Over 1 million tech questions and answers.

Virus prevents access to Anti-Virus sites/anti-virus programs (combofix, etc.)

Q: Virus prevents access to Anti-Virus sites/anti-virus programs (combofix, etc.)

Hello everyone.

I have tried my best to remove this virus on my laptop, but no success yet.

Here are all of the things the virus does:

-Prevents access to websites like spybot, instead of letting me see the site, it simply says "Internet Explorer cannot display the webpage", and there is a button to click that says "Diagnose Connection Problem" (no connection problem of course)

-When I click links from a google search, they most of the time take me to the wrong webpage and I am forced to copy/paste the original link into the web bar.

-Programs like Combofix, Spybot, and HJT do not work and a box comes up after starting them saying "Combofix has stopped working".

-I tried running the programs in Safe Mode, but no luck there.

If anyone knows a fix please reply.

Thanks,

Sean

RELEVANCY SCORE 200
Preferred Solution: Virus prevents access to Anti-Virus sites/anti-virus programs (combofix, etc.)

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Virus prevents access to Anti-Virus sites/anti-virus programs (combofix, etc.)

I renamed my Combofix to something else and I followed the instructions from a different post and here is the log I ended up with:

ComboFix 09-07-29.04 - Sean 07/31/2009 0:30.1.2 - NTFSx86
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.2059 [GMT -7:00]
Running from: c:\users\Sean\Desktop\Music.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\videosoft
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\videosoft\Uninstall.lnk
c:\program files\videosoft
c:\program files\videosoft\Uninstall.exe
C:\resycled
c:\resycled\boot.com
c:\windows\10057vir9sza2.cpl
c:\windows\1059zpamb5t5bd.exe
c:\windows\1069thi5fz912.bin
c:\windows\1075859zj467.exe
c:\windows\11297vzr5s51c.cpl
c:\windows\1132z5ru977d.cpl
c:\windows\11388troz4559.cpl
c:\windows\1179zs5y695.dll
c:\windows\11991szambo95d9.cpl
c:\windows\120355zoj6819.bin
c:\windows\12324tr9j7b5z.bin
c:\windows\1279zroj295.ocx
c:\windows\12a7d5wnloader999z.bin
c:\windows\132985pz2a0.cpl
c:\windows\133505i9us7z8.exe
c:\windows\13552hackt9ol37z.ocx
c:\windows\1355zw59m5d8.exe
c:\windows\13562vizus1059.cpl
c:\windows\135759orm5c5z.ocx
c:\windows\13599virus6cz5.dll
c:\windows\13614spamzo5990.cpl
c:\windows\13956trojz59.cpl
c:\windows\1502zspy169.ocx
c:\windows\15107zpa9bot54.cpl
c:\windows\153255acz9ool441.ocx
c:\windows\154atz9ef1143.dll
c:\windows\15529viruszb2.exe
c:\windows\156thzef5495.dll
c:\windows\15ze9ir1395.dll
c:\windows\1639thizf1511.bin
c:\windows\165395pambot6z9.ocx
c:\windows\16640zack59ol120.cpl
c:\windows\1683h9zktool65.dll
c:\windows\16f4threz99552.ocx
c:\windows\173zspa5b9t258.exe
c:\windows\17511wor53e9z.exe
c:\windows\17552notza-viru9239.bin
c:\windows\179z5spy6e7.cpl
c:\windows\17z91s5y9a.dll
c:\windows\18084z9rus1325.cpl
c:\windows\184479iruze5.dll
c:\windows\190065py7z4.dll
c:\windows\19276spz5bot319.exe
c:\windows\19549z5cktool21b.bin
c:\windows\1955zworm6d2.exe
c:\windows\19699vir5s86z.cpl
c:\windows\19759vizus354.bin
c:\windows\197919pzm5ot65b.bin
c:\windows\19955azk9ool6f.cpl
c:\windows\19z45pyware19049.exe
c:\windows\19z45v5rusad.bin
c:\windows\19z719ot-a-virus2f5.dll
c:\windows\1a45thi9fz682.dll
c:\windows\1a5bbackdozr9355.dll
c:\windows\1a89zir31995.exe
c:\windows\1af1b5ckdzor795.bin
c:\windows\1c879ackdzor12675.dll
c:\windows\1ca7s5zrse2199.ocx
c:\windows\1d37ad9wzre952.cpl
c:\windows\1f87backzoor98025.ocx
c:\windows\1z259spy19f9.dll
c:\windows\1z665viru5692.dll
c:\windows\1z939not-a9virus4545.ocx
c:\windows\20390szy557.ocx
c:\windows\20926notza-vir5s69f.cpl
c:\windows\20e2zhreat31459.bin
c:\windows\20e3sz9ware26365.ocx
c:\windows\2101859zm4f1.exe
c:\windows\2159spz492.exe
c:\windows\215fthie9276z.ocx
c:\windows\21ac9pa5se141z.ocx
c:\windows\2203zspy69d5.dll
c:\windows\2210ztr595a2.bin
c:\windows\227asp5war9283z.cpl
c:\windows\2282zha9ktool155.ocx
c:\windows\24259spambot40z.dll
c:\windows\242z5p9rse852.cpl
c:\windows\24524zo9m512.cpl
c:\windows\24555spambotz949.cpl
c:\windows\24654vi9u5z45.exe
c:\windows\2490zsp575f9.cpl
c:\windows\24991n5tza-virus6b3.dll
c:\windows\249bvzr2565.cpl
c:\windows\24bbdownloa9e5z959.bin
c:\windows\25087worm19z5.bin
c:\windows\25295tro5zcd.ocx
c:\windows\253worm3z9.bin
c:\windows\2549not-a-9irus5zc.cpl
c:\windows\25544not-a-vir9s4z.bin
c:\windows\25824v5ru9zef.ocx
c:\windows\25e3downloaderz918.exe
c:\windows\25z44s9y14d.ocx
c:\windows\25z9spywa5e957.dll
c:\windows\26553nzt-a-vir9s455.cpl
c:\windows\26579troz549.dll
c:\windows\265z7sp92c7.dll
c:\windows\26779notz5-virus558.bin
c:\windows\268z09irus659.exe
c:\windows\26a3t5re9tz6630.dll
c:\windows\26zethrea922235.dll
c:\windows\27272hac9toolz5c5.ocx
c:\windows\272z4spy95d.bin
c:\windows\27432ha95toolz5b.dll
c:\windows\27z615a9ktool781.dll
c:\windows\28215tzoj9d5.ocx
c:\windows\28260hzckt5ol971.ocx
c:\windows\28499viru55d4z.ocx
c:\windows\285dszarse2693.ocx
c:\windows\28z99tro9523.cpl
c:\windows\29051hack9ozl730.cpl
c:\windows\29276virus35z.dll
c:\windows\29293zorm375.exe
c:\windows\292hackzool1775.cpl
c:\windows\29320spa5bot4d8z.exe
c:\windows\29526vzru9778.bin
c:\windows\2985395ambot5z3.exe
c:\windows\29938wozm5cc.dll
c:\windows\299zno9-a-virus35a.bin
c:\windows\29z50worm584.exe
c:\windows\29z95spy12b.bin
c:\windows\2a79bac95oorz821.dll
c:\windows\2b55bac9doo5z244.dll
c:\windows\2bb3s5ywarz958.ocx
c:\windows\2c19spar5z934.dll
c:\windows\2c62st59lz42.dll
c:\windows\2d995dzware2079.bin
c:\windows\2db0zhr9at310145.cpl
c:\windows\2dc4s9yw5rez668.dll
c:\windows\2z565w9rm16.exe
c:\windows\2ze9th5ef2541.bin
c:\windows\2zebv951689.cpl
c:\windows\30185vi9u5z74.exe
c:\windows\30355v9rus6z.exe
c:\windows\30472ziru596.ocx
c:\windows\30689w5zm124.cpl
c:\windows\31009t95j53z.dll
c:\windows\3148z9roj550.exe
c:\windows\3171zhack9ool1d05.bin
c:\windows\31879s597z.ocx
c:\windows\329dthz952569.dll
c:\windows\3490nzt59-virus6ab.dll
c:\windows\35161not-z-vi9us211.exe
c:\windows\35468spambztb9.exe
c:\windows\357not-a5viz9s643.dll
c:\windows\3581zhi9f214.cpl
c:\windows\35881virusz69.cpl
c:\windows\3590worm554z.ocx
c:\windows\35999vzrus3e4.bin
c:\windows\359csza9se2532.ocx
c:\windows\35z2bac9door1295.bin
c:\windows\38779d5ware3015z.dll
c:\windows\394sp5zare3135.bin
c:\windows\39565trz553d.dll
c:\windows\39934spy2z5.dll
c:\windows\39dethiez32055.ocx
c:\windows\3abczh5eat12539.dll
c:\windows\3b9v9z3569.cpl
c:\windows\3bb95teal27z3.cpl
c:\windows\3z77downloa5er923.bin
c:\windows\3zc3s5eal1749.cpl
c:\windows\41e9addwaze1345.dll
c:\windows\41z19py325.cpl
c:\windows\4333z59ma1.bin
c:\windows\4406s5azbot39c.dll
c:\windows\44d3zhre9t54481.ocx
c:\windows\4521not-a-viru97b7z.cpl
c:\windows\455zaddware1997.dll
c:\windows\4591stzal1502.exe
c:\windows\45e9vir278z.ocx
c:\windows\4736thze5t9479.dll
c:\windows\475cthzef26609.dll
c:\windows\4770zp5mbot9f0.cpl
c:\windows\4859s5ywarz645.ocx
c:\windows\48e9vi53031z.dll
c:\windows\49dzt9i5f2880.ocx
c:\windows\49z9addware24315.cpl
c:\windows\4b05ir93z.exe
c:\windows\4b07threatz0859.exe
c:\windows\4bfftzi9f2955.ocx
c:\windows\4cz65ddw9re2253.dll
c:\windows\4ee9spyware1z65.bin
c:\windows\4z4et9r5at12879.ocx
c:\windows\4z54s9eal490.bin
c:\windows\4z90t5oj9d1.bin
c:\windows\50755hackto9l5z0.cpl
c:\windows\5151a5d9arez633.dll
c:\windows\51679zroj439.cpl
c:\windows\51b7dow9load5r23z7.exe
c:\windows\51cz9ir29285.dll
c:\windows\51z8vi9802.bin
c:\windows\5203tzre5t99549.cpl
c:\windows\5230zwor973c.cpl
c:\windows\5269zhreat7852.dll
c:\windows\528zsp5ware983.ocx
c:\windows\52d5stea5109z.cpl
c:\windows\52de59eal52z.ocx
c:\windows\5336zteal1399.dll
c:\windows\536z5py919.bin
c:\windows\539esparse1z8.cpl
c:\windows\539z7spy7979.cpl
c:\windows\53e9spyware1445z.cpl
c:\windows\544viz9618.bin
c:\windows\5479szars93181.cpl
c:\windows\54963vizus14a.ocx
c:\windows\550notza-9irus61b.dll
c:\windows\550znot-a9virus61b.bin
c:\windows\55151spz559.bin
c:\windows\55299zo5315.cpl
c:\windows\55418not-9-vizus41.bin
c:\windows\555ft5zef696.exe
c:\windows\5560spy9z5e1607.dll
c:\windows\5564zhreat14719.bin
c:\windows\55b7bac9zoor358.exe
c:\windows\55e5a9dwzre1922.dll
c:\windows\55ste9l61z.bin
c:\windows\56924trojz63.dll
c:\windows\5731zac9door9865.cpl
c:\windows\57679pamboz8.dll
c:\windows\5832not-a-9zrus595.cpl
c:\windows\5892spy9arz2703.bin
c:\windows\5900vzr2724.exe
c:\windows\5933ba5k9ozr2327.exe
c:\windows\59484trzj109.ocx
c:\windows\595ebackdzor2052.ocx
c:\windows\596vzr959.cpl
c:\windows\59cdvir1z83.ocx
c:\windows\59f0zhief2271.bin
c:\windows\5a1z5par9e49.ocx
c:\windows\5a49bac5dooz1072.bin
c:\windows\5a70s5ealz2239.cpl
c:\windows\5ae0zi9798.bin
c:\windows\5azas9eal2844.exe
c:\windows\5c015ddwarez3349.ocx
c:\windows\5c79sparse161z.cpl
c:\windows\5c959zeal507.bin
c:\windows\5d5zthie9411.ocx
c:\windows\5e01d9znloader2803.bin
c:\windows\5e55vzr971.dll
c:\windows\5f1z9hreat19171.bin
c:\windows\5z0csteal995.ocx
c:\windows\5z235troj942.ocx
c:\windows\5z241hackt9ol35.ocx
c:\windows\5z61spywar91342.exe
c:\windows\5za9backdoor503.dll
c:\windows\5ze0addware985.dll
c:\windows\6098zp9555.ocx
c:\windows\635s5y59z.cpl
c:\windows\6540not-z-9irus46f5.bin
c:\windows\6562vir29z0.bin
c:\windows\6565not-a-vizus73c9.dll
c:\windows\65cezh9eat28855.ocx
c:\windows\662fv5r159z.exe
c:\windows\679dszars928865.dll
c:\windows\68529iru5173z.cpl
c:\windows\6854s9az5ot98.cpl
c:\windows\694zt5oj253.cpl
c:\windows\6956azdware391.cpl
c:\windows\6b90zownloader2599.cpl
c:\windows\6d1spyzare9245.cpl
c:\windows\6f5ebackdzo91607.cpl
c:\windows\6fz99p5rse3087.cpl
c:\windows\6z7e9hi5f53.ocx
c:\windows\6zd0spywar98885.cpl
c:\windows\7155not-a-viru93d3z.exe
c:\windows\715zaddwa5e2991.ocx
c:\windows\725eb9ckdoor7z9.exe
c:\windows\73f5pyz9re85.dll
c:\windows\740avir9z53.cpl
c:\windows\75z95py475.cpl
c:\windows\769zdownl5ader154.ocx
c:\windows\7891thz9f19645.ocx
c:\windows\7898addwzre1957.dll
c:\windows\790fba9kdooz30775.cpl
c:\windows\791fspywaze9965.ocx
c:\windows\79a8spzrse1695.exe
c:\windows\79azt9ief3035.exe
c:\windows\7d6th5ea92068z.cpl
c:\windows\7e57bac5do9z1502.ocx
c:\windows\7zc65ir9236.cpl
c:\windows\8823spz965.cpl
c:\windows\8d99p5ware87z.dll
c:\windows\90258tro5z86.dll
c:\windows\909espy5are191z.dll
c:\windows\909z5ckdoor971.cpl
c:\windows\94495spzmbot151.cpl
c:\windows\945thiez5993.bin
c:\windows\94737sp5mzot607.bin
c:\windows\9478szam5ot1f0.ocx
c:\windows\9549irus62z.ocx
c:\windows\9563tzief1995.exe
c:\windows\9571s5ambzt95d.dll
c:\windows\9595not-a-9irus5z8.dll
c:\windows\95z50virus669.dll
c:\windows\96503tzoj6a6.bin
c:\windows\97958spyz0.ocx
c:\windows\98421hac5tool4z2.bin
c:\windows\9852wozm2f5.cpl
c:\windows\9888vi527z8.cpl
c:\windows\98czthie52794.bin
c:\windows\99513spz55e.ocx
c:\windows\9955troj702z.exe
c:\windows\99azddwar51683.ocx
c:\windows\9c30ba5kdoor2750z.bin
c:\windows\9c39s5arze1193.dll
c:\windows\9d55zr940.cpl
c:\windows\9f1thizf19675.cpl
c:\windows\9faddw5ze2221.bin
c:\windows\9z949h5cktool473.ocx
c:\windows\b15spyware7z9.cpl
c:\windows\c9es9eaz1544.exe
c:\windows\ccd5ackd9or269z.cpl
c:\windows\cfzhie531299.bin
c:\windows\e59szyware2099.ocx
c:\windows\e6cb5ckd9or147z.cpl
c:\windows\e99spar5e32z2.bin
c:\windows\f2c9ownl5zder1688.dll
c:\windows\setup.exe
c:\windows\system32\1084zv59us52e.bin
c:\windows\system32\112z1s59mbot398.bin
c:\windows\system32\11469ziru954f.bin
c:\windows\system32\1159zackdoor2461.cpl
c:\windows\system32\116089ot-azv5rus593.ocx
c:\windows\system32\11857noz-a-virusa9.bin
c:\windows\system32\12438v5rzs29.exe
c:\windows\system32\1256895cktozl555.ocx
c:\windows\system32\129z8vir5s2cd.ocx
c:\windows\system32\13409viru5zba.dll
c:\windows\system32\139sp9zare543.ocx
c:\windows\system32\13zado5nloa9er92.exe
c:\windows\system32\14325s9z55.exe
c:\windows\system32\146205oz957.exe
c:\windows\system32\14654zro57569.cpl
c:\windows\system32\14772n5t-a-vzrus9d.dll
c:\windows\system32\14970hackt5olz9.bin
c:\windows\system32\14d2thie5z2339.bin
c:\windows\system32\15267notza-virus9d7.ocx
c:\windows\system32\1535do9nloader2z98.exe
c:\windows\system32\1545viz999.bin
c:\windows\system32\15499t5oj7z9.exe
c:\windows\system32\1565downlo9dzr53.bin
c:\windows\system32\1583z9irus503.dll
c:\windows\system32\159z5s5y782.bin
c:\windows\system32\15zdsparse931.exe
c:\windows\system32\16600virus259z.ocx
c:\windows\system32\16917not-a-virzs58a.cpl
c:\windows\system32\1694vi5usz66.cpl
c:\windows\system32\16963no5za-virus31.ocx
c:\windows\system32\17219tr95260z.exe
c:\windows\system32\17549tro965z5.dll
c:\windows\system32\17572t9oj5z4.ocx
c:\windows\system32\17789zoj65e.bin
c:\windows\system32\1799spy55z.cpl
c:\windows\system32\191885acktzol791.exe
c:\windows\system32\19214s5ambzt56a.dll
c:\windows\system32\192z7virus580.ocx
c:\windows\system32\19309hack5oolz9f.ocx
c:\windows\system32\19522virus4zb9.ocx
c:\windows\system32\19554spy1zd.bin
c:\windows\system32\195dvz92022.ocx
c:\windows\system32\195fthrzat29047.cpl
c:\windows\system32\195z6hac5tool97.exe
c:\windows\system32\19890spamboz759.ocx
c:\windows\system32\199665otza-virus78d.dll
c:\windows\system32\1be6addware395z.dll
c:\windows\system32\1z073hackto9l3f5.dll
c:\windows\system32\1z075not-a-viru911e.dll
c:\windows\system32\1z39not-a-virus645.dll
c:\windows\system32\1z5349pambot491.bin
c:\windows\system32\1z6av9r65.dll
c:\windows\system32\2052zsp9mbot655.ocx
c:\windows\system32\2060s9e5l119z.ocx
c:\windows\system32\20776not-a-vi9zs536.bin
c:\windows\system32\2085thr9zt29953.cpl
c:\windows\system32\209739zy55c.ocx
c:\windows\system32\20z6vi9us2e15.bin
c:\windows\system32\2103ztroj55a9.dll
c:\windows\system32\2146z9ack5ool766.exe
c:\windows\system32\21fz9i5985.cpl
c:\windows\system32\22395zambot79a.dll
c:\windows\system32\22397t5zj5b2.cpl
c:\windows\system32\2295zhackto5la0.dll
c:\windows\system32\2338zwo5m5979.bin
c:\windows\system32\235075or94cez.cpl
c:\windows\system32\23904not-a5virus99z.exe
c:\windows\system32\2404w5rmz19.ocx
c:\windows\system32\243645zck9ool249.cpl
c:\windows\system32\24961worz5f5.bin
c:\windows\system32\24997spz2535.exe
c:\windows\system32\24eespar9e5880z.dll
c:\windows\system32\24fevirz7795.cpl
c:\windows\system32\250zbackdoo93195.cpl
c:\windows\system32\251spambot65z9.bin
c:\windows\system32\25430zpy149.cpl
c:\windows\system32\254bspy9aze750.exe
c:\windows\system32\255189zrm7ab5.bin
c:\windows\system32\2564zr9j551.cpl
c:\windows\system32\256bbaczdoor9784.exe
c:\windows\system32\256z5w5rm39d.ocx
c:\windows\system32\25859sza9bot3dd.ocx
c:\windows\system32\259b5tealz9.bin
c:\windows\system32\26288s9amzot4f25.bin
c:\windows\system32\26495viru57za.dll
c:\windows\system32\26805hzcktool593.ocx
c:\windows\system32\2706zorm19e5.bin
c:\windows\system32\27309no9-azvirus165.exe
c:\windows\system32\27793vizu5141.dll
c:\windows\system32\2859ste5l5z8.cpl
c:\windows\system32\2891ha5ktz9la5.bin
c:\windows\system32\289th9ef555z.cpl
c:\windows\system32\29289n9t-5-virzs455.ocx
c:\windows\system32\29487n9t-azvi5us555.ocx
c:\windows\system32\295835ormzda.dll
c:\windows\system32\2961spywarz365.cpl
c:\windows\system32\2969095rmzfd.ocx
c:\windows\system32\29757troj95z.ocx
c:\windows\system32\29762zpambot54f.ocx
c:\windows\system32\29z33not9a-vir5s1cf.ocx
c:\windows\system32\2a9ebackdoz51519.dll
c:\windows\system32\2azfth5eat39386.dll
c:\windows\system32\2c4zv95692.ocx
c:\windows\system32\2e2ct9reat9593z.cpl
c:\windows\system32\2f5fbackd95rz401.dll
c:\windows\system32\2z01thie95374.ocx
c:\windows\system32\2z1b9te5l2399.exe
c:\windows\system32\2z3009irus1705.dll
c:\windows\system32\2z55thie92154.ocx
c:\windows\system32\3038not-z-viru5990.dll
c:\windows\system32\3159vi5zs8f9.bin
c:\windows\system32\32962not-a-virz57ec.exe
c:\windows\system32\3358s5923z.cpl
c:\windows\system32\33bas95rze841.dll
c:\windows\system32\3469sparsz2548.cpl
c:\windows\system32\35989spy50z9.dll
c:\windows\system32\35z4spy9b3.dll
c:\windows\system32\36zfsp9ware5028.bin
c:\windows\system32\3776not-z5virus709.cpl
c:\windows\system32\385fz9r1492.dll
c:\windows\system32\399aviz595.dll
c:\windows\system32\39c0thie5z12.dll
c:\windows\system32\39z5spars5928.cpl
c:\windows\system32\3d94backzoor1352.cpl
c:\windows\system32\3e95azdwar5930.cpl
c:\windows\system32\3z670not-a59irus513.ocx
c:\windows\system32\4215vir19z65.bin
c:\windows\system32\42e6zir96645.cpl
c:\windows\system32\42f99hrezt6597.bin
c:\windows\system32\4334spambz59b.bin
c:\windows\system32\44f5steal29z0.bin
c:\windows\system32\4571spzr9e2525.exe
c:\windows\system32\45edzteal20159.ocx
c:\windows\system32\45efth59at2z739.cpl
c:\windows\system32\4629zownl9ader5420.dll
c:\windows\system32\468ab9ckdoor5732z.ocx
c:\windows\system32\498z9irus15f.exe
c:\windows\system32\4a7ezdd5are1449.ocx
c:\windows\system32\4b2695arse1731z.bin
c:\windows\system32\4b69steal92z5.exe
c:\windows\system32\4bz4thre9t292275.cpl
c:\windows\system32\4d54zown9oader521.cpl
c:\windows\system32\4de59zrse464.dll
c:\windows\system32\4e5dthi9f28z05.exe
c:\windows\system32\4ff95d9zare544.exe
c:\windows\system32\4z749hief2405.bin
c:\windows\system32\502z9worm340.bin
