Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Anti Virus cannot connect to update

This is a discussion on Anti Virus cannot connect to update within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi guys, my wife's computer is facing a problem. I just uninstalled Avast and installed Microsoft Essentials, but to my


Closed Thread
 
Thread Tools Search this Thread
Old 11-05-2011, 12:50 AM   #1
Registered Member
 
Join Date: Sep 2008
Posts: 3
OS: xp



Hi guys,

my wife's computer is facing a problem. I just uninstalled Avast and installed Microsoft Essentials, but to my surprise the programe cannot connect to update centre. I only get error code 0x80072efd. The same is with Ad aware and Spybot. Also, there are many microsoft sites, security related, I cannot access.

I couldn't acces Malwarebytes site eighter, so I downloaded the programme on my computer and installed it on wife's. The instalation went well, but when trying to update, there is again no connection error.

I scanned the computer with Malwarebytes, without updating it, and it found 9 trojans --> 2x Trojan.Agent and 7x Trojan.DNSchanger

There are also Firefox windows popping up - empty or with some advertising.

Is there anything else I can do?

Thank you

Log files:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Run by Pikapolonica at 20:43:19 on 2011-11-04
Microsoft Windows XP Home Edition 5.1.2600.3.1250.386.1033.18.2551.1727 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Twain_32\Samsung\SCX4600\Scan2pc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.si/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://search.imesh.com/sidebar.html?src=ssb
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://search.imesh.com/sidebar.html?src=ssb
mWinlogon: System=lsass.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imeshmediabartb\iMeshMediaBarDx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imeshmediabartb\iMeshMediaBarDx.dll
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [4600 Scan2PC] "c:\windows\twain_32\samsung\scx4600\Scan2pc.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\pikapo~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\pikapo~1\startm~1\programs\startup\izrezo~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{226BEEC2-EF65-4355-A8AC-8027F1FFB9EE} : NameServer = 85.255.112.111;85.255.112.77
TCP: Interfaces\{472B024D-5E42-4A52-9D48-831CE729D6FC} : NameServer = 85.255.112.111;85.255.112.77
TCP: Interfaces\{472B024D-5E42-4A52-9D48-831CE729D6FC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6F23CDCF-A69D-4B86-8D62-50BF83DCA511} : NameServer = 85.255.112.111;85.255.112.77
TCP: Interfaces\{6F23CDCF-A69D-4B86-8D62-50BF83DCA511} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B6E9725E-D4B0-408C-895B-83CAF540A8FB} : NameServer = 85.255.112.111;85.255.112.77
TCP: Interfaces\{D95FFB28-01A1-4F94-834C-08353DAB14F4} : NameServer = 85.255.112.111;85.255.112.77
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pikapolonica\application data\mozilla\firefox\profiles\6m42dsv8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/webResults.html?src=ffb&q=
FF - plugin: c:\documents and settings\pikapolonica\application data\mozilla\firefox\profiles\6m42dsv8.default\extensions\[email protected]\plugins\NP2020Player.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-5 64160]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-21 193840]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
S2 gupdate1c96b2db1cfceba;Google Update Service (gupdate1c96b2db1cfceba);c:\program files\google\update\GoogleUpdate.exe [2008-12-31 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2008-12-31 133104]
.
=============== Created Last 30 ================
.
2011-11-04 19:18:35 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-04 19:00:24 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-04 18:35:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-11-04 18:35:11 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-11-04 18:35:11 773080 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-11-04 18:35:11 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-11-04 18:35:11 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-11-04 18:35:11 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-11-04 18:35:11 1833944 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-11-04 18:35:11 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-10-29 17:51:20 -------- d-----w- c:\documents and settings\all users\application data\Samsung
.
==================== Find3M ====================
.
2011-08-30 14:57:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-09-19 17:02:29 19657194 ----a-w- c:\program files\vlc-1.1.4-win32.exe
.
============= FINISH: 20:43:46,03 ===============
Attached Files
File Type: zip attach.zip (5.0 KB, 16 views)
rockson is offline  
Sponsored Links
Advertisement
 
Old 11-05-2011, 01:02 AM   #2
Registered Member
 
Join Date: Sep 2008
Posts: 3
OS: xp



Update:
I have removed found trojans with Malwarebytes and restarted the computer. Now, I cannot connect to any web site.
rockson is offline  
Old 11-05-2011, 03:13 AM   #3
Registered Member
 
Join Date: Sep 2008
Posts: 3
OS: xp



Another update:
I restored the files, that had been quarantined because of trojans and now Malwarebytes is constantly preventing an outgoing connection to following IP-Adresses:
85.255.112.77
85.255.112.111
rockson is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Computer (Space rapidly dissapearing for no reason)
Old Thread Sidenote: I know i should have not downloaded or anything, but some things i did in the last day. -DL'ed kapersky and quarantined some trojans -Defraged Thankfully and fortuneatley, the dissapearance of data has stopped; however, i am still left with only 200 MB.
kimcheee Resolved HJT Threads 29 07-29-2011 01:56 PM
Lets try this one more time
Hello, Randomly after I start my computer (I'm probably connected to the internet too) windows shoots up "Generic Host for Win32 processes has encountered an error and needs to close". After that I receive svchost.exe - Application Errors (The instruction at "0x001a6f64" referenced memory at...
TheCommonUser Inactive Malware Help Topics 21 06-12-2011 11:10 AM
pc blocked
i installed a program ,winmate,and after that my problems started,if i try to open any application ,i get an error, and if i try to run my browser it crashes,so I can only use it in safe mode.I did a scan with antivir and i found an hidden object and 36 warning,now i get a clean report scan ,but my...
ladymushroom Resolved HJT Threads 25 05-10-2011 11:14 PM
Computer infected with malware;possibly a virus.
I performed a scan with Avira. It located two things: EXP/Javi.B and TR/Trash.Gen I also performed a Malwarebytes scan.It found Trojan.Hiloti The malware disabled my entire computer sound system. It takes literally 5 minutes to launch either of my browsers.I have IE8 & Firefox. The only way I...
fanny1234 Inactive Malware Help Topics 34 05-07-2011 08:49 PM
Random popups and site redirecting virus
Hello, I'm new to the forum and my problem is that I'm being redirected to unwanted sites like Tazinga or Binkx. I'm running Windows XP and my laptop is about 7 years old. Any help would be great! Here are the Hijack specc UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED,...
Hexamus Inactive Malware Help Topics 2 01-11-2011 08:15 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:42 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts