Unknown - can't access certain websites

View previous topic View next topic Go down

Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 1:03 pm

Just recently I have been unable to access certain websites. I don't know the name of the infection or whatever. Whenever I try to access well known websites such as YouTube, Facebook, MySpace etc. I get the message:

Restricted Site!

This web site is restricted based on your security preferences.

Your system is infected. Please activate your antivirus software.


The page has a grey background and a dark red box in the middle with white text. I first tried accessing a website on firefox and it didn't work so I tried internet explorer and it didn't work on that either. Also, I have already performed a scan on my computer with MalwareBytes' Anti-Malware and it found about 13 infected files but I removed them. My computer then restarted and the problem was still there. Please help this is frustrating

(5 other people on yahoo answers also have this problem and it happened to them all at the same time, which was like 2 hours ago)

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by Belahzur on Thu Jul 09, 2009 1:53 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 2:02 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:50, on 09/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
D:\RUNESCAPE\java\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\RUNESCAPE\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
D:\RUNESCAPE\java\bin\jusched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\USB Aquarium\Aquarium.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Kontiki\KHost.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 2:02 pm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange
R3 - URLSearchHook: (no name) - {4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - C:\PROGRA~1\ORANGE~1\TOOLBA~2.DLL
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\win32room.exe,C:\WINDOWS\system32\win32z.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 antispy.microsoft.com
O1 - Hosts: 209.44.111.62 antiaware-pro.com
O1 - Hosts: 209.44.111.62 [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\RUNESCAPE\java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\RUNESCAPE\java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer192.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\RUNESCAPE\java\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKLM\..\Run: [Aquairum] C:\Program Files\USB Aquarium\Aquarium.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [HiChatter] D:\Program Files\Beyluxe Messenger\beyluxe messenger.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspktg.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - [You must be registered and logged in to see this link.]
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} (Moonlight MPEG-4 Video Decoder) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - [You must be registered and logged in to see this link.]
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - [You must be registered and logged in to see this link.]
O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} (TSBnwCam Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: rdihost - {FE3CDA0D-4C6A-4770-8812-6A4B3C5DE9E6} - rdihost.dll (file missing)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98a3d9e74b4a8) (gupdate1c98a3d9e74b4a8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\RUNESCAPE\java\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 15808 bytes

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by Belahzur on Thu Jul 09, 2009 2:12 pm

Hello.

Please download the LSPfix from here: [You must be registered and logged in to see this link.]
Unzip it to the Desktop (Important!!) and run it. Check the box that says "I know what I'm doing", and then select each instance of "lspktg.dll" and "winhelper.dll" in the left-hand panel and click >> button to move it to the right-hand panel. Then click Finish to allow LSPfix to rebuild the LSP chain.

Then reboot, then after reboot:

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\win32room.exe,C:\WINDOWS\system32\win32z.exe,
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 209.44.111.62 antispy.microsoft.com
    O1 - Hosts: 209.44.111.62 antiaware-pro.com
    O1 - Hosts: 209.44.111.62 [You must be registered and logged in to see this link.]
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\Run: [internat] C:\WINDOWS\internat.exe
    O21 - SSODL: rdihost - {FE3CDA0D-4C6A-4770-8812-6A4B3C5DE9E6} - rdihost.dll (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 2:52 pm

OK, here's the MBAM Log:

Malwarebytes' Anti-Malware 1.38
Database version: 2398
Windows 5.1.2600 Service Pack 2

09/07/2009 15:44:22
mbam-log-2009-07-09 (15-44-22).txt

Scan type: Quick Scan
Objects scanned: 118305
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\drv\drv.dll (Rootkit.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drvdrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\drvdrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drvdrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRVDRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRV (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\drv (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\drv\drv.dll (Rootkit.Agent) -> Delete on reboot.
c:\WINDOWS\system32\wiwow64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\proquota.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Steven\local settings\Temp\db.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Steven\local settings\Temp\e.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Steven\local settings\Temp\~TM89F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\HQK6JNZ6\w[1].bin (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\HQK6JNZ6\w[2].bin (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\HQK6JNZ6\w[3].bin (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\RSBUD56G\w[1].bin (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\X8E7ZM66\w[1].bin (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\X8E7ZM66\w[2].bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\jmmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101465749.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\drv\drv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winhelper.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 3:22 pm

I can now go on any website I want now. Thank you for your time and help!

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by Belahzur on Thu Jul 09, 2009 3:41 pm

Not done yet.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 4:53 pm

DDS (Ver_09-06-26.01) - NTFSx86
Run by Steven at 17:50:38.87 on 09/07/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.347 [GMT 1:00]

AV: Norton AntiVirus 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
D:\RUNESCAPE\java\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
D:\RUNESCAPE\bin\TSVNCache.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
D:\RUNESCAPE\java\bin\jusched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\USB Aquarium\Aquarium.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\winupdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AdvancedVirusRemover\PAVRM.exe
C:\Documents and Settings\Steven\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uWindow Title = Microsoft Internet Explorer provided by Orange
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
uURLSearchHooks: N/A: {4fbacd73-f67c-42ae-b46a-03960afe3dfb} - c:\progra~1\orange~1\TOOLBA~2.DLL
uURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
mURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\win32z.exe,c:\windows\system32\win32room.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: SHOUTcast Loader: {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\runescape\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\runescape\java\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton antivirus\NavShExt.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Orange Toolbar: {e97b5f2e-ca8e-4d34-bda3-44eec4ed2b12} - c:\program files\orange toolbar uk\ToolbarContainer192.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: SHOUTcast Radio Toolbar: {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
EB: Orange Toolbar: {e97b5f2e-ca8e-4d34-bda3-44eec4ed2b12} - c:\program files\orange toolbar uk\ToolbarContainer192.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [HiChatter] d:\program files\beyluxe messenger\beyluxe messenger.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [LaunchApp] Alaunch
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: []
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "d:\runescape\java\bin\jusched.exe"
mRun: [SpeedTouch USB Diagnostics] "c:\program files\alcatel\speedtouch usb\Dragdiag.exe" /icon
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [BigDogPath] c:\windows\VM_STI.EXE Vimicro USB PC Camera (VC0305)
mRun: [Aquairum] c:\program files\usb aquarium\Aquarium.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [WinampAgent] "d:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [winupdate.exe] c:\windows\system32\winupdate.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Advanced Virus Remover] c:\program files\advancedvirusremover\PAVRM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerwl~1.lnk - c:\program files\acer wlan 11g usb dongle\ZDWlan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &SHOUTcast Search - c:\documents and settings\all users\application data\shoutcast radio toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL
LSP: c:\windows\system32\winhelper.dll
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - [You must be registered and logged in to see this link.]
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - [You must be registered and logged in to see this link.]
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [You must be registered and logged in to see this link.]
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - [You must be registered and logged in to see this link.]
DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} - [You must be registered and logged in to see this link.]
DPF: {33564D57-0000-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - [You must be registered and logged in to see this link.]
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - [You must be registered and logged in to see this link.]
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - [You must be registered and logged in to see this link.]
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - [You must be registered and logged in to see this link.]
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} - [You must be registered and logged in to see this link.]
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - [You must be registered and logged in to see this link.]
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 4:53 pm

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steven\applic~1\mozilla\firefox\profiles\drdi6wte.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\steven\application data\mozilla\firefox\profiles\drdi6wte.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\runescape\java\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\runescape\java\bin\new_plugin\npjp2.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2005-8-26 334984]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\VCdRom.sys [2001-12-19 8576]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-17 169576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2005-10-21 139888]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-3-17 1174152]
R3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-17 192104]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-8 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070614.017\NAVENG.Sys [2007-6-14 77688]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070614.017\NavEx15.Sys [2007-6-14 852824]
RUnknown gzcvccr;gzcvccr; [x]
S2 gupdate1c98a3d9e74b4a8;Google Update Service (gupdate1c98a3d9e74b4a8);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]
S2 gvvzloh;gvvzloh;c:\windows\system32\drivers\nheer.sys --> c:\windows\system32\drivers\nheer.sys [?]
S3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\drivers\hdjctrl.sys [2007-10-20 11008]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [2007-10-20 39296]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-5-1 32512]
S3 SAVScan;Symantec AVScan;c:\program files\norton antivirus\SAVScan.exe [2005-8-26 198368]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-10-18 18432]