c:\windows\system32\5071hacktoz915e.bin
c:\windows\system32\5073d9wnloa5erz823.exe
c:\windows\system32\5101zhief9311.dll
c:\windows\system32\51604spambot97z.ocx
c:\windows\system32\517z69irus47d.cpl
c:\windows\system32\528bthiez190.ocx
c:\windows\system32\5374h9cktozl3e9.cpl
c:\windows\system32\53855spz1b29.exe
c:\windows\system32\53949not-a-vi9uzbf.dll
c:\windows\system32\5431sp5mboz50c9.exe
c:\windows\system32\54f6ste5z9671.exe
c:\windows\system32\555virz69.exe
c:\windows\system32\5567spam9ot5f6z.ocx
c:\windows\system32\55819py1z4.ocx
c:\windows\system32\5590steaz553.exe
c:\windows\system32\559bz9ar5e3265.ocx
c:\windows\system32\55b7thie9212z.cpl
c:\windows\system32\55f0downzoader798.cpl
c:\windows\system32\56149hief271z.bin
c:\windows\system32\5695spy79z.bin
c:\windows\system32\56a5stea9110z.bin
c:\windows\system32\56zbt5ief595.cpl
c:\windows\system32\571d9h5eat2z570.ocx
c:\windows\system32\573d9wnloader187z.bin
c:\windows\system32\5794zhacktool69f.dll
c:\windows\system32\57e9szars53006.dll
c:\windows\system32\583z4sp9428.ocx
c:\windows\system32\5859spambz5695.exe
c:\windows\system32\58839tzoj682.cpl
c:\windows\system32\5897trzj95e.ocx
c:\windows\system32\5907w5rz96b.dll
c:\windows\system32\5969tzief219.dll
c:\windows\system32\5a2cdowzloader2209.exe
c:\windows\system32\5a9759reat18z83.cpl
c:\windows\system32\5a9fbac5door2z95.cpl
c:\windows\system32\5b9czddware722.bin
c:\windows\system32\5be8t5i9z2943.cpl
c:\windows\system32\5c9sparsz588.cpl
c:\windows\system32\5ca09pars52818z.ocx
c:\windows\system32\5ca2ad5warez960.dll
c:\windows\system32\5d69a9dwaze1015.cpl
c:\windows\system32\5dcbzownlo9der5190.ocx
c:\windows\system32\5dz2sparse9655.ocx
c:\windows\system32\5f425teal9770z.dll
c:\windows\system32\5z2cvir92295.bin
c:\windows\system32\5z51spy5539.cpl
c:\windows\system32\5z743spambo9498.dll
c:\windows\system32\5z8csparse2953.bin
c:\windows\system32\5z92vir1551.exe
c:\windows\system32\5zb1s9arse155.exe
c:\windows\system32\5ze9vir13.dll
c:\windows\system32\5zespyware239.cpl
c:\windows\system32\5zfbs59ware96.cpl
c:\windows\system32\6119sp5wa9e1462z.exe
c:\windows\system32\61539ownloader1z96.bin
c:\windows\system32\61c5zddware3963.exe
c:\windows\system32\627as9zrse595.ocx
c:\windows\system32\6295tr9zb8.bin
c:\windows\system32\65aaz9ar5e2905.exe
c:\windows\system32\66a29t5az1743.ocx
c:\windows\system32\66zcthreat521789.dll
c:\windows\system32\6759troj28z9.exe
c:\windows\system32\680zh9ckt5ol784.ocx
c:\windows\system32\691vir1z655.cpl
c:\windows\system32\6995spzmbot759.ocx
c:\windows\system32\69fe5te9l59z.cpl
c:\windows\system32\6a7e5i9208z.bin
c:\windows\system32\6b5dth9zat25055.cpl
c:\windows\system32\6b72zpyware2295.ocx
c:\windows\system32\6da9steaz2725.ocx
c:\windows\system32\6e2zs9ea52845.cpl
c:\windows\system32\6z41dow5loader948.bin
c:\windows\system32\7139ad9wa5z2191.cpl
c:\windows\system32\71z2not-a-vi9us765.dll
c:\windows\system32\71z8spa9se1455.cpl
c:\windows\system32\7201vir952z7.ocx
c:\windows\system32\72f1zddware9605.exe
c:\windows\system32\7327not9a-v5rus21dz.cpl
c:\windows\system32\7425thief9706z.exe
c:\windows\system32\7493zot-a-5irus934.dll
c:\windows\system32\7497downzoad5r625.bin
c:\windows\system32\756zworm2639.ocx
c:\windows\system32\7574virus27z9.ocx
c:\windows\system32\7578downloader269z.bin
c:\windows\system32\75825owzloader1499.ocx
c:\windows\system32\75f5steal2z689.cpl
c:\windows\system32\7649threat59935z.ocx
c:\windows\system32\788ft5iez492.exe
c:\windows\system32\7954hzcktool294.ocx
c:\windows\system32\79659pambzt79e.cpl
c:\windows\system32\7c09t5izf9081.exe
c:\windows\system32\7c91vzr950.dll
c:\windows\system32\7czb9ackdo5r2166.ocx
c:\windows\system32\7e5zbackd9or2512.bin
c:\windows\system32\7ed0t9iez2952.exe
c:\windows\system32\7z75s5y798.bin
c:\windows\system32\7z95threat21533.bin
c:\windows\system32\7z97a5dwar91405.cpl
c:\windows\system32\7zcaadd95re91.dll
c:\windows\system32\8z56spy2d49.bin
c:\windows\system32\8z59py2bc.exe
c:\windows\system32\9045hacztool16e.bin
c:\windows\system32\90475pyzf5.ocx
c:\windows\system32\907z9irus5e95.ocx
c:\windows\system32\907zspy5c1.exe
c:\windows\system32\9088z5py5f0.ocx
c:\windows\system32\913cthief4z5.bin
c:\windows\system32\91zbdownloader3065.exe
c:\windows\system32\92z755acktool473.exe
c:\windows\system32\94325zp5mbote9.dll
c:\windows\system32\94662spamzo570b.exe
c:\windows\system32\9539dowzloader2993.dll
c:\windows\system32\9543hazkt95lc7.cpl
c:\windows\system32\959475irusz29.cpl
c:\windows\system32\95z06hacktool749.cpl
c:\windows\system32\96faddwar9196z5.exe
c:\windows\system32\9791zpambot6e45.dll
c:\windows\system32\9914worm6zf5.ocx
c:\windows\system32\9947woz9559.bin
c:\windows\system32\a65thz5at261029.ocx
c:\windows\system32\acovcnt.exe
c:\windows\system32\ad29te5l239z.ocx
c:\windows\system32\afthz95t592.dll
c:\windows\system32\b35sparze1519.cpl
c:\windows\system32\d6sp9rsez3385.cpl
c:\windows\system32\d8b5ddzare309.bin
c:\windows\system32\drivers\ESQULnqlyxtitidpuwjbeikiicvhtytrxrrrc.sys
c:\windows\system32\e51addwa9e557z.cpl
c:\windows\System32\ESQULhpmydsgsxbersrfstumsxfvcprxpvbet.dll
c:\windows\system32\ESQULivqlnqbqvceuhpkiyxlrwimwckanwoxv.dll
c:\windows\system32\ESQULzcounter
c:\windows\system32\f9eadd9a5e16z.dll
c:\windows\system32\ffbdzwnloa5er9689.dll
c:\windows\system32\Memman.vxd
c:\windows\system32\skinboxer43.dll
c:\windows\system32\z0773worm5a9.exe
c:\windows\system32\z0despy5are6599.dll
c:\windows\system32\z1455t95j4c2.cpl
c:\windows\system32\z191v5rus497.exe
c:\windows\system32\z1975troj325.cpl
c:\windows\system32\z199threat52007.cpl
c:\windows\system32\z29cvir2495.cpl
c:\windows\system32\z472spa95e548.cpl
c:\windows\system32\z472thi591349.bin
c:\windows\system32\z5639tro514c.cpl
c:\windows\system32\z5873s9y4b6.dll
c:\windows\system32\z5ceth9e5t9249.dll
c:\windows\system32\z6b15pywa9e1021.exe
c:\windows\system32\z9096virus6ca5.exe
c:\windows\system32\z915troj51f.exe
c:\windows\system32\z9245spy99f.dll
c:\windows\system32\za39addware3053.dll
c:\windows\system32\zbb8threat12295.bin
c:\windows\system32\zc389pa5se1539.bin
c:\windows\system32\zdbdsp5ware392.bin
c:\windows\z0780worm395.cpl
c:\windows\z1184worm79d5.exe
c:\windows\z120sp9mbot605.bin
c:\windows\z3593spy5475.bin
c:\windows\z44819ot-a-v5rus720.dll
c:\windows\z479thief1579.exe
c:\windows\z539i51771.bin
c:\windows\z59bspyware8079.exe
c:\windows\z5e9vir2414.dll
c:\windows\z65199orm459.ocx
c:\windows\z6fethre5t7964.cpl
c:\windows\z7294w5rm119.exe
c:\windows\z7aathief5391.dll
c:\windows\z90329pambot55e.bin
c:\windows\z906spars52215.bin
c:\windows\z90bvi525.ocx
c:\windows\z993vir2557.dll
c:\windows\z99b9pyw5re34.dll
c:\windows\za669ir5751.dll
c:\windows\zaacspywa9e1755.dll
c:\windows\zb95spy5are17.ocx
c:\windows\zbcda9dware32035.cpl
c:\windows\zce9thief1539.exe
c:\windows\zd25th95at7001.exe
c:\windows\zd8asp9rse2503.dll
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-30 04:18 . 2009-07-30 04:18 -------- d-----w- c:\users\Sean\AppData\Roaming\Lavasoft
2009-07-30 04:17 . 2009-07-30 04:17 -------- d-----w- c:\program files\Lavasoft
2009-07-30 04:05 . 2009-07-30 04:05 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-07-30 04:05 . 2009-07-30 04:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-28 02:26 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 02:26 . 2009-07-28 02:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 02:26 . 2009-07-28 02:26 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-28 02:26 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 03:10 . 2009-02-12 09:35 38208 ----a-w- c:\users\Sean\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-07-27 03:10 . 2009-07-27 03:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-27 03:09 . 2009-07-27 19:01 -------- d-----w- c:\progra~2\NOS
2009-07-27 03:09 . 2009-07-27 19:01 -------- d-----w- c:\program files\NOS
2009-07-25 07:19 . 2009-07-25 07:19 6001 ----a-w- c:\windows\system32\2z295virus2.bin
2009-07-25 07:19 . 2009-07-25 07:19 5250 ----a-w- c:\windows\system32\28359nz9-a5virus7.bin
2009-07-25 07:04 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-25 07:04 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-25 07:01 . 2009-07-30 23:48 -------- d-----w- c:\program files\Steam
2009-07-25 07:01 . 2009-07-25 07:32 -------- d-----w- c:\program files\Common Files\Steam
2009-07-14 23:23 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 23:23 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 23:23 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 23:23 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-06 22:50 . 2009-07-06 22:50 -------- d-----w- c:\program files\Ventrilo
