Jump to content

CiTiBoY

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral

About CiTiBoY

  • Birthday 12/11/1969
  1. I do not plan to do another post on this topic as the firewall issue eventually led to XP crashing. I did not find the answer here nor did I try to find it elseware as I felt at the time MBAM updated to a new version causing the probllem. Now I have formatted the drive and attempted to reinstall but when the new install completes it ask for a password? I cannot believe a newly install version is asking for a password! And any of my known pw I use will not work.. anyone heard of this before? Anyway, you can close the book on the firewall problem in my case as it has crashed XP. Thanks anyway, CiTiBoY
  2. Guess there's no help here after all!
  3. Hi, did you try rebooting the computer to see if the connection is restored?

  4. Posted 25 December 2011 - 03:09 PM Hi, this is the second time I have posted a request for help with this problem, as you can see the date of the first post above. I guess maybe more techs are needed with so many problems arising? My firwall only works if turned on manually after reboot. Windows update and the running of msconfig were also blocked but I have since resolved those after scouring the net for info. The security center issue (Firewall) seems to be a tough one as no one has come up with a fix for to this point or I have not been able to locate the answer. I am considering running combofix although I am not experienced at reading the results or applying a fix. Another issue is this thing stopped some of my file associations from working and some of those cannot be repaired. For example start/run wmplayer gives an error 'wmplayer cannot be found' although it is still in the program files/windows mediaplayer folder. The strange part about this one is if a .mp3 or .avi file is left clicked and click on the wmplayer listed there it plays. If the wmplayer.exe file in the folder is double clicked wmplayer opens but is not operational. So, it appears this thing has infested the exe file til it only works if opened a certain way. Anyway, if someone has the answer I would really appreciate knowing what it is. Happy holidays to all, CiTiBoY
  5. I have this same problem and my firwall only works if turned on manually. Security center is disbled after reboot. Windows update and the running of msconfig were also blocked but I have since resolved those after scouring the net for info. The security center issue (Firewall) seems to be one that no one has come up with a fix for to this point. I am considering running combofix although I am not experienced at reading the results or applying a combofix. Another issue is this thing stopped some of my file associations from working and some of those cannot be repaired. For example start/run wmplayer gives an error 'wmplayer cannot be found' although it is still in the program files/windows mediaplayer folder. The strange part about this one is if a .mp3 or .avi file is left clicked and click on the wmplayer listed there it plays. If the wmplayer.exe file in the folder is double clicked wmplayer opens but is not operational. So, it appears this thing has moved the wmplayer or infested the exe file til it only works if opened a certain way. Anyway, if someone has the answer I would really appreciate knowing what it is. Happy holidays to all, CiTiBoY
  6. I have this problem and trust me it's not something you want to ignore, unless you want everything you do on the net to be open to whoever implanted this thig to begin with. I am running MBAM Pro and am still trying to find somone who can remove this thing permanently by the way, has anyone tried windows update since receiving this warning? Not only has it disabled the security center it disable windows update and infested several other programs. Start/run msconfig rssponse "msconfig cannot be found on the system" "windows update cannot proceed because security is disabled all these items are not a result of a fake trojan. Someone gets the answer to the seurity part I can't wait to hear the answer!! The other items I have resolved myself. Thanks for any help!
  7. Hi, I was advised after trying MBAM to remove a virus that has disable both windows updates and firewall in security center. It completely removed the security center from the services list along with the windows update listing. I was able to get the security center back on the services list but nothing I try restores the updates. BTW I am running the trial period of Malwarebytes which is suppose to be blocking all the time, apparently not? Not sure I want to pay for a program that will not stop this type of action. I appreciate any help you may be able to provide. Here is the dds text I was advised to post here: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by H B at 14:03:17 on 2011-12-23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1298 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . D:\PROGRA~1\AVG\AVG2012\avgrsx.exe D:\Program Files\AVG\AVG2012\avgcsrvx.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe D:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\RTHDCPL.EXE D:\Program Files\AVG\AVG2012\avgtray.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\PeerBlock\peerblock.exe svchost.exe D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe D:\Program Files\SUPERAntiSpyware\SASCORE.EXE D:\Program Files\AVG\AVG2012\avgwdsvc.exe D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe D:\WINDOWS\System32\svchost.exe -k HPZ12 D:\WINDOWS\system32\IoctlSvc.exe D:\WINDOWS\System32\svchost.exe -k HPZ12 D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe D:\WINDOWS\system32\svchost.exe -k imgsvc D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE D:\Program Files\Xobni\XobniService.exe D:\Program Files\AVG\AVG2012\avgnsx.exe D:\WINDOWS\system32\wscntfy.exe D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe D:\Program Files\AVG\AVG2012\AVGIDSAgent.exe D:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/ BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - d:\program files\techsmith\snagit 9\SnagItBHO.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - d:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - d:\program files\virtual account numbers\CitiVANHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg2012\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre1.6.0_05\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - d:\program files\paypal\paypal plug-in\PayPalHelper.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - d:\program files\paypal\paypal plug-in\OToolbar.dll TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\program files\techsmith\snagit 9\SnagItIEAddin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - d:\program files\virtual account numbers\CitiVANToolbar.dll uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe uRun: [PeerBlock] d:\program files\peerblock\peerblock.exe uRun: [LockMagic] g:\\lockmagic.exe -pnp mRun: [skyTel] SkyTel.EXE mRun: [RTHDCPL] RTHDCPL.EXE mRun: [AVG_TRAY] "d:\program files\avg\avg2012\avgtray.exe" mRun: [<NO NAME>] mRun: [startCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "d:\program files\ati\aticustomercare\ATICustomerCare.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [systemTray] SysTray.Exe mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRunServices: [Driver32] dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uPolicies-explorer: NoRecent DocsHistory = 1 (0x1) mPolicies-explorer: NoRecentDocuments = 1 (0x1) IE: Append Link Target to Existing PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: LockMagic - file://g:\\lockmagic.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - d:\program files\java\jre1.6.0_05\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: mswsock.dll DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: Interfaces\{56EE59B9-2DB4-4EA8-BA27-94E2331D81FF} : NameServer = 192.168.1.1 Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg2012\avgpp.dll Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: igfxcui - igfxdev.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;d:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592] R1 Avgldx86;AVG AVI Loader Driver;d:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;d:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016] R1 Avgtdix;AVG TDI Driver;d:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248] R1 SafDskNT;SafeHouse;d:\windows\system32\drivers\SafDskNT.sys [2009-12-7 78336] R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 AVGIDSAgent;AVGIDSAgent;d:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;d:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [2010-12-10 47640] R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-11 366152] R2 XobniService;XobniService;d:\program files\xobni\XobniService.exe [2010-10-21 62184] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;d:\windows\system32\drivers\l151x86.sys [2008-4-6 37376] R3 AVGIDSDriver;AVGIDSDriver;d:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608] R3 AVGIDSFilter;AVGIDSFilter;d:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272] R3 AVGIDSShim;AVGIDSShim;d:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720] R3 CH341;CH341WDM;d:\windows\system32\drivers\CH341WDM.SYS [2008-4-5 9600] R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2010-7-11 22216] R3 pbfilter;pbfilter;d:\program files\peerblock\pbfilter.sys [2010-7-23 19056] S0 pxww;pxww;d:\windows\system32\drivers\htls.sys --> d:\windows\system32\drivers\htls.sys [?] S2 BulkUsb;USB Scanner;d:\windows\system32\drivers\usbscan.sys [2008-4-6 15104] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\program files\logmein\x86\rainfo.sys --> d:\program files\logmein\x86\RaInfo.sys [?] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\d:\windows\system32\drivers\nsdriver.sys --> d:\windows\system32\drivers\NSDriver.sys [?] S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\d:\windows\system32\drivers\awrtpd.sys --> d:\windows\system32\drivers\AWRTPD.sys [?] S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\d:\windows\system32\drivers\awrtrd.sys --> d:\windows\system32\drivers\AWRTRD.sys [?] S3 cpudrv;cpudrv;d:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336] S3 JBIA;JBIA;d:\docume~1\hb0166~1\locals~1\temp\jbia.exe --> d:\docume~1\hb0166~1\locals~1\temp\JBIA.exe [?] S3 MatSvc;Microsoft Automated Troubleshooting Service;d:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] S3 MBAMSwissArmy;MBAMSwissArmy;\??\d:\windows\system32\drivers\mbamswissarmy.sys --> d:\windows\system32\drivers\mbamswissarmy.sys [?] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;d:\windows\system32\drivers\nvhda32.sys --> d:\windows\system32\drivers\nvhda32.sys [?] S3 rkhdrv40;Rootkit Unhooker Driver; [x] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2011-12-23 01:58:33 -------- d-----w- d:\documents and settings\h b\local settings\application data\FixItCenter 2011-12-23 01:55:37 -------- d-----w- d:\windows\MATS 2011-12-23 01:55:37 -------- d-----w- d:\program files\Microsoft Fix it Center 2011-12-16 15:13:23 -------- d-s---w- d:\documents and settings\h b\local settings\application data\Temporary Internet Files 2011-12-14 20:56:23 -------- d-----w- D:\Macromedia 2011-12-13 17:17:19 -------- d-----w- d:\program files\SUPERAntiSpyware 2011-12-13 17:07:33 -------- d-----w- d:\documents and settings\h b\application data\SUPERAntiSpyware.com 2011-12-13 17:07:33 -------- d-----w- d:\documents and settings\all users\application data\SUPERAntiSpyware.com 2011-12-13 15:28:01 62976 -c--a-w- d:\windows\system32\dllcache\cdrom.sys 2011-12-13 15:28:01 62976 ----a-w- d:\windows\system32\drivers\cdrom.sys 2011-12-13 13:31:03 -------- d-----w- d:\documents and settings\h b\application data\AVG 2011-12-13 13:09:58 -------- d-----w- d:\documents and settings\h b\application data\AVG10 2011-12-11 23:39:26 -------- d-----w- d:\windows\system32\wbem\repository\FS 2011-12-11 23:39:26 -------- d-----w- d:\windows\system32\wbem\Repository 2011-12-06 15:15:27 -------- d-sh--r- d:\documents and settings\h b\2397-5973-7874-8623 . ==================== Find3M ==================== . 2011-12-08 13:44:12 2828 --sha-w- d:\documents and settings\all users\application data\KGyGaAvL.sys 2011-11-11 19:53:05 414368 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-10 14:22:41 692736 ----a-w- d:\windows\system32\inetcomm.dll 2011-10-07 11:23:48 230608 ----a-w- d:\windows\system32\drivers\avgldx86.sys 2011-10-04 11:21:42 16720 ----a-w- d:\windows\system32\drivers\AVGIDSShim.sys 2011-09-28 07:06:50 599040 ----a-w- d:\windows\system32\crypt32.dll 2011-09-26 15:41:20 611328 ----a-w- d:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- d:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- d:\windows\system32\oleaccrc.dll . ============= FINISH: 14:04:04.90 =============== attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.