=============== Created Last 30 ================

2009-07-09 17:50 --d----- c:\program files\AdvancedVirusRemover
2009-07-09 17:48 20,480 a------- c:\windows\system32\winhelper.dll
2009-07-09 17:47 831 a------- c:\windows\system32\critical_warning.html
2009-07-09 17:47 41,984 a------- c:\windows\system32\winupdate.exe
2009-07-09 14:58 --d----- c:\program files\Trend Micro
2009-07-04 17:51 --d----- C:\videooutput
2009-07-04 17:51 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-07-04 17:51 139,264 a------- c:\windows\system32\xvid.ax
2009-07-04 17:51 8,676,883 a------- c:\windows\system32\NCMedia2.dll
2009-07-03 11:42 --d----- c:\docume~1\steven\applic~1\Malwarebytes
2009-07-02 23:12 --dsh--- c:\windows\system32\pord32
2009-07-02 23:03 --d----- c:\program files\drv
2009-07-02 22:52 63,488 a------- c:\windows\system32\calc.tmp
2009-07-01 00:31 --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-07-01 00:31 --d----- c:\docume~1\steven\applic~1\AVS4YOU
2009-07-01 00:31 --d----- c:\program files\common files\AVSMedia
2009-07-01 00:31 658,432 a------- c:\windows\system32\cc3270mt.dll
2009-07-01 00:31 487,424 a------- c:\windows\system32\msvcp70.dll
2009-07-01 00:31 24,576 a------- c:\windows\system32\msxml3a.dll
2009-07-01 00:31 --d----- c:\program files\AVS4YOU
2009-07-01 00:15 --d----- c:\program files\Panopreter
2009-06-30 16:27 --d----- c:\program files\DVDVideoSoft
2009-06-30 16:27 --d----- c:\program files\common files\DVDVideoSoft
2009-06-25 20:23 --dsh--- c:\windows\system32\xors32
2009-06-19 20:35 --d----- c:\program files\Beyluxe Messenger

==================== Find3M ====================

2009-07-09 15:55 34 a------- c:\documents and settings\steven\jagex_runescape_preferences.dat
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-12 19:15 50,176 a------- c:\windows\system32\lspktg.dll
2009-05-07 16:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-29 05:31 668,160 a------- c:\windows\system32\wininet.dll
2009-04-29 05:31 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-28 20:46 105,984 a------- c:\windows\system32\msoer2.dll
2009-04-28 17:16 131,072 a------- c:\windows\system32\SpoonUninstall.exe
2009-04-28 17:16 36,104 a------- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-04-17 10:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 16:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2009-04-14 12:01 46,072 a------- c:\docume~1\steven\applic~1\GDIPFONTCACHEV1.DAT
2008-03-09 17:14 5,186 a------- c:\program files\unins000.dat
2008-03-09 17:14 678,682 a------- c:\program files\unins000.exe
2007-04-25 15:19 18,432 a------- c:\docume~1\steven\applic~1\internaldb41.dat
2007-04-25 15:19 538 a------- c:\docume~1\steven\applic~1\internaldb8467.dat
2007-04-25 15:19 374 a------- c:\docume~1\steven\applic~1\internaldb6334.dat
2008-01-31 13:55 104 ---shr-- c:\windows\system32\DE2CB83AE4.sys
2008-01-31 13:55 11,690 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:51:16.81 ===============

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 4:58 pm

By the way, everything seemed like it was working properly after you told me to send you the MBAM Log but just now it's not letting me on certain websites again.

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by Origin on Thu Jul 09, 2009 5:38 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31483
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 6:33 pm

ComboFix 09-07-09.01 - Steven 09/07/2009 19:00.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.454 [GMT 1:00]
Running from: c:\documents and settings\Steven\Desktop\Combo-Fix.exe
AV: Norton AntiVirus 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\windows\Downloaded Program Files\Install.inf
c:\windows\Install.txt
c:\windows\kb913800.exe
c:\windows\setup.exe
c:\windows\system32\28463
c:\windows\system32\28463\AKV.exe
c:\windows\system32\28463\IQSQ.001
c:\windows\system32\28463\IQSQ.006
c:\windows\system32\28463\IQSQ.007
c:\windows\system32\28463\IQSQ.009
c:\windows\system32\28463\IQSQ.009.tmp
c:\windows\system32\28463\IQSQ.exe
c:\windows\system32\28463\Sep_08_2007__23_23_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_23_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_24_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_25_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_26_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_27_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_28_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_16.jpg

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 6:35 pm

c:\windows\system32\28463\Sep_08_2007__23_29_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_29_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_30_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_31_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_31_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_31_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_31_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_31_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_32_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_33_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_34_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_35_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_35_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_35_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_35_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_35_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_00.jpg

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 6:36 pm

c:\windows\system32\28463\Sep_08_2007__23_36_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_36_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_37_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_38_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_34.jpg

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 6:36 pm

c:\windows\system32\28463\Sep_08_2007__23_39_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_41_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_41_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_41_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_44.jpg

