Mustang_Sally
Members-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Mustang_Sally
-
Can't download removal programs
Mustang_Sally replied to Mustang_Sally's topic in Resolved Malware Removal Logs
Thank-you so very much!! I think things are running fine now. Here is the log from NOD32... ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=9909393678047945974fc495022d025c # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-10-06 11:56:32 # local_time=2009-10-06 05:56:32 (-0600, Canada Central Standard Time) # country="Canada" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=1026 61 83 95 3463708262000 # compatibility_mode=5889 61 66 100 541018741753508 # scanned=224308 # found=0 # cleaned=0 # scan_time=3333 -
Can't download removal programs
Mustang_Sally replied to Mustang_Sally's topic in Resolved Malware Removal Logs
I hooked up another computer and downloaded Root Repeal & HijackThis. I put them on a memory stick and ran them from there. I was able to start Root Repeal, however, when I ran a scan, it seemed to be going very slow. It scanned for about 12 hours and it still wasn't done. I shut it down after that, so i don't have a log for Root Repeal. Below is my HijackThis log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:11:41 PM, on 05/10/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\WINDOWS\RtHDVCpl.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\schtasks.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\mobsync.exe C:\Windows\Explorer.exe C:\hp\kbd\kbd.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theweathernetwork.com/weather/CASK0176 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\PROGRA~1\KEYBOA~1\kie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - Startup: Keyboard Express 3.lnk = ? O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games -
Can't download removal programs
Mustang_Sally replied to Mustang_Sally's topic in Resolved Malware Removal Logs
I ran Combo Fix with the Notepad doc put in it. I then ran Malwarebytes. I tried to download Root Repeal and I was not able to. First I tried to save it in C:\Rootrepeal and I received this message, " You don't have permission to save in this location. Contact the administrtor to obtain permission." I then tried to download it to a different location. It appeared to download, but when I went to retrieved the file, it was not there. Combo Fix Log ComboFix 09-10-01.05 - Mitchell 02/10/2009 19:28.2.2 - NTFSx86 Microsoft -
Can't download removal programs
Mustang_Sally replied to Mustang_Sally's topic in Resolved Malware Removal Logs
I ran Combo Fix and attached the log. I tried to unistall HiJack This, however, I was not able to do so. It wouldn't allow me to run it either. ComboFix.txt -
Can't download removal programs
Mustang_Sally replied to Mustang_Sally's topic in Resolved Malware Removal Logs
I ran Win32diag. Hurray something ran After that, I reinstalled Malwarebytes and was able to run it. It found a few things. I tried to uninstall Hijack This, but it still wouldn't let me. So, I tried to run it... no go. I uninstalled/reinstalled Malwarebytes and scanned again.... it said no infections. My computer still won't download any programs and it gives the " Windows can not access the specified device, path, or file. You may not have the appropriate permissions to access the item" message. I didn't want to go too much further or try running any other programs until some one has look at my logs and gives a suggestion. I tried to post the Win32diag log, but i got an error that it was too long of a post. I have attached it now. Malwarebytes Log Malwarebytes' Anti-Malware 1.41 Database version: 2874 Windows 6.0.6001 Service Pack 1 29/09/2009 11:52:45 PM mbam-log-2009-09-29 (23-52-45).txt Scan type: Quick Scan Objects scanned: 92067 Time elapsed: 5 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\$Recycle.Bin\S-1-5-21-4152655313-2468411337-1519091781-1000\$RGYJFY0.exe (Rogue.MalwareScanner) -> Quarantined and deleted successfully. C:\WINDOWS\System32\cngaudit.dll (Trojan.Sirefef) -> Quarantined and deleted successfully. C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully. Malwarebytes Log 2nd Run Malwarebytes' Anti-Malware 1.41 Database version: 2876 Windows 6.0.6001 Service Pack 1 30/09/2009 9:09:31 AM mbam-log-2009-09-30 (09-09-31).txt Scan type: Quick Scan Objects scanned: 92102 Time elapsed: 5 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Win32kDiag.txt -
Hi there! I am running Vista Home Premium. I have Malwarebytes, but when I go to use it, it starts and then quickly disappears. When I try to use it again I get " Windows can not access the specified device, path, or file. You may not have the appropriate permissions to access the item" The same thing happens with Hijack This. I have tried to download other removal tools. It looks like they download, however, when I go to the saved location, they are no there. The last one i tried to download was RootRepeal and it didn't show up either. I have tried to rename mbam, but that didn't work. I set the exceptions for the 3 malwarebytes .exe files in AVG, didn't help. I am not getting any fake warning pop-ups. I do get browser redirects and it won't let me do windows updates for SP2. I'm not sure what to try next. Help!
-
Hello! I have been trying to fix my problems all day with out much success. After alot of reading and trying various solutions from the net I felt your forum would be the best place to get the help I need. I am running Vista Home Premium. I was able to download Malwarebytes today and it updated. I started the quick scan, the elapsed time counter goes to 1 and then the program disappears. There is no evidence of it running after that. Then when I try to start the program again, I get " Windows can not access the specified device, path, or file. You may not have the appropriate permissions to access the item" Several times I have uninstalled/reinstalled the program. I have tried re-naming it, but the same thing happens. I tried starting the program with a right click and "run as administrator" no luck. Other issues I am having are.... some google search results are redirected, windows updates won't let me install SP2. After Malwarebytes wouldn't run, I tried downloading 3 other anti-malware programs. It looked as if they downloaded, but when I went to the folder they were not there. I searched my computer and they were not found. At the end of the download it had a pop-up that said something about copying the files. I can't recall all that it said but it seemed like a step that didn't normally happen when I download something. I have AVG antivirus and it did not find any problems. I set the exceptions for the 3 malwarebytes .exe files in AVG and tried to scan again, but the same thing as mentioned above happened. I also downloaded Hijack This. It downloaded fine, but then when I went to run it, it started and disappeared. When I tried to start it again, i got the message "Windows can not access the specified device..." I tried to unistall Hijack This and it would not allow me to do that. I'm sure I have forgot to mention some of the things I have tried today, but hopefully that is enough info to give you an idea of what I am dealing with. I look forward to you reply.