23/2009 4:12 AM 77824]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\program files\AVG\AVG8\avgemc.exe [1/23/2009 5:05 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\program files\AVG\AVG8\avgwdsvc.exe [1/23/2009 5:05 PM 298776]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2/23/2009 4:14 AM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [2/23/2009 4:14 AM 43608]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [3/10/2009 2:56 AM 84832]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PAVBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile    REG_MULTI_SZ       wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ       WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-07-28 c:\windows\Tasks\User_Feed_Synchronization-{18F5BA1F-524F-4D8F-9E67-378EDE8C96A5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\zy3y2jlv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-27 22:12
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


c:\users\Justin\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2009-07-28 22:16
ComboFix-quarantined-files.txt  2009-07-28 02:16

Pre-Run: 103,908,073,472 bytes free
Post-Run: 103,986,982,912 bytes free

195    --- E O F ---    2009-07-25 07:03

**Strider** · 28-07-2009, 10:29 AM

Quote:

I didnt contact my isp to ask them about those codes but I can now update my anti virus definitions.

That's great. I strongly recommend switching to a commercial antivirus like ESET NOD32 or Kaspersky. If you want a free one use Avast Home Edition.

All the 'blocked website' cases reported here have one thing in common, AVG antivirus.

27-07-2009, 05:43 PM	#2
Strider Founder Join Date: Nov 2005 Location: The Last City Zion! Posts: 3,539 Thanks: 287 Thanked 345 Times in 298 Posts Rep Power: 62 OS:	Re: Blocked access to Anti Virus Sites You may try to clean the infections using ComboFix. 1. Download the latest ComboFix from here. 2. Use it as per the instructions here and post the log for detailed analysis. Btw. from the HJT log. Are these your ISPs name server ips? Can you call them up and verify? Code: O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC84ADE-54A9-4016-A6EB-CF02FE6A361C}: NameServer = 85.255.112.71,85.255.112.105 O17 - HKLM\System\CCS\Services\Tcpip\..\{812014AC-39C9-4937-9FFF-B79ADDCE1040}: NameServer = 85.255.112.71,85.255.112.105 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105 You may Fix these entries from Hijackthis if your ISP has nothing to do with those IP addresses. __________________ Want to ask a question? Try This! A guide on how to post a question, reply to a post etc. Last edited by Strider; 27-07-2009 at 05:50 PM..

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

New To Site?	Need Help?
Register to Participate Meet our Staff Refer Forum Rules Contact Us	Frequently Asked Questions Did you forget your password? Mark Forums Read

Blocked access to Anti Virus Sites

Computer Security