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 6:38 pm

c:\windows\system32\28463\Sep_08_2007__23_46_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_53.jpg
c:\windows\system32\config\systemprofile\Desktop\Advanced Virus Remover.lnk
c:\windows\system32\config\systemprofile\Start Menu\Advanced Virus Remover.lnk
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\UACjnrntfokmgsrmue.sys
c:\windows\system32\drivers\UACnwtaqurkrjntjlk.sys
c:\windows\system32\Install.txt
c:\windows\system32\Packet.dll
c:\windows\system32\UACbssbpenlvronkfp.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkocdtkvesrxvkwl.dll
c:\windows\system32\UAClerylnqlpladaiw.dll
c:\windows\system32\UAClrmjhnylyxcshoo.log
c:\windows\system32\UACltouilrpeeyhdkx.dat
c:\windows\system32\UACufigvatxqyeprws.dll
c:\windows\system32\UACukugvtxbdtfjlnj.log
c:\windows\system32\UACuriwgrbkjuvbvah.log
c:\windows\system32\UACykryhamxoqooawh.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\wpcap.dll
D:\winlogon.exe

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_MSNCACHE
-------\Legacy_NPF
-------\Legacy_SOPIDKC
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-09 18:20 . 2009-07-09 18:20 -------- d-----w- c:\program files\AdvancedVirusRemover
2009-07-09 16:48 . 2009-07-09 16:48 20480 ----a-w- c:\windows\system32\winhelper.dll
2009-07-09 13:58 . 2009-07-09 13:58 -------- d-----w- c:\program files\Trend Micro
2009-07-04 16:51 . 2009-07-04 16:51 -------- d-----w- C:\videooutput
2009-07-04 16:51 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-04 16:51 . 2009-06-04 12:17 8676883 ----a-w- c:\windows\system32\NCMedia2.dll
2009-07-03 21:20 . 2009-07-03 21:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-07-03 10:42 . 2009-07-03 10:42 -------- d-----w- c:\documents and settings\Steven\Application Data\Malwarebytes
2009-07-02 22:12 . 2009-07-09 18:19 -------- d-sh--w- c:\windows\system32\pord32
2009-07-02 22:03 . 2009-07-09 14:47 -------- d-----w- c:\program files\drv
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\documents and settings\Steven\Application Data\AVS4YOU
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\program files\AVS4YOU
2009-06-30 23:31 . 2006-03-03 09:02 658432 ----a-w- c:\windows\system32\cc3270mt.dll
2009-06-30 23:31 . 2003-05-21 12:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-30 23:31 . 2002-01-05 14:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-30 23:15 . 2009-06-30 23:15 -------- d-----w- c:\program files\Panopreter
2009-06-30 15:27 . 2009-06-30 15:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-06-30 15:27 . 2009-06-30 15:27 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-26 11:50 . 2009-06-26 12:32 -------- d-----w- c:\documents and settings\Steven\Application Data\Download Manager
2009-06-25 19:23 . 2009-07-09 18:21 -------- d-sh--w- c:\windows\system32\xors32
2009-06-19 19:35 . 2009-06-19 19:35 -------- d-----w- c:\program files\Beyluxe Messenger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 18:23 . 2009-03-27 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-07-09 14:55 . 2008-07-01 14:53 34 ----a-w- c:\documents and settings\Steven\jagex_runescape_preferences.dat
2009-07-09 14:33 . 2009-05-18 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 03:11 . 2009-02-08 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-07 22:30 . 2007-03-17 14:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-04 16:51 . 2008-05-18 19:04 -------- d-----w- c:\program files\Smallvideosoft
2009-07-03 21:23 . 2007-03-17 15:37 -------- d-----w- c:\program files\Google
2009-07-02 21:52 . 2009-07-02 21:52 63488 ----a-w- c:\windows\system32\calc.tmp
2009-07-01 19:13 . 2007-03-31 09:57 -------- d-----w- c:\program files\Steam
2009-06-26 13:00 . 2007-03-17 14:51 46072 ----a-w- c:\documents and settings\Steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 12:55 . 2006-08-11 21:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 10:27 . 2009-05-18 17:17 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-05-18 17:17 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:54 . 2009-05-06 15:35 -------- d-----w- c:\program files\SwiftKit
2009-06-12 18:15 . 2009-04-27 16:57 50176 ----a-w- c:\windows\system32\lspktg.dll
2009-06-07 12:31 . 2009-06-02 14:27 -------- d-----w- c:\documents and settings\Steven\Application Data\Apple Computer
2009-06-02 14:27 . 2009-06-02 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-02 14:26 . 2009-06-02 14:26 -------- d-----w- c:\program files\iPod
2009-06-02 14:26 . 2009-06-02 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-02 14:26 . 2008-10-02 17:29 -------- d-----w- c:\program files\Bonjour
2009-06-02 14:25 . 2009-06-02 14:25 -------- d-----w- c:\program files\QuickTime
2009-06-02 14:25 . 2009-06-02 14:25 -------- d-----w- c:\program files\Apple Software Update
2009-06-02 14:24 . 2009-06-02 14:24 -------- d-----w- c:\program files\Common Files\Apple
2009-06-02 14:24 . 2009-06-02 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-01 19:27 . 2009-03-22 13:22 -------- d-----w- c:\documents and settings\Steven\Application Data\Spotify
2009-05-30 11:50 . 2009-05-30 11:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 10:29 . 2009-05-29 10:29 -------- d-----w- c:\program files\Common Files\reFX
2009-05-29 10:29 . 2009-05-29 10:29 -------- d-----w- c:\program files\Common Files\Digidesign
2009-05-27 12:31 . 2007-03-18 12:39 -------- d-----w- c:\program files\VstPlugins
2009-05-27 12:30 . 2007-03-18 12:38 -------- d-----w- c:\program files\Image-Line
2009-05-18 17:17 . 2009-05-18 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-07 15:44 . 2004-08-10 20:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 17:15 . 2009-04-29 17:15 1024 ----a-w- c:\windows\system32\PDF2IMG.dat
2009-04-29 04:31 . 2006-03-04 03:58 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-10 20:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 20:07 . 2009-04-28 20:07 15240 ----a-w- c:\documents and settings\Steven\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2009-04-28 19:46 . 2009-04-28 19:46 105984 ----a-w- c:\windows\system32\msoer2.dll
2009-04-28 16:16 . 2008-10-27 12:10 36104 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-04-28 16:16 . 2007-05-20 17:04 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-04-17 09:58 . 2005-10-06 00:06 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 20:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2008-03-09 16:14 . 2008-02-08 18:07 5186 ----a-w- c:\program files\unins000.dat
2008-03-09 16:14 . 2008-02-08 18:07 678682 ----a-w- c:\program files\unins000.exe
2008-04-06 23:59 . 2008-04-06 23:59 0 --sh--w- c:\windows\S5A948CD5.tmp
2008-01-31 12:55 . 2007-08-28 20:29 104 --sh--r- c:\windows\system32\DE2CB83AE4.sys
2008-01-31 12:55 . 2007-08-27 07:39 11690 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-17 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-09-28 3497208]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-07-14 7057408]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"HiChatter"="d:\program files\Beyluxe Messenger\beyluxe messenger.exe" [2009-06-01 3299840]

