AVG, spybot 1.4 for years...then 1.5...now back w/1.4
behind router but no firewall
I have 3 different problems that seem to have a common source. A few weeks ago i installed the newest version of spybot 1.5 (1.4 had been on for quite some time previously)....shortly thereafter i also updated google desktop...
problem #1: After I updated Google Desktop I got (for the first time) this error when it tried to index my gmail account: "Unable to connect to Gmail. Possible firewall configuration issue. Please check that port 995 is not blocked by your firewall or contact your system administrator for help."....however i have no problem accessing Port 995 every time I check my gmail email account using Thunderbird. I am behind a router but since I get my POP gmail emails w/o any problem I can't believe it's the issue...plus I enabled port 995 forwarding on the router and it made no difference. No firewall software (though spybot does apparently block access to certain malware websites). Worked fine up until I upgraded to Google Desktop 5.5..now stepped back to 5.1 but problem persists..
problem #2: Citibank has 'virtual credit card number' software that used to work fine but no longer functions...it seems to use some aspects of IE to connect to www.citicards.com i can no longer connect to www.citicards.com via IE (pings from cmd also simply timeout) but i can connect to it via firefox no problem!! i wiped out all the extra spybot web addys from the hosts file (which is now 'empty')...and citicards.com was/iss not in the restricted sites list (which I've also wiped out just in case).
problem #3: Google Talk also cannot connect...'Connection to the Google Talk service was blocked.'...though I can connect to it via Jabber in Trillian...
....seems likely there's some common link between the above 3 connectivity problems...i'd like to blame spybot 1.5 but i've got it on another win2k machine w/o any of these problems...
i've run bruteforceunistaller, atf-cleaner, vundofix.exe, scanned w/AVG & spybot w/o any results, tried uninstalling/reinstalling spybot, disabling spybots IE malicious website blocking function (even though that shouldn't affect any of the above)...i don't think i have a current infection...but i suspect something is 'broken' perhaps from a prior one?
any advise???
p
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:40 AM, on 12/15/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\GEARSec.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\Serv-U\SERVUD~1.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINNT\system32\lexpps.exe
C:\Program Files\DeeEnEs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Switch Off\swoff.exe
C:\Program Files\Serv-U\ServUTray.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Mco\Mcov23b.exe
C:\Program Files\Soulseek\slsk.exe
C:\WINNT\tppaldr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trillian\trillian.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
O2 - BHO: (no name) - {329ABF66-A429-4ADC-AC5D-F3B069072536} - (no file)
O2 - BHO: (no name) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - (no file)
O2 - BHO: (no name) - {51F05A1D-C054-4FC9-AD6E-D4D858B30ECD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\NetXfer\NXIEHelper.dll
O2 - BHO: (no name) - {f97fb37c-2565-492f-bc1a-4b8f86e278b7} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [DeeEnEs] C:\Program Files\DeeEnEs.exe
O4 - HKCU\..\Run: [FG Time Sync] "C:\Program Files\FG Time Sync\FG Time Sync.exe" /a
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Switch Off] C:\Program Files\Switch Off\swoff.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\Serv-U\ServUTray.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Launch TightVNC Server.lnk = C:\Program Files\TightVNC\WinVNC.exe
O4 - Startup: Memory and CPU Observer 2.3 Personal (Beta).lnk = C:\Program Files\Mco\Mcov23b.exe
O4 - Startup: Soulseek.lnk = C:\Program Files\Soulseek\slsk.exe
O4 - Startup: tppaldr.exe.lnk = C:\WINNT\tppaldr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\NetXfer\NXAddLink.html
O8 - Extra context menu item: Download FLV files in this page with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadFLV.htm
O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.5.0_05) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0CEEFE-ED29-46F9-946C-7D123EA63DE8}: NameServer = 71.243.0.12,68.237.161.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ipngx5 - ipngx5.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: GEARSecurity_BackUp - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\PROGRA~1\Serv-U\SERVUD~1.EXE
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
--
End of file - 7883 bytes