Can't get on any anti-virus websites...

abigrace · 21-05-2011, 08:12 AM

I'm really sorry to be repetitive, I know lots of people have posted about this before but I've tried reading those threads and I'm not very savvy so most of the advice goes way over my head!

I know I have a virus that's blocking my access to any anti-virus websites, how can I get rid of it / get some anti-virus software? Sorry if this is the wrong forum for someone as technically dense as me, but I'd be really grateful for any advice!

maxmanrules · 21-05-2011, 08:27 AM

You want to get onto a friends PC, and get a flash drive that has NOT been in your infected computer. Download MalwareBytes Antimalware from this link
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
It's free. You'll need to find where the folder was downloaded, depending on what browser you use, and then put the executable file, the file will be called mbam-setup.
Put the flash drive into your computer and run the installer. You will then need to turn the computer off and boot it up in safe mode. You will need to pay attention when turning your computer back on. You generally have to press F8 to boot into safe mode. When you have you can scan your computer with malwarebytes. Perform a full scan.
After you have done this, come back to techtalkz, cause the computer may require further attention.

wcogent · 21-05-2011, 09:37 AM

but if the virus is smart enough. it will block all that.
-
the easiest way is to use a 2nd pc to kill the viruses off your hard drive.

shawnpb · 21-05-2011, 07:07 PM

yeah you have malware or a worm of some type blocking antivirus websites and installations of one. Your Host File has been edited by a virus. go to Custom Host File

Follow the instruction how to install it depending on the version of Windows you have.

If you have Windows Xp download ComboFix follow the instructions. It also uses Windows Xp's Recovery Console to repair Windows.

The Host file is a temporary fix so you can get on these sites.

Also Download Malwarebytes as mentioned after these steps are done. Update and run a full scan in safe mode (Safe Mode With Networking).

Then go to HiJackThis Perform a "System Scan and Save Log File" do not remove items found save the log file and copy and paste the entries here. Close HijackThis post the log here so someone can analyze it then tell you what to remove.

Good Luck

abigrace · 21-05-2011, 08:45 PM

Thank you for all your help and advice. I'll take it to a friend and follow your advice then post back, thanks again!

shawnpb · 22-05-2011, 01:48 AM

Quote:

Originally Posted by abigrace

Thank you for all your help and advice. I'll take it to a friend and follow your advice then post back, thanks again!

You're welcome. We aim to please. Hope everything turns out ok.

azzo · 23-05-2011, 10:25 PM

Hey Guys,

Just reading this thread here I have exactly the same problem, I ran combofix after doing some reading on other forums. Not sure if that was the right thing to do.... But here is the log, I dont know if this helps.

ComboFix 11-05-23.02 - Aarron Hamilton 23/05/2011 22:40:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.5996.4252 [GMT 1:00]
Running from: c:\users\Aarron Hamilton\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Aarron Hamilton\AppData\Local\Temp\swtlib-32\swt-gdip-win32-3650.dll
c:\users\Aarron Hamilton\AppData\Local\Temp\swtlib-32\swt-win32-3650.dll
c:\users\AARRON~1\AppData\Local\Temp\swtlib-32\swt-gdip-win32-3650.dll
c:\users\AARRON~1\AppData\Local\Temp\swtlib-32\swt-win32-3650.dll
c:\windows\system32\settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 21:45 . 2011-05-23 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-23 19:55 . 2011-05-23 19:55 -------- dc-h--w- c:\programdata\{4A818508-3355-4FBC-B302-D53B599DD9D5}
2011-05-23 19:55 . 2011-05-23 19:55 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
2011-05-23 19:54 . 2011-05-23 19:54 -------- dc-h--w- c:\programdata\{2C41B757-F5D0-44F9-A206-EEB9CD973927}
2011-05-23 19:54 . 2011-05-23 19:55 -------- d-----w- c:\programdata\Native Instruments
2011-05-23 19:54 . 2011-05-23 19:55 -------- d-----w- c:\program files\Common Files\Native Instruments
2011-05-23 19:54 . 2011-05-23 19:54 -------- dc-h--w- c:\programdata\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
2011-05-23 19:54 . 2011-05-23 19:55 -------- d-----w- c:\program files\Native Instruments
2011-05-22 19:06 . 2011-05-22 19:06 -------- d-----w- c:\programdata\Creative
2011-05-22 19:03 . 2009-12-08 14:52 230912 ----a-w- c:\windows\system32\APOMgr64.DLL
2011-05-22 19:03 . 2009-12-08 14:50 177664 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2011-05-22 19:03 . 2009-11-30 17:54 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
2011-05-22 19:03 . 2009-11-30 17:53 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL
2011-05-22 19:03 . 2007-12-11 17:47 23292 ----a-w- c:\windows\ksaudENG.reg
2011-05-22 19:03 . 2007-07-05 09:27 2630 ----a-w- c:\windows\MixerName.reg
2011-05-22 19:03 . 2011-05-22 19:03 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-22 19:03 . 2011-05-22 19:03 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-05-22 19:03 . 2011-05-22 19:03 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-22 19:03 . 2011-05-22 19:03 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-05-22 18:40 . 2009-10-28 10:08 1939968 ------w- c:\windows\system32\Sens_oal.dll
2011-05-22 18:40 . 2009-10-28 10:06 2902492 ------w- c:\windows\SysWow64\Sens_oal.dll
2011-05-22 18:39 . 2011-05-22 18:39 -------- d-----w- c:\program files (x86)\Common Files\Creative
2011-05-22 18:39 . 2011-05-22 19:02 -------- d--h--w- c:\program files (x86)\Creative Installation Information
2011-05-22 18:39 . 2011-05-22 18:39 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2011-05-22 18:39 . 2011-05-22 19:02 -------- d-----w- c:\program files\Creative
2011-05-22 18:38 . 2011-05-22 19:01 -------- d-----w- c:\program files (x86)\Creative
2011-05-22 18:37 . 2003-11-10 17:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Int el32\iKernel.dll
2011-05-22 18:37 . 2003-11-10 17:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Int el32\ctor.dll
2011-05-22 18:37 . 2003-11-10 17:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Int el32\iscript.dll
2011-05-22 18:37 . 2003-11-10 17:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Int el32\iuser.dll
2011-05-22 18:37 . 2003-11-10 17:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Int el32\DotNetInstaller.exe
2011-05-22 18:37 . 2011-05-22 18:37 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Int el32\iGdi.dll
2011-05-22 18:37 . 2011-05-22 18:37 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Int el32\setup.dll
2011-05-22 16:36 . 2011-05-23 21:46 -------- d-----w- c:\program files\PeerBlock
2011-05-22 05:10 . 2011-05-21 13:48 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-21 13:53 . 2011-05-18 11:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EE27717-9D58-4FEB-91DF-97C4128DE64E}\mpengine.dll
2011-05-21 13:53 . 2011-02-02 17:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-21 13:48 . 2011-05-21 13:48 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-21 13:42 . 2011-04-29 11:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-21 13:42 . 2011-05-21 13:42 -------- d-----w- c:\programdata\Lavasoft
2011-05-21 13:42 . 2011-05-21 13:42 -------- d-----w- c:\program files (x86)\Lavasoft
2011-05-21 13:40 . 2011-05-10 11:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-21 13:40 . 2011-05-10 12:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-21 13:40 . 2011-05-10 12:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-21 13:40 . 2011-05-10 12:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-21 13:40 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-21 13:40 . 2011-05-10 12:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-21 13:40 . 2011-05-10 11:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-21 13:39 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-21 13:39 . 2011-05-10 12:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-05-21 13:39 . 2011-05-21 13:39 -------- d-----w- c:\programdata\AVAST Software
2011-05-21 13:39 . 2011-05-21 13:39 -------- d-----w- c:\program files\AVAST Software
2011-05-21 10:00 . 2011-05-21 10:00 3876194 ----a-w- c:\programdata\SPL445F.tmp
2011-05-21 09:59 . 2011-05-21 09:59 3876194 ----a-w- c:\programdata\SPL6640.tmp
2011-05-19 21:40 . 2011-05-19 21:40 3876194 ----a-w- c:\programdata\SPL2FC6.tmp
2011-05-19 21:39 . 2011-05-19 21:39 3876194 ----a-w- c:\programdata\SPL59B3.tmp
2011-05-19 14:33 . 2011-05-19 14:33 3876194 ----a-w- c:\programdata\SPL47D8.tmp
2011-05-19 14:32 . 2011-05-19 14:32 3876194 ----a-w- c:\programdata\SPL8249.tmp
2011-05-18 14:48 . 2011-05-18 14:48 3876194 ----a-w- c:\programdata\SPL473C.tmp
2011-05-18 14:48 . 2011-05-18 14:48 3876194 ----a-w- c:\programdata\SPLC531.tmp
2011-05-18 13:26 . 2011-05-18 13:26 3876194 ----a-w- c:\programdata\SPL5C23.tmp
2011-05-18 13:26 . 2011-05-18 13:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-18 13:25 . 2011-05-18 13:25 3876194 ----a-w- c:\programdata\SPL58B9.tmp
2011-05-18 12:53 . 2011-05-18 12:53 3876194 ----a-w- c:\programdata\SPL426C.tmp
2011-05-18 12:53 . 2011-05-18 12:53 3876194 ----a-w- c:\programdata\SPL86DB.tmp
2011-05-16 16:03 . 2011-05-16 16:03 -------- d-----w- c:\program files (x86)\Remote Mouse
2011-05-15 10:10 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-05-15 10:10 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-05-15 10:10 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-05-15 10:10 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-05-15 10:10 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-05-15 10:10 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-15 10:10 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-13 02:10 . 2011-05-13 02:10 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-05-13 02:09 . 2011-05-13 02:09 -------- d-----w- c:\windows\SysWow64\Wat