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 6:38 pm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SunJavaUpdateSched"="d:\runescape\java\bin\jusched.exe" [2009-04-09 148888]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 4247552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-19 49152]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"BigDogPath"="c:\windows\VM_STI.EXE" [2005-02-28 53248]
"Aquairum"="c:\program files\USB Aquarium\Aquarium.exe" [2007-05-18 143360]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-01 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"Advanced Virus Remover"="c:\program files\AdvancedVirusRemover\PAVRM.exe" [2009-07-09 1280000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-3-17 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-17 745472]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\win32z.exe,c:\windows\system32\win32room.exe,"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^uPlayMe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\uPlayMe.lnk
backup=c:\windows\pss\uPlayMe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"d:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"= 43594:TCP:43594
"9242:TCP"= 9242:TCP:BitComet 9242 TCP
"9242:UDP"= 9242:UDP:BitComet 9242 UDP
"8085:TCP"= 8085:TCP:drv

R1 vcdrom;Virtual CD-ROM Device Driver;C:\VCdRom.sys [19/12/2001 11:45 8576]
R2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [08/07/2009 20:27 101936]
S2 gupdate1c98a3d9e74b4a8;Google Update Service (gupdate1c98a3d9e74b4a8);c:\program files\Google\Update\GoogleUpdate.exe [08/02/2009 23:35 133104]
S2 gvvzloh;gvvzloh;c:\windows\system32\drivers\nheer.sys --> c:\windows\system32\drivers\nheer.sys [?]
S3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\drivers\hdjctrl.sys [20/10/2007 15:57 11008]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [20/10/2007 15:57 39296]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [18/10/2008 11:52 18432]
.
Contents of the 'Scheduled Tasks' folder

2009-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-24 10:36]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 22:35]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 22:35]

2009-07-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Steven.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-10-21 12:13]

2009-07-08 c:\windows\Tasks\Norton PC Checkup Weekday Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]