2009-07-06 22:49 . 2009-07-06 22:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 07:41 . 2008-07-11 14:38 110552 ----a-w- c:\progra~2\nvModes.dat
2009-07-31 07:39 . 2008-04-14 03:50 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-28 22:06 . 2008-07-20 22:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-27 19:35 . 2008-07-21 17:02 -------- d-----w- c:\users\Sean\AppData\Roaming\LimeWire
2009-07-27 03:12 . 2008-07-20 22:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-15 10:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 02:50 . 2009-01-03 00:03 -------- d-----w- c:\program files\PokerStars.NET
2009-07-07 01:36 . 2009-01-16 15:03 680 ----a-w- c:\users\Sean\AppData\Local\d3d9caps.dat
2009-07-01 07:39 . 2009-07-01 07:39 4271 ----a-w- c:\windows\system32\111965pamz9t8.exe
2009-06-09 22:23 . 2008-12-25 03:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-07 05:49 . 2009-06-07 05:49 272384 ----a-w- c:\users\Sean\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
2009-06-07 05:49 . 2009-06-07 05:49 192512 ----a-w- c:\users\Sean\AppData\Roaming\Acreon\WowMatrix\Libraries\wmweb.dll
2009-06-07 05:49 . 2009-06-07 05:49 258048 ----a-w- c:\users\Sean\AppData\Roaming\Acreon\WowMatrix\Libraries\wmzip.dll
2009-06-07 05:49 . 2009-06-07 05:49 -------- d-----w- c:\users\Sean\AppData\Roaming\Acreon
2009-06-05 18:42 . 2009-06-05 18:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-06-05 18:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 03:36 . 2008-08-05 19:52 -------- d-----w- c:\users\Sean\AppData\Roaming\Ventrilo
2009-05-15 00:55 . 2009-05-15 00:55 245408 ----a-w- c:\windows\system32\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2009-07-25 1217784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2006-10-26 32560]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-08 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-08 92704]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-07-11 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-07-11 47672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-06-13 6183456]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3A689A1C-CD5B-454E-83EF-53FA4F6D9435}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B9BF84AC-BD67-4841-9325-45D7DA5E3C79}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0B12C702-826A-4A5F-BD4A-7A3A8F2EE4F6}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9385CDCF-ECB0-4FC0-A6A7-73A8DBBA0EC3}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{0DC1EAA6-9535-45C6-9195-05CCD99D7D00}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{EB0F6EF9-EA7F-4E44-B837-2BE7182EE8A1}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{03A3CBAB-8B4E-4913-A73A-09A2FF2C1E98}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{CC152F34-3D51-4809-BC37-C8F05E8B1D13}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{8A99228E-DF44-4E1D-B26F-A600ED1DD50A}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E7328382-BAFA-47F1-9B0B-F94280C34D6C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EBDED9C8-142C-4C58-BE6D-D7BE8B32151C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{96F7644A-48E4-4644-B462-525D2B1707F9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0C84CF57-1BCC-422D-97F1-F7241A0A386D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{CE6FCBD4-AAAF-4785-A87D-E4CF6F3203EF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1B0B4449-CCA1-4AFE-9581-01B760CBC75F}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{4255FAF3-559D-49DF-8DCA-1F0CC942532F}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{2D605262-598E-4A3A-BE2A-E0950A9294E1}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{1522CF39-A655-49B4-9064-A6EE8D534DD6}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever.exe
"UDP Query User{90F6FC01-71F7-4135-901A-0D506DC59043}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever.exe
"TCP Query User{E99CBF50-8E05-42D7-A1F0-49EA06D6620B}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{6DEF6EDA-0FF8-4C38-B7EC-9048B22BBFAC}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"TCP Query User{E948CB95-3AB4-4498-A258-76A0C4136563}c:\\users\\sean\\downloads\\wow-3.0.1.8874-ptr-us-installer-downloader.exe"= UDP:c:\users\sean\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe:wow-3.0.1.8874-ptr-us-installer-downloader.exe
"UDP Query User{67BEAE24-4D9F-49C1-9D3A-03A15D44C6C4}c:\\users\\sean\\downloads\\wow-3.0.1.8874-ptr-us-installer-downloader.exe"= TCP:c:\users\sean\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe:wow-3.0.1.8874-ptr-us-installer-downloader.exe
"TCP Query User{DBCDDA9C-6FAF-4324-A4FA-F138E1BF991E}c:\\users\\public\\games\\world of warcraft\\wow-3.0.1.8874-ptr-us-installer-downloader.exe"= UDP:c:\users\public\games\world of warcraft\wow-3.0.1.8874-ptr-us-installer-downloader.exe:Blizzard Downloader
"UDP Query User{DD0FA39D-F14F-4973-B813-D14B75914CF4}c:\\users\\public\\games\\world of warcraft\\wow-3.0.1.8874-ptr-us-installer-downloader.exe"= TCP:c:\users\public\games\world of warcraft\wow-3.0.1.8874-ptr-us-installer-downloader.exe:Blizzard Downloader
"TCP Query User{C8DB9DBC-BA4F-437C-A2C8-BC3E6BB85F91}c:\\users\\public\\games\\world of warcraft public test\\launcher.exe"= UDP:c:\users\public\games\world of warcraft public test\launcher.exe:Blizzard Launcher
"UDP Query User{61D5BFAC-2C53-4B4F-8FD2-4B249CCF48DC}c:\\users\\public\\games\\world of warcraft public test\\launcher.exe"= TCP:c:\users\public\games\world of warcraft public test\launcher.exe:Blizzard Launcher
"{48798D2C-7BA1-4222-A595-516771E39FDE}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{D06B11B4-DDF8-48FF-86FF-F7A4C12DF8C3}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{D5B52120-A779-4D83-8BF1-20CFFC36BFD7}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe:Blizzard Downloader
"{1B68C19B-C421-4533-99E8-9EA49E928F5B}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe:Blizzard Downloader
"{AB29BE0D-0AD9-4308-AFD9-AB1CCE3555AF}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe:Blizzard Downloader
"{9A20B48C-3B9A-4B80-968D-35749A124343}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{ED29D16F-DD73-4939-98E2-F8C31880E5F0}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{04D8FF3D-40C7-4E39-BA9A-CA91BAF7DA0F}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{A14A4212-1615-4844-B4E7-A8CA031147F6}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe:Blizzard Downloader
"{DAA469AA-1B27-4FC0-A951-03FCB9B64AB9}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe:Blizzard Downloader
"{5ECC2FAD-B315-4B19-94C0-BD81161F055D}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe:Blizzard Downloader
"{B072C0D3-F37C-450D-B856-9B7D0889A961}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{CF41D9DF-6E29-4089-B90F-A5A97E4B714A}c:\\program files\\steam\\steamapps\\ifogdog\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\ifogdog\counter-strike source\hl2.exe:hl2.exe
"UDP Query User{2C7A9AB1-163D-4AE8-9419-BFBF269FDE0C}c:\\program files\\steam\\steamapps\\ifogdog\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\ifogdog\counter-strike source\hl2.exe:hl2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [7/11/2008 8:08 AM 15416]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [1/20/2008 7:23 PM 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [1/20/2008 7:23 PM 21504]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/26/2009 8:48 PM 24652]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [7/11/2008 7:56 AM 29736]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [7/11/2008 7:51 AM 54784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [6/8/2008 4:22 PM 43040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C97751B1-BF63-4867-87FB-49B72502DBCD}]
c:\program files\Microsoft Office\Office10\OfficeXPFirstRun.vbs
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 00:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(1720)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\ATK Hotkey\AsLdrSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\System32\conime.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\ASUS\ASUS CopyProtect\ASPG.exe
c:\windows\System32\ACEngSvr.exe
.
**************************************************************************
.
Completion time: 2009-07-31 0:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 07:44

