Jump to content

Help Me Please

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Help Me Please
    bump I can only start Windows in debugging mode (not safe mode, normally, or last known good configuration) and I'm now noticing that when Firefox is open, new tabs will randomly open and go to some random site. Any assistance in working out a solution would be greatly appreciated as my system is functioning very poorly. Thank you.
  2. Help Me Please
    I now have Hijackthis and MBAM logs to post. I was able to get Windows running by starting it in debugging mode. (edit: MBAM log not included as it makes my message too long to post) so it's attached to this HIJACK THIS LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:55:39 PM, on 11/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\notepad.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5596 bytes mbam_log_2009_11_11__20_08_25_.txt
  3. Help Me Please
    This afternoon my computer somehow got infected with Windows System Defender. I updated Malwarebytes Anti-malware and ran a scan. It found over 700 infected items...all seemingly related to the System Defender infection. I selected all the items and told Malwarebytes Anti-malware to remove all selected, which seemed to work fine. Then when I restarted the computer Windows would not start. It begins loading but then goes to a black screeen that gives me several options (start in safe mode, last good configuration, start normally). No matter which option I try, it goes back to starting windows and then back to this screen. I have tried loading in safe mode, last know good configuration and load windows normally and none of them work. This is very concerning as I essentially don't have a computer now (I'm writing this from a different computer) as I can't get Windows XP to start up. Any help or advice on how to get my machine up and running again would very much be appreciated. Cheers
  4. Help Me Please
    Everything seems to be running fine, far as I can tell. Thanks so much for all the assistance!
  5. Help Me Please
    Any further instructions?
  6. Help Me Please
    MBAM log: Malwarebytes' Anti-Malware 1.41 Database version: 2969 Windows 5.1.2600 Service Pack 3 10/15/2009 3:40:54 PM mbam-log-2009-10-15 (15-40-54).txt Scan type: Quick Scan Objects scanned: 88899 Time elapsed: 3 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:41:44 PM, on 10/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5718 bytes
  7. Help Me Please
    Hi, sorry I didn't see your reply earlier. DDS.txt follows and attach.txt has been zipped and attached. These are from the 2nd time running DDS as I was a bonehead and forgot to save the .txt files before closing them the first time. DDS (Ver_09-09-29.01) - NTFSx86 Run by ROCK at 23:19:21.68 on Fri 10/09/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1481 [GMT -7:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe svchost.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\ROCK\Desktop\dds.scr C:\Documents and Settings\ROCK\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe StartupFolder: c:\docume~1\rock\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\rock\applic~1\mozilla\firefox\profiles\5et3pf85.default\ FF - prefs.js: browser.startup.homepage - hxxp://gmail.com FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-8 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-8 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-8 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-10-8 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-8 297752] =============== Created Last 30 ================ 2009-10-08 21:06 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-10-08 18:01 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-10-08 18:01 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-10-08 18:01 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-10-08 18:00 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-10-08 18:00 <DIR> --d----- c:\program files\AVG 2009-10-08 18:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2009-10-08 17:12 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-08 17:12 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-08 17:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-08 17:08 <DIR> --d----- c:\windows\system32\appmgmt 2009-10-07 17:53 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-29 12:44 <DIR> a-dshr-- C:\cmdcons 2009-09-29 12:43 229,888 a------- c:\windows\PEV.exe 2009-09-29 12:43 161,792 a------- c:\windows\SWREG.exe 2009-09-29 12:43 98,816 a------- c:\windows\sed.exe 2009-09-28 18:23 <DIR> --d----- c:\program files\Trend Micro 2009-09-28 17:56 <DIR> --d-h--- c:\windows\PIF 2009-09-28 17:53 <DIR> --d----- c:\docume~1\rock\applic~1\Malwarebytes 2009-09-28 15:09 <DIR> --d----- c:\program files\common files\Control Panels 2009-09-28 14:12 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-09-25 12:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-09-25 10:43 <DIR> --d----- c:\program files\Pure Networks 2009-09-22 10:47 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys 2009-09-22 10:47 15,104 a------- c:\windows\system32\drivers\usbscan.sys 2009-09-22 10:47 5,632 a------- c:\windows\system32\ptpusb.dll 2009-09-22 10:47 159,232 a------- c:\windows\system32\ptpusd.dll ==================== Find3M ==================== 2009-09-02 23:25 722,416 a------- c:\windows\system32\drivers\sptd.sys 2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll ============= FINISH: 23:19:29.03 =============== Thank you for your help! And have a good weekend. Cheers Attach.zip