2009-07-05 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
IE: &SHOUTcast Search - c:\documents and settings\All Users\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\winhelper.dll
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - [You must be registered and logged in to see this link.]
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - [You must be registered and logged in to see this link.]
DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} - [You must be registered and logged in to see this link.]
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - [You must be registered and logged in to see this link.]
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} - [You must be registered and logged in to see this link.]
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\drdi6wte.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\drdi6wte.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\runescape\java\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\runescape\java\bin\new_plugin\npjp2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-09 19:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Aquairum = c:\program files\USB Aquarium\Aquarium.exe?s?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1996885673-139178621-49509670-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3280)
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
d:\runescape\bin\TortoiseStub.dll
d:\runescape\bin\TortoiseSVN.dll
d:\runescape\bin\intl3_tsvn.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.virp
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
d:\runescape\java\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
d:\runescape\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2009-07-09 19:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-09 18:28

Pre-Run: 1,025,847,296 bytes free
Post-Run: 2,743,336,960 bytes free

1331 --- E O F --- 2009-06-11 02:01

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by Belahzur on Thu Jul 09, 2009 7:03 pm

Hello.

More malware came back.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\winhelper.dll

Registry::
[-HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\StubInstaller.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"=-
"9242:TCP"=-
"9242:UDP"=-
"8085:TCP"=-

Driver::
gvvzloh

DDS::
LSP: c:\windows\system32\winhelper.dll

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 7:42 pm

OK, I have the log but when I opened Firefox to post the log here, my Internet isn't working anymore. By the way, I'm on my laptop right now and the computer is the one infected. The page is just blank on Firefox and on Internet Explorer it says Page cannot be displayed. I can access the Internet on my laptop so I'm just confused. No idea what's going on here.

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by Belahzur on Thu Jul 09, 2009 7:47 pm

The malwares fault.

Run the LSPFix again, check to see if that winhelper is back in the left side or right side.

If left, move it to the right and hit finish.
If it's already on the right side, just hit finish and reboot.

After reboot, your net should be working again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 7:57 pm

OK, back on my computer and the Internet is working. However, after I rebooted my desktop has turned blue and black with red text saying that my system is infected. There's a small red circle with a white cross in it at the bottom right of my screen. A notce box keeps popping up saying that my system is infected.

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 7:58 pm

Anyways, here's that ComboFix Log you wanted:

ComboFix 09-07-09.02 - Steven 09/07/2009 20:09.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.397 [GMT 1:00]
Running from: c:\documents and settings\Steven\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Steven\Desktop\CFScript.txt
AV: Norton AntiVirus 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point

FILE ::
"c:\windows\system32\winhelper.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\windows\system32\winhelper.dll