Pre-Run: 63,109,152,768 bytes free
Post-Run: 63,295,549,440 bytes free

893 --- E O F --- 2009-07-25 07:05

===============

Moderators Message

The others threads have been deleted, stick with one opened thread only, as per forum rules.
http://www.techsupportforum.com/rules.php

Read other 1 answers
RELEVANCY SCORE 168.4

Antivirus vanished! Can't install ANY new one!Can't access microsoft and any anti virus sites (thus i cannot download or scan my computer from there)I tried to install a copy of avast pro but the set- up immediately close after opening, i also noticed a lot of programs behaving like this just like the bandmaster game from e games and Grand Theft Auto Vice City( once i opened it, it immediately closes)Tried to install that in safe mode, but the computer does not start and reboots back into normal mode.This is the content of DDS logDDS (Ver_10-11-26.01) - NTFSx86 Run by neopc10 at 19:47:12.65 on Fri 11/26/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.353 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\KGB\Mpk.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exeC:\WINDOWS\PixArt\PAC7302\Monitor.exeC:\Program Files\... Read more

A:anti virus banished.can't install any anti virus programs, can't acces microsoft and anti virus sites!!!...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 2 answers
RELEVANCY SCORE 136.8

I'm running Windows XP.

About a week ago I got a virus, I believe it was called Antivir Software Pro, that claimed my computer was infected and I needed to give them money to fix it. That virus blocked websites and all other anti-virus programs from being downloaded, installed or used. My friend tried to wipe my computer and re-install Windows, but the virus stopped that as well. It wouldn't let me re-install windows claiming it couldn't find a harddrive.

We finally got Malwarebytes to run in safe mode and and then Spybot. It helped some, I can reach websites now. However it's gradually getting worse again. I get re-directed to other sites, some sites are becoming blocked again and I can no longer run any anti-virus software.

Any help would be greatly appreciated. I am not very good with this stuff, but I can get a hijack this log if that helps. I would mainly just like to wipe and start fresh.

Read other answers
RELEVANCY SCORE 136.8

Hi,

I'm using windows 7 and cannot format right now because I have school. The problem is I cannot access anti-virus websites and I keep getting random popups. I tried cleaning it out with spybot,malwarebytes, Avast anti-virus, and removing stuff in hijack this with no luck it keeps coming back. Any suggestions?

A:Malware/Virus issue cannot access Anti-Virus sites and havae random popups

Here is more info: When I goto google and type bleeping computers the links come up. I press the link it redirects me to advertising site. Here is my malwarebytes first log file

Malwarebytes' Anti-Malware 1.38
Database version: 2381
Windows 6.1.7127

7/6/2009 11:45:58 AM
mbam-log-2009-07-06 (11-45-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201253
Time elapsed: 25 minute(s), 24 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 18
Registry Data Items Infected: 9
Folders Infected: 2
Files Infected: 316

Memory Processes Infected:
C:\Windows\Fonts\services.exe (Worm.Archive) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKE... Read more

Read other 2 answers
RELEVANCY SCORE 136.4

I have a Windows XP Home laptop and I am unable to access any anti-virus websites for updates. Also tried installing Ad-aware but it failed. Malwarebytes found 2 objects but could not delete them on restart. Here are the results from DDS and the GMER results attached. What are the next steps?

Thanks in advance!


DDS (Ver_09-11-24.02) - NTFSx86
Run by Zeny at 14:35:07.86 on Wed 11/25/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.447.203 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Setting... Read more

A:Virus/Malware preventing access to Anti-Virus Sites

Haven't received any responses yet . . . bumping.

Thank you.

Read other 16 answers
RELEVANCY SCORE 135.2

Camera Wizard not poping up after removing Total Security/Antivirus Pro_2010 I have a PC with Windows XP SP3 with Avast, SuperAnti-Spyware and MBAM while browsing I got a yellow virus warning (something win32 I believe) from Avast pop up near the bottom tray and within seconds the Total Security pop-ups started. My PC slowed to a stop so I rebooted and saw that Antivirus Pro_2010 had installed itself on my PC. All my Anti Virus programs would not start (ie MBAM) so I ended up following forums to end some processes, delete some .dll files that were known to be malicious and rename the .exe's to get Anti Virus programs to run. I installed and used AVG which found a couple things. Then I used ComboFix, and finally I got MBAM to run which found a good 40+ trojans etc. I believe I got the virus off but I tried to restore to before I got the virus but was unable to. I have since run scans with MBAM and SuperAnti-Spyware which have found nothing. Avast also finds nothing but it has a list of 44 files (mostly in WINDOWS\ folder with the last path part of file doubled) that it is unable to scan: because "The system cannot find the specified path". When I look on my C: drive and follow the file path, the second to last part is always missing (ie. WINDOWS\addins\addins) addins is not there. When I plug in my camera, the camera wizard does not pop up anymore as it use to before I had and removed the virus. I also saw on the unscanable list that there was a WINDOWS\Connecti... Read more

A:Help to remove Total Security and Anti-Virus Pro_2010 rogue anti-virus programs

Can someone please help me?
 

Read other 1 answers
RELEVANCY SCORE 134.8

I only noticed this when I tried to update my Windows Live Messenger, and the Microsoft website wouldn't open on Safari or IE. I tried downloading new anti-virus software like Norton, but none of their sites would open either. I Googled a bit, and lo and behold, I'm not the only one to have this kind of problem. I saw a post on this website (although the thread had closed) that was strikingly similar, so I thought I'd ask for help too. So pleeeeeease, please help me! X3
I understand I need to post a HijackThis log, so here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:22:59, on 07/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDO... Read more

A:Anti-virus software won't scan, well-known anti-virus sites won't open.

It looks like the virus has got wise to THIS website too, because it no longer opens unless I use a proxy server. PLEASE help me, someone... I need to be able to use my internet banking without worrying that this stupid virus has got me keylogged or something! Please, please PLEASE help me.

~ Seras
 

Read other 2 answers
RELEVANCY SCORE 131.2

I'm using an Eisystems laptop thats about 3 years old, and never really experienced any issues apart from the occasional virus.
Earlier today the vista anti-virus virus popped up on my desktop while browsing. When i attemped to close the process my computer crashed (it is not prone to crashing normally). On turning it back on, i encountered the issue of explorer not booting properly leading to a black screen with a movable cursor. I read up on how to fix this issue and was instructed to close end explorer.exe in task manager (which works) and start it as a new task. The problem is that when i attempt to do that the only thing that appears on my screen is the vista-antispyware window and the rest of explorer doesnt function correctly, even when the random.exe process for the anti-spyware virus is ended. I have tried performing a system restore from safe mode with command prompt, but the system restore process crashes whenever i click the restore button. I don't have the setup disks for the laptop to perform a system restore that way, but I'm pretty convinced that the virus is the causing at least some of my issues. Any advice would be greatly appreciated.
 

Read other answers
RELEVANCY SCORE 126.8

Hi,

I just downloaded a "keygen" from bittorrent, and when I opened the exe file, nothing happened, then the exe file disappeared/deleted itself. I am pretty convinced that this was a virus, because my computer has slowed down significantly.

Now this part is unbelievable - I went online to download an antivirus program or the online Trend Micro scan, AND MY BROWSER (Firefox and IE) WON'T LET ME ACCESS ANY ANTI-VIRUS WEBPAGES!!! I managed to download Hijackthis and Spybot by downloading them through download.com, but it wouldn't let me go directly to the official sites! How strange is that?

Attached are links to the original file that I downloaded, if someone can scan it for me and deduce how to fix the problem, and also my Hijackthis log. (I hosted them on senduit.com for one week so you can access them.)

Thanks so, so much.

Hijackthis log is at - http://senduit.com/3b7234

Original d/l file is at - http://senduit.com/8624cc

A:A virus is not allowing me to access anti Anti-Virus webpages, and more...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:43:31 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\Program Files\Mac Volume Bar\3r-1c.exe
C:\Program Files\Windows-Related\stickies\stickies.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Gr... Read more

Read other 2 answers
RELEVANCY SCORE 126.8

Hi,

I can't access any major anti-virus sites, or microsoft.com. I downloaded, installed, and ran malwarebytes free edition. I was unable to update malwarebytes before or after running it. It found one infected file which I asked it to remove and it did. The relevant part of the log file is below and in the attached file.

I then downloaded and ran hijackthis and have attached the log file.
My OS is MS Windows XP service Pack 2.

Thanks,

Bill

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
 

Read other answers
RELEVANCY SCORE 126.8

Hi!
Okay here's my problem:
I can't access anti-virus sites so I can't even do a housecall on trend micro. I tried updating my Kaspersky internet security but for some reasons it just stops the update process so now my anti-virus database is outdated. I suspect all anti-virus sites are blocked as I could not download http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixDownadup.exe via Internet Download Manager.
I switched to safe mode and alas I could now access anti-virus sites. I ran housecall and was told it has fixed the errors it found. Also ran microsoft's spyware removal tool (that 9mb thing) and was told too that errors were fixed. Ran symantec's fixdownadup as well though I kinda forgot the results,lol.
So anyhow, i went back to normal mode and found that I still could not access AV sites. So I ran combofix but was disappointed to find out that the problem still persists. I ran malwarebytes' anti-malware and this time I was told that it did not find any malware.