  8. Help Me Please
    I didn't have the proper permissions set for Hijackthis but I fixed that. Hijackthis log follows: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:30:43 PM, on 10/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5349 bytes
  9. Help Me Please
    Hello and thanks for your assistance! The ComboFix and MBAM logs follow. I still cannot run Hijack This, even after reinstalling. I get a 'may not have appropriate permissions' error. I can't seem to delete or uninstall Hijack this either. MBAM log: Malwarebytes' Anti-Malware 1.41 Database version: 2927 Windows 5.1.2600 Service Pack 3 10/8/2009 5:15:06 PM mbam-log-2009-10-08 (17-15-06).txt Scan type: Quick Scan Objects scanned: 87480 Time elapsed: 2 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix log: ComboFix 09-10-07.05 - ROCK 10/08/2009 16:52.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1664 [GMT -7:00] Running from: c:\documents and settings\ROCK\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\ROCK\Desktop\CFscript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\win32k.sys . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\aec.sys --> c:\windows\system32\drivers\aec.sys . ((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 ))))))))))))))))))))))))))))))) . 2009-10-08 00:53 . 2009-10-08 00:52 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-03 07:46 . 2009-10-03 07:46 -------- d-----w- c:\documents and settings\ROCK\Local Settings\Application Data\Installer2812 2009-10-03 07:39 . 2009-10-03 07:39 -------- d-----w- c:\documents and settings\ROCK\Local Settings\Application Data\Installer3716 2009-09-29 01:23 . 2009-09-29 01:23 -------- d-----w- c:\program files\Trend Micro 2009-09-29 00:56 . 2009-09-29 19:48 -------- d--h--w- c:\windows\PIF 2009-09-29 00:53 . 2009-09-29 00:53 -------- d-----w- c:\documents and settings\ROCK\Application Data\Malwarebytes 2009-09-29 00:53 . 2009-09-29 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-28 22:09 . 2009-09-28 22:09 -------- d-----w- c:\program files\Common Files\Control Panels 2009-09-28 21:12 . 2009-09-28 21:12 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-25 19:14 . 2009-09-25 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-25 17:54 . 2008-05-16 13:10 23992 ----a-w- c:\windows\system32\drivers\pnarp.sys 2009-09-25 17:53 . 2008-05-16 13:10 25272 ----a-w- c:\windows\system32\drivers\purendis.sys 2009-09-25 17:53 . 2009-09-25 17:53 -------- d-----w- c:\program files\Common Files\Pure Networks Shared 2009-09-25 17:43 . 2009-09-25 17:43 -------- d-----w- c:\program files\Pure Networks 2009-09-22 17:47 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-09-22 17:47 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-09-22 17:47 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-09-22 17:47 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-09-22 17:32 . 2009-10-08 23:50 -------- d-----w- c:\documents and settings\ROCK\Application Data\OpenOffice.org2 2009-09-09 16:51 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-08 21:52 . 2009-09-01 16:24 -------- d-----w- c:\documents and settings\ROCK\Application Data\vlc 2009-10-08 21:05 . 2009-03-25 05:14 -------- d-----w- c:\program files\JavaBBowl 2009-10-08 00:52 . 2008-08-01 17:53 -------- d-----w- c:\program files\Java 2009-10-03 16:53 . 2008-07-31 22:14 20464 ----a-w- c:\documents and settings\ROCK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-30 20:27 . 2009-08-10 23:51 -------- d-----w- c:\program files\Wizards of the Coast 2009-09-30 19:53 . 2009-08-28 10:01 -------- d-----w- c:\documents and settings\ROCK\Application Data\BSW 2009-09-28 22:01 . 2008-07-31 22:29 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-25 19:40 . 2008-07-31 22:20 -------- d-----w- c:\program files\CCleaner 2009-09-25 17:42 . 2009-08-28 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks 2009-09-03 07:17 . 2009-09-03 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-09-03 07:08 . 2009-09-03 07:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM 2009-09-03 07:02 . 2009-09-03 07:02 -------- d-----w- c:\program files\Bonjour 2009-09-03 06:58 . 2009-09-03 06:58 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-09-03 06:31 . 2009-09-03 06:25 -------- d-----w- c:\documents and settings\ROCK\Application Data\DAEMON Tools Pro 2009-09-03 06:30 . 2009-09-03 06:28 -------- d-----w- c:\program files\DAEMON Tools Pro 2009-09-03 06:28 . 2009-09-03 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-09-03 06:25 . 2009-09-03 06:25 722416 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-09-03 03:16 . 2009-09-03 03:16 -------- d-----w- c:\documents and settings\ROCK\Application Data\Leadertech 2009-09-03 02:59 . 2009-08-10 23:51 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-03 02:55 . 2009-09-03 02:55 -------- d-----w- c:\program files\Common Files\InstallShield 2009-09-01 16:23 . 2009-09-01 16:23 -------- d-----w- c:\program files\VideoLAN 2009-09-01 06:36 . 2009-09-01 06:36 -------- d-----w- c:\documents and settings\ROCK\Application Data\.BitTornado 2009-09-01 06:33 . 2009-09-01 06:33 -------- d-----w- c:\program files\BitTornado 2009-08-28 00:42 . 2009-08-28 00:42 -------- d-----w- c:\program files\DIFX 2009-08-16 06:59 . 2009-08-16 06:59 -------- d-----w- c:\program files\MSBuild 2009-08-16 06:59 . 2009-08-16 06:59 -------- d-----w- c:\program files\Reference Assemblies 2009-08-10 23:51 . 2009-08-10 23:51 -------- d-----w- c:\documents and settings\ROCK\Application Data\Wizards of the Coast 2009-08-10 23:50 . 2009-08-10 23:50 -------- d-----w- c:\documents and settings\ROCK\Application Data\InstallShield 2009-08-07 02:24 . 2008-07-31 21:56 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 02:24 . 2008-07-31 21:56 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 02:24 . 2008-07-31 21:56 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 02:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 02:24 . 2008-07-31 21:56 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-07 02:24 . 2008-07-25 19:54 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 02:23 . 2008-07-31 21:56 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 02:23 . 2008-07-31 21:56 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2008-07-25 19:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2008-07-25 19:53 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-12 19:21 . 2008-07-25 20:01 233472 ----a-w- c:\windows\system32\wmpdxm.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-29_19.49.27 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-08 23:57 . 2009-10-08 23:57 16384 c:\windows\temp\Perflib_Perfdata_4d4.dat + 2009-10-03 16:54 . 2009-08-07 02:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2009-10-03 16:54 . 2009-08-07 02:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2008-07-31 21:56 . 2009-08-07 02:24 35552 c:\windows\system32\dllcache\wups.dll + 2008-07-31 21:56 . 2009-08-07 02:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2008-07-25 19:54 . 2009-08-07 02:24 96480 c:\windows\system32\dllcache\cdm.dll + 2008-08-01 17:53 . 2009-10-08 00:52 149280 c:\windows\system32\javaws.exe + 2008-08-01 17:53 . 2009-10-08 00:52 145184 c:\windows\system32\javaw.exe + 2008-08-01 17:53 . 2009-10-08 00:52 145184 c:\windows\system32\java.exe + 2008-07-31 21:56 . 2009-08-07 02:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2008-07-31 21:56 . 2009-08-07 02:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2008-07-31 21:56 . 2009-08-07 02:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2008-07-31 22:06 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\aec.sys + 2009-10-08 00:52 . 2009-10-08 00:52 537600 c:\windows\Installer\168c3ec.msi + 2008-07-31 14:45 . 2009-10-03 16:52 1427344 c:\windows\system32\FNTCACHE.DAT + 2008-07-31 21:56 . 2009-08-07 02:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2009-10-03 07:46 . 2009-10-03 07:46 1769984 c:\windows\Installer\74c3ea.msi + 2009-10-03 07:46 . 2009-10-03 07:46 1767424 c:\windows\Installer\74c3e0.msi + 2009-10-03 07:40 . 2009-10-03 07:40 1840640 c:\windows\Installer\74c3db.msi + 2009-10-03 07:39 . 2009-10-03 07:39 1768448 c:\windows\Installer\74c37e.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-08 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248] c:\documents and settings\ROCK\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "idsvc"=3 (0x3) "Bonjour Service"=2 (0x2) "nmservice"=2 (0x2) "nmraapache"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\BitTornado\\btdownloadgui.exe"= "c:\\Program Files\\Java\\jre1.6.0_04\\bin\\javaws.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service . Contents of the 'Scheduled Tasks' folder 2009-09-28 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-10 05:18] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html FF - ProfilePath - c:\documents and settings\ROCK\Application Data\Mozilla\Firefox\Profiles\5et3pf85.default\ FF - prefs.js: browser.startup.homepage - hxxp://gmail.com FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-08 16:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\program files\OpenOffice.org 2.4\program\soffice.exe c:\program files\OpenOffice.org 2.4\program\soffice.bin c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . ************************************************************************** . Completion time: 2009-10-08 17:01 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-09 00:01 ComboFix2.txt 2009-09-29 19:52 Pre-Run: 58,940,223,488 bytes free Post-Run: 60,001,234,944 bytes free 177 --- E O F --- 2009-09-24 15:34
  10. Help Me Please
    yes please!
  11. Help Me Please
    Hello...I posted my problem in a separate thread Infected but received no response so I read the threads where other people were experiencing similar problems and have since run Win32kdiag and ComboFix (renaming it as Combo-Fix). Combo-Fix seems to have found and restored an infected file but I read in other instructions not to install any new programs until someone on here has viewed the log and replied...as I am currently with my pants down (no antivirus program currently installed - see linked thread above) I would like to know if I can go ahead and reinstall AVG and Malwarebytes' Anti-Malware. Thanks in advance for your help. Cheers adambomb Win32kDiag.txt log.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.