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gvvzloh


((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-09 19:25 . 2009-07-09 19:25 -------- d-----w- c:\program files\AdvancedVirusRemover
2009-07-09 19:23 . 2009-07-09 19:23 41984 ----a-w- c:\windows\system32\winupdate.exe
2009-07-09 13:58 . 2009-07-09 13:58 -------- d-----w- c:\program files\Trend Micro
2009-07-04 16:51 . 2009-07-04 16:51 -------- d-----w- C:\videooutput
2009-07-04 16:51 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-04 16:51 . 2009-06-04 12:17 8676883 ----a-w- c:\windows\system32\NCMedia2.dll
2009-07-03 21:20 . 2009-07-03 21:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-07-03 10:42 . 2009-07-03 10:42 -------- d-----w- c:\documents and settings\Steven\Application Data\Malwarebytes
2009-07-02 22:12 . 2009-07-09 19:25 -------- d-sh--w- c:\windows\system32\pord32
2009-07-02 22:03 . 2009-07-09 14:47 -------- d-----w- c:\program files\drv
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\documents and settings\Steven\Application Data\AVS4YOU
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\program files\AVS4YOU
2009-06-30 23:31 . 2006-03-03 09:02 658432 ----a-w- c:\windows\system32\cc3270mt.dll
2009-06-30 23:31 . 2003-05-21 12:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-30 23:31 . 2002-01-05 14:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-30 23:15 . 2009-06-30 23:15 -------- d-----w- c:\program files\Panopreter
2009-06-30 15:27 . 2009-06-30 15:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-06-30 15:27 . 2009-06-30 15:27 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-26 11:50 . 2009-06-26 12:32 -------- d-----w- c:\documents and settings\Steven\Application Data\Download Manager
2009-06-25 19:23 . 2009-07-09 19:23 -------- d-sh--w- c:\windows\system32\xors32
2009-06-19 19:35 . 2009-06-19 19:35 -------- d-----w- c:\program files\Beyluxe Messenger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 19:26 . 2009-03-27 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-07-09 19:21 . 2009-07-09 19:21 0 ----a-w- c:\documents and settings\Steven\ntuser.tmp
2009-07-09 18:46 . 2008-07-01 14:53 34 ----a-w- c:\documents and settings\Steven\jagex_runescape_preferences.dat
2009-07-09 14:33 . 2009-05-18 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 03:11 . 2009-02-08 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-07 22:30 . 2007-03-17 14:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-04 16:51 . 2008-05-18 19:04 -------- d-----w- c:\program files\Smallvideosoft
2009-07-03 21:23 . 2007-03-17 15:37 -------- d-----w- c:\program files\Google
2009-07-02 21:52 . 2009-07-02 21:52 63488 ----a-w- c:\windows\system32\calc.tmp
2009-07-01 19:13 . 2007-03-31 09:57 -------- d-----w- c:\program files\Steam
2009-06-26 13:00 . 2007-03-17 14:51 46072 ----a-w- c:\documents and settings\Steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 12:55 . 2006-08-11 21:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 10:27 . 2009-05-18 17:17 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-05-18 17:17 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:54 . 2009-05-06 15:35 -------- d-----w- c:\program files\SwiftKit
2009-06-12 18:15 . 2009-04-27 16:57 50176 ----a-w- c:\windows\system32\lspktg.dll
2009-06-07 12:31 . 2009-06-02 14:27 -------- d-----w- c:\documents and settings\Steven\Application Data\Apple Computer
2009-06-02 14:27 . 2009-06-02 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-02 14:26 . 2009-06-02 14:26 -------- d-----w- c:\program files\iPod
2009-06-02 14:26 . 2009-06-02 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-02 14:26 . 2008-10-02 17:29 -------- d-----w- c:\program files\Bonjour
2009-06-02 14:25 . 2009-06-02 14:25 -------- d-----w- c:\program files\QuickTime
2009-06-02 14:25 . 2009-06-02 14:25 -------- d-----w- c:\program files\Apple Software Update
2009-06-02 14:24 . 2009-06-02 14:24 -------- d-----w- c:\program files\Common Files\Apple
2009-06-02 14:24 . 2009-06-02 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-01 19:27 . 2009-03-22 13:22 -------- d-----w- c:\documents and settings\Steven\Application Data\Spotify
2009-05-30 11:50 . 2009-05-30 11:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 10:29 . 2009-05-29 10:29 -------- d-----w- c:\program files\Common Files\reFX
2009-05-29 10:29 . 2009-05-29 10:29 -------- d-----w- c:\program files\Common Files\Digidesign
2009-05-27 12:31 . 2007-03-18 12:39 -------- d-----w- c:\program files\VstPlugins
2009-05-27 12:30 . 2007-03-18 12:38 -------- d-----w- c:\program files\Image-Line
2009-05-18 17:17 . 2009-05-18 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-07 15:44 . 2004-08-10 20:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 17:15 . 2009-04-29 17:15 1024 ----a-w- c:\windows\system32\PDF2IMG.dat
2009-04-29 04:31 . 2006-03-04 03:58 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-10 20:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 20:07 . 2009-04-28 20:07 15240 ----a-w- c:\documents and settings\Steven\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2009-04-28 19:46 . 2009-04-28 19:46 105984 ----a-w- c:\windows\system32\msoer2.dll
2009-04-28 16:16 . 2008-10-27 12:10 36104 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-04-28 16:16 . 2007-05-20 17:04 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-04-17 09:58 . 2005-10-06 00:06 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 20:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2008-03-09 16:14 . 2008-02-08 18:07 5186 ----a-w- c:\program files\unins000.dat
2008-03-09 16:14 . 2008-02-08 18:07 678682 ----a-w- c:\program files\unins000.exe
2008-04-06 23:59 . 2008-04-06 23:59 0 --sh--w- c:\windows\S5A948CD5.tmp
2008-01-31 12:55 . 2007-08-28 20:29 104 --sh--r- c:\windows\system32\DE2CB83AE4.sys
2008-01-31 12:55 . 2007-08-27 07:39 11690 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-09 18:27 . 2009-07-09 19:24 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-09 19:25 . 2009-07-09 19:25 16384 c:\windows\temp\Perflib_Perfdata_8bc.dat
+ 2009-07-09 19:24 . 2009-07-09 19:24 16384 c:\windows\temp\Perflib_Perfdata_6bc.dat
+ 2009-07-09 19:24 . 2009-07-09 19:24 16384 c:\windows\temp\Perflib_Perfdata_640.dat
+ 2009-07-09 18:27 . 2009-07-09 19:24 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2009-07-09 18:27 . 2009-07-09 19:24 16384 c:\windows\temp\Cookies\index.dat
+ 2009-07-09 19:23 . 2009-07-09 19:23 20480 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\TXLCR0R6\firewall[1].dll
+ 2007-03-17 21:36 . 2009-07-09 19:25 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-17 21:36 . 2009-07-09 18:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-03-17 21:36 . 2009-07-09 19:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-03-17 21:36 . 2009-07-09 18:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-03-17 21:36 . 2009-07-09 19:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-03-17 21:36 . 2009-07-09 18:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-05-19 15:34 . 2009-07-09 14:54 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-19 15:34 . 2009-07-09 18:46 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-05-19 15:34 . 2009-07-09 14:54 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-05-19 15:34 . 2009-07-09 18:46 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-07-09 19:23 . 2009-07-09 19:23 1280000 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MTT66S1D\SetupAdvancedVirusRemover[1].exe