So I'm posting the log file I got from hijackthis for analysis. Please help. Thanks!
---------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:04 AM, on 4/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Syn... Read more

Read other answers
RELEVANCY SCORE 126.8

I recently tried to go to the virusscan at jotti.org, and it wouldn't let me. Firefox said "Could not connect" and Internet Explorer 9 says "Diagnose Connection Issues"I can access any non-antivirus site, however.OS: Windows 7 Ultimate 32-bitAntivirus: Microsoft Security Essentials, MalwareBytes Anti-MalwareFirewall: Windows 7 firewall HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:37:30 PM, on 2/23/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8080.16413)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\BatteryCare\BatteryCare.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\... Read more

A:Can't access most anti-virus sites?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 126.8

Hi.
I am having some trouble accessing any anti virus sites. I am having trouble with the google redirect issue and I thought I had fixed it and tried to update my McAfee, but now cannot access their site. I get a navigation cancelled message. Can someone please help. Following is my hijackthis log. Thank you!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:21 AM, on 4/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\sy... Read more

A:Cannot Access Anti-Virus Sites

Anyone have any thoughts on what I could do to fix all my problems?? Please? Thanks.
 

Read other 2 answers
RELEVANCY SCORE 126.8

Hi,I had a McAfee security center message to reinstall McAfee. It come with my comcast subscription. I used the add/remove program to take it off, but now I cannot get on any McAfee sites to reinstall. I also tried AVG and had a problem accessing the server when I tried to update the software so I can't use that either. Here is the Hijackthis file:Your help would be greatly appreciated. Thanks,EricLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:43:54 PM, on 4/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\arservice.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\... Read more

A:cannot access any anti virus sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 126.8

update NOD32 or access windows update!



DDS (Ver_09-12-01.01) - NTFSx86
Run by Yevi at 14:02:57.06 on Sun 03/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.467 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe ... Read more

A:Please Help! CAn't access anti-virus sites

Hi,

I see you have run ComboFix,

please post the log(s)

It can be found at c:\combofix.txt, older logs can be found at c:\qoobox\combofix2.txt

Thanks

Read other 19 answers
RELEVANCY SCORE 126

Hello there!
I'm new in here. I have several problems with my system (Vostro 1500) which is running windows XP SP2.

1- I can't connect to any update source of my anti-virus programs (kaspersky internet security 7.0) or any other.

2- I can't browse any anti-virus sites such as kaspersky or symantic...

3- Although I can browse some other sites like google or etc. but after some
period of times my laptop's working I also can't open even those sites like google. then when I restart my laptop and retry to connect to these sites i can do this. but still can't browse anti-virus sites.

I searched through internet for this problem and found something about this such as a rootkit name "Seneka" might cause this problem. but this didn't work for me. and I'm very confused now.
Please Help!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

With Best Regards

A:can't update anti-virus programs, connect to these sites...

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 126

Hello there!
I'm new in here. I have several problems with my system (Vostro 1500) which is running windows XP SP2.

1- I can't connect to any update source of my anti-virus programs (kaspersky internet security 7.0) or any other.

2- I can't browse any anti-virus sites such as kaspersky or symantic...

3- Although I can browse some other sites like google or etc. but after some
period of times my laptop's working I also can't open even those sites like google. then when I restart my laptop and retry to connect to these sites i can do this. but still can't browse anti-virus sites.

I searched through internet for this problem and found something about this such as a rootkit name "Seneka" might cause this problem. but this didn't work for me. and I'm very confused now.
Please Help!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

DDS run:

DDS (Ver_09-03-16.01) - NTFSx86
Run by aa at 12:52:00.48 on Sat 05/16/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1553 [GMT 4.5:30]

AV: AVG 7.5.516 *On-access scanning enabled* (Outdated)
FW: AVG Firewall 7.5.500 *enabled*

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
D:\Program Fi... Read more

A:can't update anti-virus programs, connect to these sites...

Hello gygulance,

In the future, kindly heed the ComboFix Disclaimer and only run this tool under guidance. As noted in our pre-posting topic...

Quote:




Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.




I'll need to review the C:\ComboFix.txt. Please copy/paste the contents in your next reply.

Read other 7 answers
RELEVANCY SCORE 125.2

I dont post a lot but i really need help now.I cant access any antivirus websites.Then I searched the net and found this site and the combofix thing

heres my log


ComboFix 09-10-28.06 - Admin 10/21/2009 9:28.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.553 [GMT 8:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\.#
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\0015DCFC.urr
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-19 07:15 . 2009-10-19 07:16 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp
2009-10-19 07:14 . 2009-10-19 07:16 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Google
2009-10-18 07:57 . 2009-10-18 09:05 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\AskToolbar
2009-10-17 03:16 . 2009-10-17 03:16 -------- d-----w- c:\program files\Ask.com... Read more

A:[SOLVED] Help me pls I cant access any anti virus sites

nvm my brother fixed it sorry for wasting your time

Read other 1 answers
RELEVANCY SCORE 125.2

Ive had this problem for a few a days. I've heard of combofix but not sure how to use it so any help would be appreciated.

Heres My Hijackthis log


Quote:




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:41:10 PM, on 28/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\... Read more

A:cant access anti virus sites or microsoft

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post the logs in your next reply for my review.

Read other 11 answers
RELEVANCY SCORE 125.2

There are some files detected by Hijack This, Spybot did not detect anything, Xoftspy was better but still didn't find the problem. One of the files that seems suspicious is FRILVO.DLL in Windows system. When I delete it using Hijack it comes back. I have Sysclean but did not use it in Safe Mode. A warning came up about text screwing things up .Do I disregard this warning. Win98SE 550mgH P111 629mb ram. Computer runs good otherwise and is on new Verizon fiberoptic (FIOS) system.

A:Need Help For Blocked Access To Anti-Virus Sites

Please post your HijackThis log.

Read other 9 answers
RELEVANCY SCORE 125.2

Hi All,

I'm new to this forum. I have a Dell vostro 1500 which came with AVG anti virus plus firewall. Everything was going great for about an year and about 3 weeks ago my AVG gave a message 'Connection to update server failed'. I thought it was because of internet but from then on my AVG started giving me the same message again and again. In addition to this whenever i try to access an anti virus website or microsoft updates website i'm getting a page cannot be displayed message.I can access all other websites normally. When i tried to ping avg.com , i got 'ping could not find host avg.com please check the name and try again' message.But i can ping the ip address of avg.com. I'm confused and i'm not sure what is causing this. Any help on this would be greatly appreciated.
Thanks a lot in Advance,

Jay.

A:Unable to access Anti Virus Web sites

If you cannot use the Internet or download any programs, try downloading from another computer (family member, friend, etc). Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program. If you cannot copy files to your usb drive, make sure its not "Write Protected". Some flash drives have a switch on the side which could have accidentally been moved to write protect.Please download hosts.zip and save it to your Desktop.Extract (unzip) the file to its own folder C:\hosts. (click here if you're not sure how to do this. Vista users refer to this link.) Open up the hosts folder and double-click on the mvps.bat file.The script will rename your present HOSTS file to HOSTS.MVP and copy the new HOSTS file to the correct location on your system. You can read more about what we are doing in Blocking Unwanted Parasites with a Hosts File.Vista users be sure to read Updating the HOSTS file in Windows Vista.Install Instructions with screenshots for the MVPS HOSTS File if you need them.Note: You may have to overwrite the hosts file in "Safe Mode" if you get "an access denied message" when trying to do it in normal mode.Please download ATF Cleaner by Atribune & save it to your desktop. alternate download linkDouble-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox... Read more

Read other 11 answers
RELEVANCY SCORE 125.2

My computer seems to be running fine, but when I went to install a new printer, it won't load.
Contacted their support and they said it was a Microsoft error and I needed to research the error and correct it.
Guess what? I can't go to any Microsoft sites... Looked a bit further and sure enough I can't get to any anti virus sites either (this is on both my desktop and my laptop if that makes a difference) The logs shown below are from my desktop only.
 

A:Can not access Microsoft or Anti Virus sites

Read other 16 answers
RELEVANCY SCORE 125.2

Hello, this is my first post so apologies if I don't get the format / details quite right.

I've been unable to access anti-virus websites for a while now. I noticed it because my AVG wouldn't update. I can't access: AVG, avast, kaspersky or microsoft (and probably loads of others i haven't tried) - it just says that "this link appears to be broken" for all of them in internet explorer.

I've been in touch with kaspersky and done various scans and sent them logs. They say i have a root kit on the machine and i had to burn a cd from them and run it. I've also used malwarebytes anti-malware. But none of this has worked and I still can't access any of the anti-virus sites.

I use windows XP professional version 2002, service pack 2.

Would be grateful for any help in very simple terms as I am not very techie!

Thank you!

A:Can't access anti-virus sites or microsoft

Do you have access to another computer that's not infected?

Read other 13 answers
RELEVANCY SCORE 125.2

Okay, so I recently got blue-screened and had to re-format. I did a re-install of windows and now I have this problem in that I cannot access Microsoft or anti-virus websites. For example: if I try to go to microsoft.com Firefox brings up its "Server not found" screen.

The only things that have been installed so far are:
- all my drivers, from their respective CD's,
- my wireless driver, which I downloaded the install from another computer and put it on a thumb drive.
- and, Firefox, however the problem existed before the Firefox install.

I've tried connecting to the websites via other computers on the same network and they all work.


DDS.txt


DDS (Ver_09-12-01.01) - NTFSx86
Run by Braden at 13:02:54.73 on 31/12/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1704 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\W... Read more

A:Cannot Access Microsoft or Anti-virus Sites

Hi Leadrhino, welcome to the forum.

To make cleaning this machine easierPlease do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Please read through the instructions to familarize youself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download


Please download ComboFix from Link 1
Link 2
to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to "Always ask me where to Save the files".
During the download, before you save it to your desktop, rename Combofix to jgh.exe
It is important you rename Com... Read more

Read other 9 answers
RELEVANCY SCORE 125.2
RELEVANCY SCORE 124.8

Symentec detected a virus a few days ago on my pc and I thought I was able to delete/quarantine it. However, I've noticed, like many others, that my google search links get hijacked and redirect me to various websites. If I am trying to access a security wesite like eset, mcaffee, norton, my browser won't connect at all. I've browsed through these forums and I've tried running some programs to get started fixing this myself but these programs start but get killed and won't complete.
* 'Hijack this' won't complete.
* Malwarybytes starts and then gets killed. After it gets killed, I can no longer access Malwarebytes. Also, I have changed the name of the .exe file to avoid detection but no luck.
* Rootkit repeal - doesn't ask me for the options to select which sections to scan. I can however scan and I do have a log for what it was able to scan. (I have changed the disk level to high and also renamed to tatortot.scr - with no change in behavior)
* Can't connect to eset online scanner
* Combo fix - when I try to run this I get a message that indicates Combo Fix package might have been compromised and asks that I download a fresh file from your website (which I have done several times). The same messages goes on to say that I may be infected with a 'file patching virus - virut' (I've changed the name to try to avoid detection but that didn't work) then the file is deleted from my desktop.

When I try to get to my... Read more

A:Can't run any Anti-Virus/Malware programs or visit Antivirus sites, please help.

Follow Up:

After trying Malwarebytes and having it stop on me, when I try to click on the .exe to run it again, I get:
'windows can not access the specified device, path or file. You may not have the appropriate permissions to access the item.'

I am the admin on the pc.

Thanks again.

Read other 7 answers
RELEVANCY SCORE 124

Hi,
I recently started doing volunteer IT work for a non-profit organization. They have a server running Windows 2003 Small Business Server SP2 with IE 6. I recently ran Windows Update on it and installed about 28 security patches. The server rebooted successfully and things seemed to running okay. About one month when by, when I discovered that I cannot run Windows update or get to any Microsoft or antivirus websites (McAfee, Symantec, AVG). I get "page cannot be displayed". I can get to other websites just fine. I downloaded/installed Spybot and ran a scan but all it found was some tracking cookies. I then downloaded/installed Clamav but I was unable to get to Clamav.net to get the latest definination files. I ran a scan and except for files that were in use, it came back clean. Any help would be greatly appreciated. Thank you.

A:Unable to access Microsoft or Anti-Virus Sites

An update to this problem -

I suspected it might be Conficker. I checked and I have KB958644 installed but I had download about 28 patches in January and didn't install them until 02/15. I think Conficker slipped in during that time period.

I downloaded the Microsoft Malicious Software Removal Tool but it would not start on the server. I then downloaded the McAfee Stinger utility and it found Conficker in the Default User Temporary Internet File directory in a jpeg file. It removed it and I rebooted the server but I still cannot access any Microsoft or anti-virus websites. Any ideas? Thank a lot.

Read other 2 answers
RELEVANCY SCORE 124

Hi I can't access any Microsoft or antivirus sites on my XP pro machine please help this occured soem time ago but now trying to solve it as it is i think causing issues with other applications. Cant find anything obvious can someone please help me. Many thanks in advance

Read other answers
RELEVANCY SCORE 124

Hello There,

I have a pc running windows xp which has got a virus I cant remove.

I have tried installing various virus removal programs but I either have the problem of they wont install or once they do install they wont work because they cant update and the pc wont let them connect to the internet.

Everything I try to install softare I get an error come up saying "Windows - no disk Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c" I tried changing all disk drive letters and this made no difference to the error.

I have installed AVG but this wont update, I ran a scan and it found 3 trojan and removed them. But still doesnt seem to have solved the problem.

I have tried to install malwarebytes (mbam) but it will not let me run this to install (tried downloading it again and run on another computer incase it was file, but was fine!) I also tried installing in safe mode but made no difference.

Would you be able to help me please

Thank You!!!

A:Can't Install Mbam, Access Anti Virus Sites - Please Help :) !

Hi cloz500The forum you have posted in is not dedicated to malware removal.Please follow this link and follow the instructions. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Once you have done this, a member of the HJT Team will contact you with further instructions.

Read other 2 answers
RELEVANCY SCORE 124

My friends laptop running vista can't connect to anti virus sites like trend micro and can't get updates for malwarebytes or spybot. He doesn't have any active anti virus on his computer their was an old version of symantec from three years ago on here but hadnt been updated since. Ive now deleted it.

I ran combo fix but that didn't cure the problem. Here is the combofix.txt file

If anyone can recommend a way to fix the problem i would be very grateful.

ComboFix 11-07-31.04 - Merrr 02/08/2011 17:35:41.1.2 - x86
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.2.1033.18.2046.1003 [GMT -7:00]
Running from: c:\users\Merrr\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-03 00:30 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{90382B71-C4AE-4EC6-8FB7-923E0A3B4D80}\mpengine.dll ERROR(0x00000005)
2011-07-29 23:34 . 2011-07-29 23:35 -------- d-----w- c:\program files\CCleaner
2011-07-29 21:46 . 2011-07-29 21:46 -------- d-----w- c:\program files\ESET
2011-07-26 23:32 . 2011-07-26 23:32 -------- d-----w- C:\PerfLogs
2011-07-26 22:58 . 20... Read more

A:Can't access Anti Virus Malware Software sites

I'm working on a friends Hp laptop and gotten in a real mess. They had a virus which was stopping the computer from communicating with Virus/Spyware websites.

I ran combo fix but after that the problem still existed. Then automatic updates asked me to update so i figured why not. It was vista sp1 this is when everything started to go wrong. Vista Hung after this update and i couldn't get it to load. I tried system restore but that hangs and never finishes. Then i read that system restore works better from safe mode. I can't get into safe mode it also hangs when it gets to crcdisk.sys

Now It looks like i will have to do a HP system recoverey. The Hp recovery does give me a chance to do a back up of data so I ran that part of the program but now I have another problem the program doesn't recognise the usb stick so it's got nothing to save to. Is their anything i can do to get the usb stick working again. When i put the stick in it does light up.

If that doesn't work is it possible to install XP on the computer. So it will dual boot then using XP i can save all of his data?

Read other 4 answers
RELEVANCY SCORE 124

Hi,

I recently reformatted my PC and now have Internet Explorer 7 and Service Pack 2 but since then I've been unable to access any Microsoft update sites or downloads, when I attempt to I get the usual "Internet Explorer cannot display the webpage" notifaction. I've also just noticed that I now can't access any anti-virus software sites such as Symantec, McAfee, Malwarebytes etc. The rest of the internet seems to be working and loading up fine however, it's just these vital updates which I can't access. Some other examples are my newly-installed Microsoft Word which I can't connect to the Microsoft Authorisation service to activate it and Windows Media Player which won't search for updates.

I currently have Spybot Search and Destroy and Malwarebytes, though the problem above seems to be preventing Malwarebytes from searching for updates. Also, Spybot Search and Destroy keeps picking up the following line:

Microsoft.WindowsSecurityCenter_disabled

However, even when I remove this and reboot it keeps on returning. Below is a HJT log. Hope someone will be able to help me with this.

Many thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:52, on 05/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WIND... Read more

Read other answers
RELEVANCY SCORE 124

Hi guys,

Had this problem for a while, I cannot access any Microsoft or Antivirus, Malware etc. websites.

I've run Spybot S&D, Super Anti Spyware, Malwarebytes, Sophos, Adaware, ATF cleaner - all on full scans (downloading them was a nightmare when I can't access any sites) and nothing they pick up seems to solve the problem. Googling around doesn't seem to shed any light on anything either.

My hosts file itself looks clean, the only modifications are by SpybotSD.

I'd appreciate any help you can give me on this one, it'd be nice to have my computer working again.

Thanks

DDS LOG:
DDS (Ver_10-12-12.02) - NTFSx86
Run by RJ's Laptop at 10:46:06.60 on 23/12/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_05
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3061.1419 [GMT 0:00]

AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows ... Read more

A:Cannot Access Microsoft or Anti-Virus/Malware Sites

Sorted! Managed to fix it myself!

In case anyone else stumbles across this and has the same problem (I've read about 50 threads on this, with no solutions!), this is what I did:

Ran Combofix, which seemed to pick up the rootkit and partially remove it, enough to let me access Microsoft and Antivirus websites again, but not enough to remove it completely as it was still blocking MS Update, so I next ran Kaspersky Rootkit Removal Tool which found it and got rid of it for good. All websites working again, as is MS Update.

I've attached the logs, just in case anyone with an interest wants to have a more in depth look.

Cheers

Read other 2 answers
RELEVANCY SCORE 124

DDS (Ver_09-12-01.01) - NTFSx86
Run by awlee at 7:38:57.28 on 01/02/2010 Sat
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.2039.1294 [GMT 8:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Progra... Read more

A:Can't access anti virus sites. Possible svchost problem?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 124

Hi All.
I have inherited a win7 64bit machine that was severely infected including a cryptolock virus.

I used disc2vhd to create a vhd file of it as a backup and now running it virtually using virtualbox. I'll likely do a format and re-install on the physical machine but wanted a working version as a backup.

I have run several anti-virus programs - Malwarebytes, Rogue Killer, SuperAntiSpyware, Microsoft Malware Removal Tool (msert.exe), Hitman, etc. I also booted using the AVG recovery CD to completely scan the drive. All of which found many files and removed them. I apologize as I didn't keep the logs.

Everything seems to be coming up clean but I am not able to visit microsoft.com or any antivirus websites directly. Visiting the conficker eye chart website (Conficker Eye Chart) indicates that I am infected with an A/B variant.

I have tried running ESETConfickerCleaner.exe but it said I was not infected.

I wasn't sure if there was a log I am meant to provide with this post but can download and run anything you may need. I would really appreciate it if someone could help me resolve this issue please.

A:Unable to access anti-virus sites or microsoft.com

perhaps you can find another site with a download link to an antivirus??

Read other 7 answers
RELEVANCY SCORE 124

Yep, exactly as it is in the title of the thread. Here's my HJT file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:54 AM, on 3/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\WINDOWS\system32\CTsvcCDA.EXE
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\Program Files\Viewpoint\Common\ViewpointService.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\MsPMSPSv.exe
I:\WINDOWS\ALCXMNTR.EXE
I:\Program Files\Java\jre6\bin\jusched.exe
I:\WINDOWS\system32\RunDll32.exe
I:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
I:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
I:\Program Files\Zune\ZuneLaun... Read more

Read other answers
RELEVANCY SCORE 124

Hi,

I've been working to rid a desktop of a number of infections that showed first as AV Security Suite. Access to antivirus sites is blocked making it difficult to install software if the installers that need to access the web. e.g. Windows Defender can't get updates.

I have managed to manually remove AV security suite, I believe. Was able to download and run Windows Defender, spybot S&D because they could be moved over on a usb drive. Found and cleaned up a number of issues. Ad-aware and other antivirus programs I tried, could not be installed this way.

I've cleaned a lot of bad stuff out of the registry, and the computer is working much better now. However the anti-virus sites are still blocked, so there must be some infection left.

Any help greatly appreciated. Here is the hijack this log. I did remove the entries for servers 93.188.163.10 and 93.188.166.245 but they came back on reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:23 PM, on 6/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe... Read more

Read other answers
RELEVANCY SCORE 123.2

I have a nasty if not multiple nasty virus's and have not been successful removing them. It started with the XP Anti-Virus 2011 Removal fake anti-virus popping up with all real anti-virus programs disabled and anytime I try to go to an antivirus website I'm redirected to a random site. This happens in all browsers not just Internet Explorer. I also had many of my files changed to hidden file folders and also the start/all programs button does not show any of my programs. I mananged to get both Malwarebytes and Superantispyware on my computer and was able to get rid of much of the problems by running these programs. Now it seems the XP Anti-Virus 2011 has been removed but I still have the issue with my webpages being redirected depending on which page I try to access. I also have many processes that should not be running in the task manager and when i close them out they just start back up again. This worm seems to be accessing my iexplorer because there are multiple iexplorer.exe open at all times and sometimes the CPU Usage gets very high which is not normal for my computer. The final symptom is that at random times I get a webpage pop up or if not a webpage an error that reads like the following example:

An error has occured in the script on this page.

line: 13
Char: 1
Error: Object doesnt support this property or method
Code: 0
URL: http:/www2a.glam.com/mobile/detect.act?affiliatedld=288743725

Do you want to continue scripts on this page?

I will get at ... Read more

A:XP Anti-Virus 2011 Fake Anti-VIrus and webpages being Redirected Virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 17 answers
RELEVANCY SCORE 122.8

My computer is working fine with one major exception - it wont allow me to run any anti spyware or antivirus. I try to run Adaware and the the program is instantly closed. I try to access a website relating to virus scanning/protection, and it closes. Pandasoft is the only thing that's worked, and that must be because its online. Here is the report it kicked out - (I installed 007spy on my own computer to better understand it).

Incident Status Location

Potentially unwanted tool:Application/007Spy Not disinfected C:\Program Files\Common Files\Microsoft Shared\DAO\svchost.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\sophiel\Application Data\Mozilla\Firefox\Profiles\gud8dfes.default\cookies.txt[ad.yieldmanager.com/] ... Read more

A:Help! I cant use anti spyware, or visit anti virus sites.

For the moment I can only see one Trojan to come out..


Please download Combofix from HERE or HERE

Save ComboFix to the desktop.


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad* and copy/paste the text in the quotebox below into it:



Quote:





KillAll::

File::
C:\Program Files\Common Files\Microsoft Shared\DAO\svchost.exe








Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Read other 4 answers
RELEVANCY SCORE 122.4

First, Thank you in advace for your help.

The following problems occurred:
(1) Updated to Firefox 3
(2) During google search, clicked on link that appeared to open Acrobat, then changed desktop background and installed BSOD-type screen saver.
(3) Access to many virus scan websites is blocked, unable to update Mcafee virus protection software.
(3) Google is modified, resulting links do not lead to the correct websites.

The following steps have been taken:
(1) Mcafee scan detected and cleaned the following:
C:\Documents and Settings\Paul Samuel\Local Settings\Temp\.tt22.tmp.vbs VBS/FakeAlert-AB
C:\WINDOWS\SYSTEM32\blphc70aj0eg47.scr FakeAlert-AG
C:\WINDOWS\SYSTEM32\lphc70aj0eg47.scr Downloader-ASH.gen.b
(2) Ad-Aware Installed, no detections.
(3) Spybot S&D installed, manually updated (spearate comuter used to download current definitions file), and detected and attempted to clean the following:
Smitfraud-C.gp
WildTangent

***(4) Attempted to follow 5 steps listed on your web site, completed Steps 1, 3 and 5 using separate computer to download. Steps 2 and 4 hindered by blocked access to Panda ActiveScan and Windown Update.

Notes:
(1) Current Version of Mcafee: VirusScan Enterprise 7.0.0 with derinision file 5370, created on Aug 26 2008, the day before the infection.
(2) Windows XP SP3
(3) Computer/Internet runs very slowly
(3) Separate computer used for this communication.

I hope this is sufficient detail. HijackThis log follows.

Logfi... Read more

A:Infection lead to: Access to Anti Virus Sites Blocked

BUMP, please

Read other 1 answers
RELEVANCY SCORE 122.4

Hi,

I am facing these problems:

Cannot access microsoft sites, cannot update windows and cannot open any anti-virus sites.
Have tried out on IE, Firefox & Chrome.
On rebooting in safe mode, computer shuts down suddenly.
Have tried Malwarebytes,antimalware, could not update. The program did not find anything.

Your help will be highly appreciated.

Best regards
Gaty

A:Cannot access microsoft site/updates and anti virus sites

Hello, gaty.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksAlso, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread.Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.Download random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:RSIT Log

Read other 3 answers
RELEVANCY SCORE 122.4

Hello,I'm hoping someone can help as i'm going mad with this problem. I was infected with a virus earlier in the week. Can't remember name but I couldn't open any exe files and it kept saying my system was infected and to buy some anti virus software. I used tdr killer and malwarebytes to sort this problem. However something still seems to be lingering. I cannot access most anti virus sites and forums or windows update site. If I go to windows update page it says page not found. If I go to the anti virus sites then I get redirected to generic sites. Most but not all other sites and links seem to be working fine. Just seems to want to keep me away from sites where I may find out how to kill it. I thought it may have been confickr and downloaded kasperskys tool for removal but it detected no virus. It is becoming a real inconvenience and I'm guessing it is doing something much more behind the scenes other than just blocking these sites. . Have tried several malware, spyware detectors but without luck so far. I have windows xp sp3, using chrome as main browser but affects IE too Please helpThanks KieranDDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 16:21:28.17 on 29/08/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3583.2521 [GMT 1:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-... Read more

A:Unable to access windows updates and anti virus sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 2 answers
RELEVANCY SCORE 122.4

Hello,

I'm hoping someone can help as i'm going mad with this problem. I was infected with a virus earlier in the week. Can't remember name but I couldn't open any exe files and it kept saying my system was infected and to buy some anti virus software. I uses tdr killer and malwarebytes to sort this problem.

However something still seems to be lingering. I cannot access most anti virus sites and forums or windows update site. If I go to windows update page it says page not found. If I go to the anti virus sites then I get redirected to generic sites. All other sites and links seem to be working fine. Just seems to want to keep me away from sites where I may find out how to kill it. I thought it may have been confickr and downloaded kasperskys tool for removal but it detected no virus. It is becoming a real inconvenience and I'm guessing it is doing something much more behind the scenes other than just blocking these sites. . Have tried several malware, spyware detectors but without luck so far. Please help

Thanks

Kieran

A:Can't access windows update and redirecting anti virus sites.

To add,

I have windows xp sp3, using chrome as main browser but affects IE too. Have found a few people with similar problemds and think I have tried most of suggested solutions including SDFix. Only thing I haven't is combofix as I heard this can be dangerous if not done properly.

Kieran

Read other 2 answers
RELEVANCY SCORE 122.4

Hello all.

Here are the characteristics of the virus:

1) Everytime I try to go to Anti-Spyware websites like spybot, I am redirected to a random search engine or fake anti-spyware site.

2) I tried running combofix/Hijackthis and they were both blocked and an error message came up saying "Combofix has stopped working" etc etc. I changed the names of the programs and they worked, easy fix, but I'm still posting this as if I never changed the names.

3) Random google links that may not even have anything to do with Anti-Spyware get redirected to random sites.

Logfile of HijackThis v1.99.1
Scan saved at 4:17:40 PM, on 8/6/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 121.6

My computer has been infected by a virus. It started with my computer telling me I was infected (pop ups) and directing me to their website. The virus prevents me from opening my Mcafee software. I also cannot do a system restore. I have tried but only get so far and it doesnt complete. I have tried this in safe mode with no luck. I have downoladed Malwarebytes to a usb mem stick and changed the .exe file to a fake name and ran the scan. It did find somethings but it didnt fix the problems. So I can still boot up but I cant access any antivirus websites and often the system hangs as I try different things and I reboot and try again without any luck. So I found this website and I thought I would give it a try. Am I a candidate for combofix /

A:cant run anti virus, cant access anti virus websites

Download this file and save it to your desktop:http://download.bleepingcomputer.com/grinler/rkill.scrCopy it over to the problem computer on a CD or pen drive if you need to.Double-click the file to run it. A command window will open briefly. Then run a quick scan with Malwarebytes. Post the Malwarebytes log.

Read other 3 answers
RELEVANCY SCORE 121.2

Have Windows XP. After start-up an "anti-virus" pop-up is generated from the tray. It try's to start the internet browser. I cannot open or run any programs.

A:"Anti-virus" Pop-up stops access to all programs

Have a look at the following link: Virus, Spyware, & Malware Removal GuidesIf you cannot see there, the name of the malware that you have, enter the exact name in the search box under "Search Guides", on the right-hand side of the page, and search for the appropriate guide.Let us know if you can't find a guide that matches your infection.If you do find the appropriate guide, follow the instructions closely. Ensure that you do update the MBAM database definitions.The MBAM log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Please post the log and let us know how the system is running now.

Read other 1 answers
RELEVANCY SCORE 120.8

i cant access certain antivirus sites, microsoft, any .gov sites or update any kind of virus software unless im in safe mode. i think my hosts or dns may be hijacked. i ran mb anti maleware,super anti spyware, combofix, sd fix, smitfraud fix. it removed a few things but it still having the problem here is my hjt log. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:07:22 AM, on 2/9/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files&#... Read more

A:cannot acess microsoft, any anti virus sites, cant update maleware programs unless in safe mode

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer sc... Read more

Read other 2 answers