| View previous topic :: View next topic |
| Author |
Message |
Nantesnandare
I post too much
 Reputation: 0
Joined: 04 Sep 2008
Posts: 2231
Location: §Â£âǧ©
|
 Posted: Fri Oct 23, 2009 7:30 am Post subject: [HELP] Can't Update My Antivirus. |
 |
|
I can't go to antivirus websites and I can't update my antivirus anymore. 
Here is my scan log using hijackthis.
| Code: | Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:29 PM, on 10/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AHK BBCodeWriter\BBCodeWriter.exe
C:\WinApps\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [C3B029] C:\WINDOWS\system32\258A78\C3B029.EXE
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: C3B029.lnk = C:\WINDOWS\system32\258A78\C3B029.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Mr. Nice Guy\Desktop\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Dictionary - http://files.db3nf.com/scripts/ie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c91e3480e06bb6) (gupdate1c91e3480e06bb6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe |
_________________
...::: PARAMORE BAND :::...
| Hitler wrote: | | I'm a stupid faggot who fucked my grandmother 3x a day! |
|
|
| Back to top |
|
 |
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
| Posted: Fri Oct 23, 2009 10:07 am Post subject: |
|
|
Do a virus scan? You might also want to download Malware Bytes (if you can access the website).
O4 - HKLM\..\Run: [C3B029] C:\WINDOWS\system32\258A78\C3B029.EXE
O4 - Startup: C3B029.lnk = C:\WINDOWS\system32\258A78\C3B029.EXE
What are those?
|
|
| Back to top |
|
|
Karakawe
I post too much
 Reputation: 3
Joined: 17 Apr 2007
Posts: 3899
|
| Posted: Fri Oct 23, 2009 2:02 pm Post subject: |
|
|
| Quote: | O17 - HKLM\System\CCS\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187 |
Do you know that IP? And what are the symptoms on your computer?
Try to download and run antivirus (MBAM, other) in safe mode by mashing F8 after POST (when computer's turning on) and selecting Safe Mode with Networking.
|
|
| Back to top |
|
|
Saifallofjmr
Grandmaster Cheater Supreme
![]() Reputation: 4
Joined: 02 Apr 2007
Posts: 1450
|
| Posted: Fri Oct 23, 2009 2:44 pm Post subject: Re: [HELP] Can't Update My Antivirus. |
|
|
[quote="Nantesnandare"]I can't go to antivirus websites and I can't update my antivirus anymore.
Here is my scan log using hijackthis.
| Code: |
Running processes:
C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [C3B029] C:\WINDOWS\system32\258A78\C3B029.EXE
O4 - Startup: C3B029.lnk = C:\WINDOWS\system32\258A78\C3B029.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-O17 - HKLM\System\CCS\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187 |
Remove all of those asap.
_________________
|
|
| Back to top |
|
|
Nantesnandare
I post too much
Reputation: 0
Joined: 04 Sep 2008
Posts: 2231
Location: §Â£âǧ©
|
| Posted: Fri Oct 23, 2009 4:02 pm Post subject: |
|
|
| Haswell wrote: | Do a virus scan? You might also want to download Malware Bytes (if you can access the website).
O4 - HKLM\..\Run: [C3B029] C:\WINDOWS\system32\258A78\C3B029.EXE
O4 - Startup: C3B029.lnk = C:\WINDOWS\system32\258A78\C3B029.EXE
What are those? |
I don't know it just starts in my startup.  and it was located in System32. and I can't download malware bytes because I can't even go to their website. And Also my NOD32 last update is 3230 (20080701)
| Karakawe wrote: | | Quote: | O17 - HKLM\System\CCS\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187 |
Do you know that IP? And what are the symptoms on your computer?
Try to download and run antivirus (MBAM, other) in safe mode by mashing F8 after POST (when computer's turning on) and selecting Safe Mode with Networking. |
Ok I will try.
[quote="Saifallofjmr"]
| Nantesnandare wrote: | I can't go to antivirus websites and I can't update my antivirus anymore.
Here is my scan log using hijackthis.
| Code: |
Running processes:
C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [C3B029] C:\WINDOWS\system32\258A78\C3B029.EXE
O4 - Startup: C3B029.lnk = C:\WINDOWS\system32\258A78\C3B029.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-O17 - HKLM\System\CCS\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\..\{7AE5356E-FF91-4DC5-8B41-A251AD296E27}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187 |
Remove all of those asap. |
I will try to
_________________
...::: PARAMORE BAND :::...
| Hitler wrote: | | I'm a stupid faggot who fucked my grandmother 3x a day! |
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