2011-05-13 02:09 . 2011-05-13 02:09 -------- d-----w- c:\windows\system32\Wat
2011-05-12 19:51 . 2011-05-12 19:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-05-12 19:50 . 2011-05-12 19:50 -------- d-----w- c:\windows\PCHEALTH
2011-05-12 00:14 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-05-12 00:14 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-05-12 00:08 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-05-12 00:08 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-05-12 00:08 . 2009-11-25 11:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-12 00:08 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-05-12 00:08 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-05-12 00:08 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-05-12 00:08 . 2009-11-25 11:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-12 00:08 . 2009-11-25 11:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-05-12 00:08 . 2009-11-25 11:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-12 00:08 . 2009-11-25 11:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-05-12 00:08 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-05-11 13:43 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-05-11 13:43 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-05-11 13:43 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-11 13:43 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-05-11 13:41 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-11 13:39 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-05-11 13:38 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-05-11 01:01 . 2011-05-22 19:05 -------- d-----w- c:\programdata\clear.fi
2011-05-11 01:01 . 2011-05-11 01:01 -------- d-----r- c:\program files (x86)\Skype
2011-05-11 01:01 . 2011-05-11 01:01 -------- d-----w- c:\programdata\Skype
2011-05-11 00:23 . 2011-05-11 00:23 -------- d-----w- c:\program files (x86)\OEM
2011-05-11 00:23 . 2011-05-11 00:23 -------- d-----w- c:\program files\Acer Accessory Store
2011-05-11 00:22 . 2011-05-11 00:24 -------- d-----w- c:\users\Aarron Hamilton
2011-05-11 00:22 . 2011-05-11 00:22 -------- d-----w- C:\Recovery
2011-05-10 23:33 . 2011-05-13 19:14 -------- d-----w- c:\windows\AutoKMS
2011-05-10 22:10 . 2011-05-23 16:53 -------- d-----w- c:\program files (x86)\TuneUpMedia
2011-05-10 22:05 . 2011-05-11 07:54 -------- d-----w- c:\programdata\TuneUpMedia
2011-05-10 20:51 . 2011-05-10 20:51 -------- d-----w- c:\users\Mcx1-AarronHamilton
2011-05-10 20:50 . 2011-05-10 20:50 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup\markup.dll
2011-05-10 20:50 . 2011-05-10 20:50 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\dSM\StartResources.dll
2011-05-10 20:50 . 2011-05-10 20:50 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2011-05-10 20:47 . 2011-05-10 20:47 -------- d-----w- c:\programdata\VirtualizedApplications
2011-05-10 17:40 . 2011-05-21 13:44 -------- d-----w- c:\programdata\Lx_cats
2011-05-10 17:40 . 2011-05-10 17:40 -------- d-----w- c:\program files (x86)\Spotify
2011-05-10 17:38 . 2009-10-16 12:10 545792 ----a-w- c:\windows\system32\lxdxinpa.dll
2011-05-10 17:23 . 2011-05-21 13:42 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-10 17:23 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-10 17:23 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-05-10 17:22 . 2011-05-10 17:22 -------- d-----w- c:\program files (x86)\QuickTime
2011-05-10 17:22 . 2011-05-10 17:22 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-05-10 17:22 . 2011-05-10 17:22 -------- d-----w- c:\program files\Common Files\Apple
2011-05-10 17:22 . 2011-05-10 17:22 -------- d-----w- c:\program files\Bonjour
2011-05-10 17:22 . 2011-05-10 17:22 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-10 17:22 . 2011-05-10 22:00 -------- d-----w- c:\programdata\Apple
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-05-10 20:52 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2011-04-06 15:26 . 2011-04-06 15:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:26 . 2011-04-06 15:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:26 . 2011-04-06 15:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:26 . 2011-04-06 15:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-07 19:10 . 2011-03-07 19:10 3 ----a-w- c:\windows\system32\PLD_Framework.cmd
2011-03-04 06:17 . 2011-05-11 13:41 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-05-11 13:41 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 15:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 15:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RemotelessHelper"="c:\program files (x86)\SpotifyRemotelessHelper\SpotifyRemotelessHel per.exe" [2011-05-06 2265600]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-05-10 872448]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-09 1025616]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIS tartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe " [2010-12-09 177448]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2009-07-14 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectServ ice;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxs erv.exe [2009-10-16 29184]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-22 79360]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-09 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIV ERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVER S\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVER S\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-12-09 311376]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 868224]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxco ms.exe [2009-10-16 1039872]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-03-09 5352960]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScs iMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScs iSDa.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-21 17152]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 09:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-30 391704]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-12-30 418328]
"lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424]
"EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2010-02-04 107176]
"Creative SB Monitoring Utility"="sbavmon.dll" [2009-06-22 109056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Aarron Hamilton\AppData\Roaming\Mozilla\Firefox\Profiles\ xteedrp6.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Remote Mouse\server\server.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
************************************************** ************************
.
Completion time: 2011-05-23 22:53:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-23 21:53
.
Pre-Run: 403,171,135,488 bytes free
Post-Run: 404,249,706,496 bytes free
.
- - End Of File - - 6E3320A619962BC55532E6849E3EDAB2

wcogent · 24-05-2011, 03:57 AM

Quote:

Originally Posted by shawnpb

You're welcome. We aim to please. Hope everything turns out ok.

good grammar! YOU'RE and not your

zhyper2 · 05-06-2011, 02:51 PM

Hi guys. I am having the same problem as creator of this post. I tried scanning my system with Spybot - Search & Destroy/Avira, but no results.

My HijackThis log:

Quote:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:45:20, on 2011.06.05.
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\TILDES~1\MDICTION.EXE
C:\PROGRA~1\TILDES~1\Pianists.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [mdiction] C:\PROGRA~1\TILDES~1\MDICTION.EXE
O4 - HKLM\..\Run: [Pianists] C:\PROGRA~1\TILDES~1\Pianists.exe
O4 - HKLM\..\Run: [CheckCU] "C:\PROGRA~1\TILDES~1\CheckCU.exe" {36E408F0-DF8A-4F9B-BF26-AED92C789F5D} Tildes Birojs 2005
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-789336058-1177238915-682003330-1003\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: &Tulkot ar Tildes Datorvвrdnоcu - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

--
End of file - 9455 bytes

habibjp · 05-06-2011, 02:58 PM

Try Malwarebytes, it might find something your other software couldn't.

21-05-2011, 08:12 AM	#1
abigrace Newbie Thread Starter Join Date: May 2011 Age: 25 Posts: 2 Thanks: 3 Thanked 0 Times in 0 Posts Rep Power: 0	Can't get on any anti-virus websites... I'm really sorry to be repetitive, I know lots of people have posted about this before but I've tried reading those threads and I'm not very savvy so most of the advice goes way over my head! I know I have a virus that's blocking my access to any anti-virus websites, how can I get rid of it / get some anti-virus software? Sorry if this is the wrong forum for someone as technically dense as me, but I'd be really grateful for any advice!

21-05-2011, 08:27 AM	#2
maxmanrules Elite Member (1000+) Join Date: Nov 2009 Location: New Zealand Posts: 1,115 Thanks: 237 Thanked 143 Times in 126 Posts Mood: Blog Entries: 3 Rep Power: 3071	Re: Can't get on any anti-virus websites... You want to get onto a friends PC, and get a flash drive that has NOT been in your infected computer. Download MalwareBytes Antimalware from this link Malwarebytes : Free anti-malware, anti-virus and spyware removal download It's free. You'll need to find where the folder was downloaded, depending on what browser you use, and then put the executable file, the file will be called mbam-setup. Put the flash drive into your computer and run the installer. You will then need to turn the computer off and boot it up in safe mode. You will need to pay attention when turning your computer back on. You generally have to press F8 to boot into safe mode. When you have you can scan your computer with malwarebytes. Perform a full scan. After you have done this, come back to techtalkz, cause the computer may require further attention. __________________ doctor octagonapus O o /¯¯/__o___O___o___O___o___O__ BBWWWWWAAAAAAAAAAAAAAAHH!!! \__\¯¯O¯¯¯o¯¯¯O¯¯¯o¯¯¯O¯¯¯o¯¯ O o http://www.youtube.com/watch?v=YC5dLKPAs5g "Everything's better with pirates"

21-05-2011, 09:37 AM	#3
wcogent Overclocked Poster (2500+) Join Date: Apr 2010 Age: 38 Posts: 2,568 Thanks: 20 Thanked 322 Times in 293 Posts Mood: Blog Entries: 15 Rep Power: 0	Re: Can't get on any anti-virus websites... but if the virus is smart enough. it will block all that. - the easiest way is to use a 2nd pc to kill the viruses off your hard drive.

21-05-2011, 07:07 PM	#4
shawnpb Elite Member (1000+) Join Date: Aug 2010 Location: NW PA Age: 39 Posts: 1,125 Thanks: 16 Thanked 150 Times in 127 Posts Mood: Blog Entries: 7 Rep Power: 206	Re: Can't get on any anti-virus websites... yeah you have malware or a worm of some type blocking antivirus websites and installations of one. Your Host File has been edited by a virus. go to Custom Host File Follow the instruction how to install it depending on the version of Windows you have. If you have Windows Xp download ComboFix follow the instructions. It also uses Windows Xp's Recovery Console to repair Windows. The Host file is a temporary fix so you can get on these sites. Also Download Malwarebytes as mentioned after these steps are done. Update and run a full scan in safe mode (Safe Mode With Networking). Then go to HiJackThis Perform a "System Scan and Save Log File" do not remove items found save the log file and copy and paste the entries here. Close HijackThis post the log here so someone can analyze it then tell you what to remove. Good Luck __________________ Sometimes it is not the OS's fault it is the user behind the keyboard Ultimate Boot CD Ubuntu

21-05-2011, 08:45 PM	#5
abigrace Newbie Thread Starter Join Date: May 2011 Age: 25 Posts: 2 Thanks: 3 Thanked 0 Times in 0 Posts Rep Power: 0	Re: Can't get on any anti-virus websites... Thank you for all your help and advice. I'll take it to a friend and follow your advice then post back, thanks again!

05-06-2011, 02:58 PM	#10
habibjp Elite Member (1000+) Join Date: Dec 2009 Location: Uxbridge Age: 19 Posts: 2,494 Thanks: 85 Thanked 388 Times in 337 Posts Mood: Blog Entries: 8 Rep Power: 2388	Re: Can't get on any anti-virus websites... Try Malwarebytes, it might find something your other software couldn't. __________________ Habib Custom FX 4170 @4.55 Corsair XMS3 8GB Sabertooth 990FX XFX 7870 OCZ 120GB SSD Corsair GS500 http://valid.canardpc.com/2605281 Please press "Thanks" if i have helped ----------------->

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
cant access some anti virus websites, and i keep getting redirected	xwhitefox	Computer Security	11	25-09-2010 03:53 AM
Google redirects and can't access anti-virus websites	ravencelt	Computer Security	4	16-12-2008 06:12 AM
System Health report - SP1 - Anti Spyware and Anti Virus not recognised as installed	Gyula Mester	Windows Vista All	3	23-04-2008 09:16 PM
Context menu program to associate to various anti-virus, anti-malwareapps?	MitchellWMA	Virus	1	10-01-2008 03:17 PM
Suggestions about free anti-virus & anti-malware software.	monty1945@lycos.com	Windows XP	20	16-08-2007 06:52 AM

New To Site?	Need Help?
Register to Participate Meet our Staff Refer Forum Rules Contact Us	Frequently Asked Questions Did you forget your password?

Can't get on any anti-virus websites...

Computer Security