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 7:59 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-17 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-09-28 3497208]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-07-14 7057408]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"HiChatter"="d:\program files\Beyluxe Messenger\beyluxe messenger.exe" [2009-06-01 3299840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SunJavaUpdateSched"="d:\runescape\java\bin\jusched.exe" [2009-04-09 148888]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 4247552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-19 49152]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"BigDogPath"="c:\windows\VM_STI.EXE" [2005-02-28 53248]
"Aquairum"="c:\program files\USB Aquarium\Aquarium.exe" [2007-05-18 143360]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-01 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"Advanced Virus Remover"="c:\program files\AdvancedVirusRemover\PAVRM.exe" [2009-07-09 1280000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-3-17 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-17 745472]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\win32room.exe,c:\windows\system32\win32z.exe,"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^uPlayMe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\uPlayMe.lnk
backup=c:\windows\pss\uPlayMe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"d:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

R1 vcdrom;Virtual CD-ROM Device Driver;C:\VCdRom.sys [19/12/2001 11:45 8576]
R2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [08/07/2009 20:27 101936]
S2 gupdate1c98a3d9e74b4a8;Google Update Service (gupdate1c98a3d9e74b4a8);c:\program files\Google\Update\GoogleUpdate.exe [08/02/2009 23:35 133104]
S3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\drivers\hdjctrl.sys [20/10/2007 15:57 11008]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [20/10/2007 15:57 39296]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [18/10/2008 11:52 18432]
.
Contents of the 'Scheduled Tasks' folder

2009-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-24 10:36]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 22:35]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 22:35]

2009-07-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Steven.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-10-21 12:13]

2009-07-08 c:\windows\Tasks\Norton PC Checkup Weekday Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]

2009-07-05 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]
.
.

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by foster2k6 on Thu Jul 09, 2009 7:59 pm

------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
IE: &SHOUTcast Search - c:\documents and settings\All Users\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\winhelper.dll
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - [You must be registered and logged in to see this link.]
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - [You must be registered and logged in to see this link.]
DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} - [You must be registered and logged in to see this link.]
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - [You must be registered and logged in to see this link.]
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} - [You must be registered and logged in to see this link.]
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\drdi6wte.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\drdi6wte.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\runescape\java\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\runescape\java\bin\new_plugin\npjp2.dll
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Aquairum = c:\program files\USB Aquarium\Aquarium.exe?s?????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1996885673-139178621-49509670-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
d:\runescape\bin\TortoiseStub.dll
d:\runescape\bin\TortoiseSVN.dll
d:\runescape\bin\intl3_tsvn.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\windows\system32\winupdate.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
d:\runescape\java\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
d:\runescape\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2009-07-09 20:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-09 19:30
ComboFix2.txt 2009-07-09 18:28

Pre-Run: 2,704,015,360 bytes free
Post-Run: 2,666,856,448 bytes free

354 --- E O F --- 2009-06-11 02:01

foster2k6
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-07-04
OS OS : Windows XP
Points Points : 27146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown - can't access certain websites

Post by Belahzur on Thu Jul 09, 2009 8:15 pm

Hello.
This malware doesn't want to die, something is regenerating it and downloading more rubbish.

Lets cut the internet connection. Your going to need to use a USB stick and another machine to post the logs from, because we have to stop this. Take the ethernet wire out of the back, or if it's wireless, disable the wireless temporarily.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\winupdate.exe
c:\windows\system32\lspktg.dll
c:\windows\system32\win32room.exe
c:\windows\system32\win32z.exe

Folder::
c:\program files\AdvancedVirusRemover
c:\program files\drv

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced Virus Remover"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"

DDS::
LSP: c:\windows\system32\winhelper.dll
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - [You must be registered and logged in to see this link.]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum