Can't access antivirus websites

Computing.Net > Forums > Security and Virus > Can't access antivirus websites

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Can't access antivirus websites

Name: sloppopslop
Date: June 14, 2009 at 14:31:40 Pacific
OS: Windows XP
Subcategory: Viruses

Comment:

I have AVG installed on this computer, but i can't update it or access the microsoft.com website for updates either. You guys fixed a problem like this before but it didn't do the trick for me. I ran spybot search and destroy as well as adaware to start out. I then ran the recommended salvo of Malwarebytes, Hijackthis, and Combofix. They cleaned out a bunch of crap but the problem still persists. Here are the logs from the above scans:
Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 2
6/14/2009 3:09:21 PM
mbam-log-2009-06-14 (15-09-20).txt
Scan type: Quick Scan
Objects scanned: 95696
Time elapsed: 16 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 9
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\anonystat.anonystatbho (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\anonystat.anonystatbho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\errorhelper.errorhelperbho (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f1951551-9185-4f16-a189-22a3c5c094af} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{395a9dbe-6e05-4b08-af2c-a48524e69b12} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{87c2d900-0ee3-4173-aa32-0c7ac204d5c8} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e5512262-79ce-476b-acc8-c8bd594823d1} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5206b7bf-5b84-47a2-b952-77387f4778b8} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{94e90eca-b06b-4f17-be69-014cb5b79efe} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e82e0739-0aae-4e99-9052-b40f7dabfa34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e82e0739-0aae-4e99-9052-b40f7dabfa34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e82e0739-0aae-4e99-9052-b40f7dabfa34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\errorhelper.errorhelperbho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0a2a22e9-c506-4079-94a9-3653b7927d69} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0a2a22e9-c506-4079-94a9-3653b7927d69} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a2a22e9-c506-4079-94a9-3653b7927d69} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\anonystat (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\errorstool (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
e:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 (Trojan.Conficker.H) -> Quarantined and deleted successfully.
C:\Program Files\anonystat (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\errorstool (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\DrAntispy (Rogue.Dr.Antispy) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
Files Infected:
E:\autorun.inf (Trojan.Conficker.H) -> Quarantined and deleted successfully.
e:\RECYCLER\s-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Trojan.Conficker.H) -> Quarantined and deleted successfully.
C:\Program Files\ErrorsTool\ErrorsTool-2.dll (Adware.PlayaZ) -> Quarantined and deleted successfully.
c:\program files\anonystat\Anonystat.dat (Adware.PlayaZ) -> Quarantined and deleted successfully.
c:\program files\anonystat\pcre3.dll (Adware.PlayaZ) -> Quarantined and deleted successfully.
c:\program files\anonystat\uninstall.exe (Adware.PlayaZ) -> Quarantined and deleted successfully.
c:\program files\contexttool\ContextHelper.dat (Adware.PlayaZ) -> Quarantined and deleted successfully.
c:\program files\contexttool\pcre3.dll (Adware.PlayaZ) -> Quarantined and deleted successfully.
c:\program files\contexttool\uninstall.exe (Adware.PlayaZ) -> Quarantined and deleted successfully.
c:\program files\errorstool\ErrorHelper.dat (Adware.PlayaZ) -> Quarantined and deleted successfully.
c:\program files\errorstool\uninstall.exe (Adware.PlayaZ) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:24 PM, on 6/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\webserver\bin\win32\matlabserver.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\SafeConnect\scManager.sys
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: SafeConnect.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://www.cramster.com/DRM/Client/...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaseya Agent (KaseyaAgent) - Kaseya - C:\Program Files\Kaseya\Agent\AgentMon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\webserver\bin\win32\matlabserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11218 bytes

ComboFix 09-06-13.09 - user 06/14/2009 15:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.615 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\patch.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\kdfinj.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.
2009-06-14 19:23 . 2009-06-14 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-06-14 18:51 . 2009-06-14 18:51 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-06-14 18:51 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 18:51 . 2009-06-14 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-14 18:51 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 18:51 . 2009-06-14 18:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 17:29 . 2007-08-05 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-14 17:28 . 2007-08-05 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-21 14:18 . 2004-08-04 12:00 165204 --sha-r- c:\windows\system32\xnulfmw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-01-31 155648]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2007-12-26 270336]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2005-9-9 315392]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2007-11-13 271640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=3 (0x3)
"TmPfw"=3 (0x3)
"TMBMServer"=2 (0x2)
"SfCtlCom"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\math.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"4881:TCP"= 4881:TCP:ijbtsu
R2 KaseyaAgent;Kaseya Agent;c:\program files\Kaseya\Agent\AgentMon.exe [4/1/2007 1:11 AM 610304]
R2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [10/13/2007 2:34 PM 52240]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/18/2007 2:31 AM 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/4/2007 5:59 AM 24652]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [4/1/2007 1:11 AM 20792]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [9/18/2007 2:31 AM 333328]
S2 mdxammxs;Manager Microsoft;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 8:00 AM 14336]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [10/13/2007 2:34 PM 488768]
S4 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [10/13/2007 2:34 PM 648456]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - KAPFA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
mdxammxs
.
Contents of the 'Scheduled Tasks' folder
2009-02-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 01:51]
2009-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-RegistryMechanic - (no file)

.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 15:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdxammxs]
"ServiceDll"="c:\windows\system32\xnulfmw.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-06-14 15:55
ComboFix-quarantined-files.txt 2009-06-14 19:55
Pre-Run: 48,934,838,272 bytes free
Post-Run: 49,036,410,880 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=STWS0H /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=STWS0H-BAK
166 --- E O F --- 2009-06-01 02:18

Any help you guys could offer would be much appreciated. Thanks.

Sponsored Link

Ads by Google

Response Number 1

Name: jko_d
Date: June 14, 2009 at 20:00:52 Pacific

Reply:

If you cant go to microsoft.com . well there is a virus ,trojan
etc.
that is blocking microsoft.com . possible virus that blocks
microsoft.com is win.32 a.k.a downdup and conflicker
or bloodhound exploit . I have Malwarebytes , Kaspersky
and AVG . but i cannot update kaspersky because it blocks
the site the virus block kaspersky.com XD. kaspersky anti
virus detected 4 virus . avg detected 6 heriuastic 400+ virus
(LOL)
7 cookie tracker and 4 others. malwarebytes detedted 61.
btw i cant access microsoft.com because im afraid to delete
the virus cause it affects the memory .
thats all bye.
i am planning to download mcafee site advisor . IF YOU
WANT TO DOWNLOAD A ANTIVIRUS BUT YOU CANT GO
ON THEIR SITE DOWNLOAD THEM AT DOWNLOAD.COM

Response Number 2

Name: sloppopslop
Date: June 14, 2009 at 20:17:26 Pacific

Reply:

That didn't tell me anything I didn't already know... Anybody else?

Response Number 3

Name: MUHAMMADKHURRAMKHAN
Date: June 14, 2009 at 23:00:07 Pacific

Reply:

Buy and install norton internet security 2009.Cofigure it to aggressive maximum settings.Put pasword on its settings.Update it.Run complete scan and be cool.

Sponsored Link

Ads by Google

microsoft digital media keyboard 1.0a ipod can't select language mac startup picture Can't stat windows 2008 kernel-general event 6 disk 51 internal website trend micro uninstall password cannot browse antivirus website startup picture activex component can't create object	activex component can't create object lexpps.exe oeminfo.ini cannot access microsoft website oeminfo.ini can't update ie access all websites check website traffic free website for google adsense global menu website
See More

Virus, spyware? please he...

Trojan tdss

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Can't access antivirus websites

I can't access or update anything antivirus

Summary

www.computing.net/answers/security/i-cant-access-or-update-anything-antivirus/27281.html

cannot access antivirus programs

Summary

www.computing.net/answers/security/cannot-access-antivirus-programs/17061.html

Unable To Access Antivirus Websites

Summary

www.computing.net/answers/security/unable-to-access-antivirus-websites/24971.html

From the Geek Dictionary
DVDRW - DVDRW stands for Digital Versatile Disk - Read Writable and can be written ...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
wireless cards

Internet Connection

My Computer won't let me into the properties

Please can someone read my Hijackthis log?

End Program - n

All Awaiting Reply

Tom's News
New Super Mario Bros. Wii Looks Great in 1080p

Xbox Live Marketplace Getting Pets

Snoop Dogg Lends His Voice to GPS Navigation

Roomba Saves Family From Poisonous Snake

AT&T's Case Against Verizon Dismissed

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE