Jump to content

CompConfusion

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Everything posted by CompConfusion

  1. As I mentioned in the PM the other night, my laptop is currently "symptom free" but I wanted to be sure the virus was completely gone. As well, it seems the virus symptoms come "back" when it's hooked up with my router box. When it's just hooked to the normal cable box, the symptoms seem to disappear. Is it possible for a "virus" to live in a router box? Very confused about that. As well, I wanted to be sure the virus/malware or whatever it is.. is gone for good?
  2. The Add-Remove Programs txt located in the Qoobox folder is as follows: Adobe Flash Player 10 ActiveX Adobe Shockwave Player Apple Application Support Apple Software Update Atheros Driver Installation Program AVG Free 9.0 Cards_Calendar_OrderGift_DoMorePlugout Compatibility Pack for the 2007 Office system Conexant HD Audio DVD Suite EA Link HDAUDIO Soft Data Fax Modem with SmartCP Hewlett-Packard Active Check Hewlett-Packard Asset Agent for Health Check Highlight Viewer (Windows Live Toolbar) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Doc Viewer HP DVD Play 3.6 HP Easy Setup - Frontend HP Help and Support HP Photosmart Essential 2.5 HP Quick Launch Buttons 6.40 B2 HP Smart Web Printing 4.60 HP Total Care Advisor HP Update HP User Guides 0093 HP Wireless Assistant HPNetworkAssistant HPPhotoSmartDiscLabel_PaperLabel HPPhotoSmartDiscLabel_PrintOnDisc HPPhotoSmartDiscLabel_Tattoo HPPhotoSmartDiscLabelContent1 hpphotosmartdisclabelplugin HPPhotoSmartPhotobookHolidayPack1 HPPhotoSmartPhotobookModernPack1 HPPhotoSmartPhotobookPlayfulPack1 HPPhotoSmartPhotobookScrapbookPack1 HPPhotoSmartPhotobookWebPack1 Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Intel® TV Wizard LabelPrint Malwarebytes' Anti-Malware Map Button (Windows Live Toolbar) Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works MSN MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee autoProducer 6.1 NetWaiting Power2Go PowerDirector PSSWCORE QuickPlay SlingPlayer 0.4.6 QuickTime Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB978380) Security Update for Microsoft Office Excel 2007 (KB978382) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB980470) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Smart Menus (Windows Live Toolbar) SmartWebPrinting Touch Pad Driver Update for 2007 Microsoft Office System (KB967642) Update for 2007 Microsoft Office System (KB981715) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 (KB974561) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (kb981433) VideoToolkit01 WeatherBug Gadget Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Upload Tool
  3. My Combo-Fix.txt is here: (am I anywhere close to being completely cured? I did notice there were deletions made) ComboFix 10-05-10.03 - Judy 11/05/2010 2:11.4.2 - x86 Microsoft
  4. As well, my latest MBAM log was as follows: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4084 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 09/05/2010 8:23:26 PM mbam-log-2010-05-09 (20-23-26).txt Scan type: Quick scan Objects scanned: 112055 Time elapsed: 7 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  5. Here is my new fresh DDS log DDS (Ver_10-03-17.01) - NTFSx86 Run by Judy at 22:53:46.08 on 10/05/2010 Internet Explorer: 8.0.6001.18904 Microsoft Attach.zip
  6. This was the Combo-Fix log that was generated. (I did have to restart before being able to access the internet again). My AVG is also not currently not functioning at all. Therefore, I just uninstalled it through control panel (it seemed useless to keep a non-functional antivirus on deck..) I am only using the internet to access this forum. So any further instructions would be highly appreciated. Symtoms are still the same after Combo-Fix. Google searches are still being redirected, access to antivirus/antimalware sites are being blocked and that annoying fake "Microsoft Windows Internet Security" window keeps popping up prompting for download ComboFix 10-04-14.04 - Judy 15/04/2010 15:28:13.3.2 - x86 Microsoft
  7. I've encountered the same problem with GMER as before. It simply won't complete the scan. I've tried it in both normal and safe modes. Same issue. A window pops up that claims an "unknown error as occured and GMER has to shut down" Ignore it, it won't continue scanning. Press enter, GMER disappears. No log can be generated... I did notice a difference in normal and safe mode though. When I double click the GMER icon on my desktop in normal mode, it scans (without me prompting it to scan) and displays the following items in a list format. Under the heading Type: Attached Device (for all four) Name: \Driver\tdx\Device IP \Driver\tdx\Device\Tcp \Driver\tdx\Device\Udp \Device\tdx\Device\Rawlp For Value: avgtix.sys {AVG Network Connection Watcher/AVG Technologies CZ.SR.0} I'm not sure if that's important at all. After these four items displays is when the "scan" buttom is actually available. Otherwise it is greyed out.
  8. I've completed Antvir and this was the summary/log at the end. (It was very short so I just typed it onto Word on another computer in the same household) The specific items you requested: there were 2 Records, 0 Suspect Files and 0 Warnings. The problems are still the same on my laptop. In fact, it seems worse now. Browser is extremely laggy and it seems the malware has blocked ninjacloak's access to this site as well. I'm on here with a different proxy site.. What next? "Antvir/Linux Version 2.1.12-265 Copyright © 2008 by Avira GmbH All rights reserved VDF version: 1.10.6.69 created 13 April 2010 Antvir license: 149995 for AntVir Rescue System checking the master boot record of drive 128 error (25): cannot read record Checking the master boot record of drive 129 error (2): cannot read record auto excluding /sys/ from scans (is a special fs) auto excluding /proc from scans (is a special fs) checking drive path (list):/media/Devices/media/Devices/sda1/HP/BIN/ENDProcess.exe.XXX Endprocess.exe.XXX <<< Contains detection pattern of the application APPL/Kill App.A not removeable /media/Devices/sda1/HP/HPQware/EasySetup/SetACL.exe.XXX ALERT:[APP/ACLSET]/media/Devices/sda1/HP/HPQware/EasySetup/SetACL.exe.XXX<<<contains detection pattern of the application APPL/ACLset not removeable ----Scan Results ---- Directories: 22847 Scanned Files 416499 alerts: 2 suspicious: 0 repaired:0 deleted: 0 renamed: 0 quarantined:0
  9. I followed the instructions as instructed. A User Account Control popup did occur before the black window popped up. In order for me to access the application, I did have to press enter. This message showed up TDSS rootkit removing tool. Kaspersky Lab, 2010 Version 2.2.8.1 Mar 22 2010 10:43:04 Scanning Services ..... Scanning Kernal Memory ..... Completed Results: Memory objects infected / cured / cured on reboot: 0 / 0 /0 Registry objected infected/cured/cured on reboot: 0/0/0 File objects infected /cured/cured on reboot: 0/0/0 Press any key to continue ... After I pressed (any key), the black window just disappeared. Therefore, no log was generated and I'm guessing that means Kaspersky Lab didn't detect anything? It seems like none of these programs are detecting anything for me.
  10. The SysProt scan root drive log is here: SysProt AntiRootkit v1.0.1.0 by swatkat ******************************************************************************** ********** ******************************************************************************** ********** Process: Name: [system Idle Process] PID: 0 Hidden: No Window Visible: No Name: System PID: 4 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\smss.exe PID: 416 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\csrss.exe PID: 484 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\wininit.exe PID: 528 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\csrss.exe PID: 540 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\services.exe PID: 572 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\lsass.exe PID: 584 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\lsm.exe PID: 600 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\winlogon.exe PID: 676 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\svchost.exe PID: 768 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\svchost.exe PID: 828 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\svchost.exe PID: 948 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\svchost.exe PID: 1008 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\svchost.exe PID: 1020 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\audiodg.exe PID: 1132 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\svchost.exe PID: 1152 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\SLsvc.exe PID: 1172 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\svchost.exe PID: 1216 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\svchost.exe PID: 1336 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\spoolsv.exe PID: 1648 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\svchost.exe PID: 1696 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\taskeng.exe PID: 1708 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\dwm.exe PID: 1756 Hidden: No Window Visible: Yes Name: C:\WINDOWS\explorer.exe PID: 1816 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\taskeng.exe PID: 292 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\igfxtray.exe PID: 492 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\hkcmd.exe PID: 564 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\igfxpers.exe PID: 672 Hidden: No Window Visible: No Name: C:\Program Files\Apoint2K\Apoint.exe PID: 756 Hidden: No Window Visible: No Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PID: 588 Hidden: No Window Visible: No Name: C:\Program Files\HP\QuickPlay\QPService.exe PID: 1016 Hidden: No Window Visible: No Name: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe PID: 1124 Hidden: No Window Visible: No Name: C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe PID: 1312 Hidden: No Window Visible: No Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe PID: 1332 Hidden: No Window Visible: No Name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PID: 1404 Hidden: No Window Visible: No Name: C:\Program Files\HP\HP Software Update\hpwuschd2.exe PID: 1444 Hidden: No Window Visible: No Name: C:\Program Files\Windows Sidebar\sidebar.exe PID: 1480 Hidden: No Window Visible: No Name: C:\WINDOWS\ehome\ehtray.exe PID: 1504 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG9\avgwdsvc.exe PID: 988 Hidden: No Window Visible: No Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PID: 124 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG9\avgnsx.exe PID: 444 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\svchost.exe PID: 2196 Hidden: No Window Visible: No Name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe PID: 2212 Hidden: No Window Visible: No Name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PID: 2276 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\svchost.exe PID: 2328 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\svchost.exe PID: 2356 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\SearchIndexer.exe PID: 2376 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\drivers\XAudio.exe PID: 2456 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG9\avgrsx.exe PID: 2540 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG9\avgchsvx.exe PID: 2548 Hidden: No Window Visible: No Name: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe PID: 2564 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG9\avgcsrvx.exe PID: 2676 Hidden: No Window Visible: No Name: C:\Program Files\Windows Media Player\wmpnscfg.exe PID: 3068 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\igfxsrvc.exe PID: 3204 Hidden: No Window Visible: No Name: C:\Program Files\Windows Media Player\wmpnetwk.exe PID: 3288 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe PID: 3412 Hidden: No Window Visible: No Name: C:\WINDOWS\ehome\ehmsas.exe PID: 3468 Hidden: No Window Visible: No Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe PID: 3504 Hidden: No Window Visible: No Name: C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe PID: 3820 Hidden: No Window Visible: No Name: C:\Program Files\Apoint2K\ApMsgFwd.exe PID: 3900 Hidden: No Window Visible: No Name: C:\Program Files\Apoint2K\ApntEx.exe PID: 3932 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\wbem\unsecapp.exe PID: 4088 Hidden: No Window Visible: No Name: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe PID: 876 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\conime.exe PID: 5736 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\SearchProtocolHost.exe PID: 4304 Hidden: No Window Visible: No Name: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE PID: 3584 Hidden: No Window Visible: No Name: C:\WINDOWS\System32\SearchFilterHost.exe PID: 4596 Hidden: No Window Visible: No Name: C:\Users\Judy\Desktop\SysProt\SysProt\SysProt.exe PID: 4880 Hidden: No Window Visible: Yes ******************************************************************************** ********** ******************************************************************************** ********** Kernel Modules: Module Name: \??\C:\Users\Judy\Desktop\SysProt\SysProt\SysProtDrv.sys Service Name: SysProtDrv.sys Module Base: AE41B000 Module End: AE426000 Hidden: No Module Name: C:\Windows\system32\ntkrnlpa.exe Service Name: --- Module Base: 81C0A000 Module End: 81FC3000 Hidden: No Module Name: C:\Windows\system32\hal.dll Service Name: --- Module Base: 81FC3000 Module End: 81FF6000 Hidden: No Module Name: C:\Windows\system32\kdcom.dll Service Name: --- Module Base: 80402000 Module End: 80409000 Hidden: No Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll Service Name: --- Module Base: 80409000 Module End: 80479000 Hidden: No Module Name: C:\Windows\system32\PSHED.dll Service Name: --- Module Base: 80479000 Module End: 8048A000 Hidden: No Module Name: C:\Windows\system32\BOOTVID.dll Service Name: --- Module Base: 8048A000 Module End: 80492000 Hidden: No Module Name: C:\Windows\system32\CLFS.SYS Service Name: CLFS Module Base: 80492000 Module End: 804D3000 Hidden: No Module Name: C:\Windows\system32\CI.dll Service Name: --- Module Base: 804D3000 Module End: 805B3000 Hidden: No Module Name: C:\Windows\system32\drivers\Wdf01000.sys Service Name: Wdf01000 Module Base: 8060C000 Module End: 80688000 Hidden: No Module Name: C:\Windows\system32\drivers\WDFLDR.SYS Service Name: --- Module Base: 80688000 Module End: 80695000 Hidden: No Module Name: C:\Windows\system32\drivers\acpi.sys Service Name: ACPI Module Base: 80695000 Module End: 806DB000 Hidden: No Module Name: C:\Windows\system32\drivers\WMILIB.SYS Service Name: --- Module Base: 806DB000 Module End: 806E4000 Hidden: No Module Name: C:\Windows\system32\drivers\msisadrv.sys Service Name: msisadrv Module Base: 806E4000 Module End: 806EC000 Hidden: No Module Name: C:\Windows\system32\drivers\pci.sys Service Name: pci Module Base: 806EC000 Module End: 80713000 Hidden: No Module Name: C:\Windows\System32\drivers\partmgr.sys Service Name: partmgr Module Base: 80713000 Module End: 80722000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\compbatt.sys Service Name: Compbatt Module Base: 80722000 Module End: 80725000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS Service Name: BattC Module Base: 80725000 Module End: 8072F000 Hidden: No Module Name: C:\Windows\system32\drivers\volmgr.sys Service Name: volmgr Module Base: 8072F000 Module End: 8073E000 Hidden: No Module Name: C:\Windows\System32\drivers\volmgrx.sys Service Name: volmgrx Module Base: 8073E000 Module End: 80788000 Hidden: No Module Name: C:\Windows\system32\drivers\intelide.sys Service Name: intelide Module Base: 80788000 Module End: 8078F000 Hidden: No Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS Service Name: --- Module Base: 8078F000 Module End: 8079D000 Hidden: No Module Name: C:\Windows\System32\drivers\mountmgr.sys Service Name: MountMgr Module Base: 8079D000 Module End: 807AD000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\iaStor.sys Service Name: iaStor Module Base: 8220B000 Module End: 822D3000 Hidden: No Module Name: C:\Windows\system32\drivers\atapi.sys Service Name: atapi Module Base: 822D3000 Module End: 822DB000 Hidden: No Module Name: C:\Windows\system32\drivers\ataport.SYS Service Name: --- Module Base: 822DB000 Module End: 822F9000 Hidden: No Module Name: C:\Windows\system32\drivers\msahci.sys Service Name: msahci Module Base: 822F9000 Module End: 82303000 Hidden: No Module Name: C:\Windows\system32\drivers\fltmgr.sys Service Name: FltMgr Module Base: 82303000 Module End: 82335000 Hidden: No Module Name: C:\Windows\system32\drivers\fileinfo.sys Service Name: FileInfo Module Base: 82335000 Module End: 82345000 Hidden: No Module Name: C:\Windows\System32\Drivers\ksecdd.sys Service Name: KSecDD Module Base: 82345000 Module End: 823B6000 Hidden: No Module Name: C:\Windows\system32\drivers\ndis.sys Service Name: NDIS Module Base: 85E01000 Module End: 85F0C000 Hidden: No Module Name: C:\Windows\system32\drivers\NETIO.SYS Service Name: --- Module Base: 85F37000 Module End: 85F72000 Hidden: No Module Name: C:\Windows\System32\drivers\tcpip.sys Service Name: Tcpip Module Base: 86003000 Module End: 860ED000 Hidden: No Module Name: C:\Windows\System32\drivers\fwpkclnt.sys Service Name: --- Module Base: 860ED000 Module End: 86108000 Hidden: No Module Name: C:\Windows\System32\Drivers\Ntfs.sys Service Name: Ntfs Module Base: 86208000 Module End: 86318000 Hidden: No Module Name: C:\Windows\system32\drivers\volsnap.sys Service Name: volsnap Module Base: 86318000 Module End: 86351000 Hidden: No Module Name: C:\Windows\System32\Drivers\spldr.sys Service Name: spldr Module Base: 86351000 Module End: 86359000 Hidden: No Module Name: C:\Windows\System32\Drivers\mup.sys Service Name: Mup Module Base: 86359000 Module End: 86368000 Hidden: No Module Name: C:\Windows\System32\drivers\ecache.sys Service Name: Ecache Module Base: 86368000 Module End: 8638F000 Hidden: No Module Name: C:\Windows\system32\drivers\disk.sys Service Name: disk Module Base: 8638F000 Module End: 863A0000 Hidden: No Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS Service Name: --- Module Base: 863A0000 Module End: 863C1000 Hidden: No Module Name: C:\Windows\system32\drivers\crcdisk.sys Service Name: crcdisk Module Base: 863C1000 Module End: 863CA000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\tunnel.sys Service Name: tunnel Module Base: 863D7000 Module End: 863E2000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\tunmp.sys Service Name: tunmp Module Base: 863E2000 Module End: 863EB000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\intelppm.sys Service Name: intelppm Module Base: 863EB000 Module End: 863FA000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys Service Name: CmBatt Module Base: 863FA000 Module End: 863FE000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\cpqbttn.sys Service Name: HBtnKey Module Base: 86200000 Module End: 86203000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS Service Name: --- Module Base: 861D0000 Module End: 861E0000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS Service Name: --- Module Base: 861E0000 Module End: 861E7000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys Service Name: WmiAcpi Module Base: 861E7000 Module End: 861F0000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\igdkmd32.sys Service Name: igfx Module Base: 89C01000 Module End: 8A20A000 Hidden: No Module Name: C:\Windows\System32\drivers\dxgkrnl.sys Service Name: DXGKrnl Module Base: 8A20A000 Module End: 8A2AB000 Hidden: No Module Name: C:\Windows\System32\drivers\watchdog.sys Service Name: --- Module Base: 8A2AB000 Module End: 8A2B7000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys Service Name: HDAudBus Module Base: 8A2B7000 Module End: 8A344000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\athr.sys Service Name: athr Module Base: 8A344000 Module End: 8A3FD000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys Service Name: usbuhci Module Base: 861F0000 Module End: 861FB000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS Service Name: --- Module Base: 85F72000 Module End: 85FB0000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\usbehci.sys Service Name: usbehci Module Base: 85FB0000 Module End: 85FBF000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\Rtnicxp.sys Service Name: RTL8023xp Module Base: 85FBF000 Module End: 85FD0000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys Service Name: i8042prt Module Base: 85FD0000 Module End: 85FE3000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HpqKbFiltr.sys Service Name: HpqKbFiltr Module Base: 86203000 Module End: 86208000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys Service Name: kbdclass Module Base: 85FE3000 Module End: 85FEE000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\Apfiltr.sys Service Name: ApfiltrService Module Base: 823B6000 Module End: 823E2000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mouclass.sys Service Name: mouclass Module Base: 85FEE000 Module End: 85FF9000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\cdrom.sys Service Name: cdrom Module Base: 823E2000 Module End: 823FA000 Hidden: No Module Name: C:\Windows\System32\Drivers\GEARAspiWDM.sys Service Name: GEARAspiWDM Module Base: 85FF9000 Module End: 85FFF000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys Service Name: iScsiPrt Module Base: 807AD000 Module End: 807DC000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\storport.sys Service Name: --- Module Base: 805B3000 Module End: 805F4000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\TDI.SYS Service Name: --- Module Base: 82200000 Module End: 8220B000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys Service Name: Rasl2tp Module Base: 807DC000 Module End: 807F3000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys Service Name: NdisTapi Module Base: 807F3000 Module End: 807FE000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys Service Name: NdisWan Module Base: 8A808000 Module End: 8A82B000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys Service Name: RasPppoe Module Base: 8A82B000 Module End: 8A83A000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\raspptp.sys Service Name: PptpMiniport Module Base: 8A83A000 Module End: 8A84E000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rassstp.sys Service Name: RasSstp Module Base: 8A84E000 Module End: 8A863000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\termdd.sys Service Name: TermDD Module Base: 8A863000 Module End: 8A873000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\swenum.sys Service Name: swenum Module Base: 8A873000 Module End: 8A875000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ks.sys Service Name: --- Module Base: 8A875000 Module End: 8A89F000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys Service Name: mssmbios Module Base: 8A89F000 Module End: 8A8A9000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\umbus.sys Service Name: umbus Module Base: 8A8A9000 Module End: 8A8B6000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys Service Name: kbdhid Module Base: 8A8B6000 Module End: 8A8BF000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\usbhub.sys Service Name: usbhub Module Base: 8A8BF000 Module End: 8A8F4000 Hidden: No Module Name: C:\Windows\System32\Drivers\NDProxy.SYS Service Name: NDProxy Module Base: 8A8F4000 Module End: 8A905000 Hidden: No Module Name: C:\Windows\system32\drivers\CHDRT32.sys Service Name: CnxtHdAudService Module Base: 8A905000 Module End: 8A93B000 Hidden: No Module Name: C:\Windows\system32\drivers\portcls.sys Service Name: --- Module Base: 8A93B000 Module End: 8A968000 Hidden: No Module Name: C:\Windows\system32\drivers\drmk.sys Service Name: --- Module Base: 8A968000 Module End: 8A98D000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HSXHWAZL.sys Service Name: HSXHWAZL Module Base: 8A98D000 Module End: 8A9CB000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys Service Name: HSF_DPV Module Base: 8B203000 Module End: 8B306000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys Service Name: winachsf Module Base: 8B306000 Module End: 8B3BB000 Hidden: No Module Name: C:\Windows\system32\drivers\modem.sys Service Name: Modem Module Base: 8B3BB000 Module End: 8B3C8000 Hidden: No Module Name: C:\Windows\System32\Drivers\Beep.SYS Service Name: Beep Module Base: 8B3D8000 Module End: 8B3DF000 Hidden: No Module Name: C:\Windows\System32\drivers\vga.sys Service Name: vga Module Base: 8B3DF000 Module End: 8B3EB000 Hidden: No Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS Service Name: --- Module Base: 8A9CB000 Module End: 8A9EC000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys Service Name: RDPCDD Module Base: 8B3EB000 Module End: 8B3F3000 Hidden: No Module Name: C:\Windows\system32\drivers\rdpencdd.sys Service Name: RDPENCDD Module Base: 8B3F3000 Module End: 8B3FB000 Hidden: No Module Name: C:\Windows\System32\Drivers\Npfs.SYS Service Name: Npfs Module Base: 8B60E000 Module End: 8B61C000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\rasacd.sys Service Name: RasAcd Module Base: 8B61C000 Module End: 8B625000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\tdx.sys Service Name: tdx Module Base: 8B625000 Module End: 8B63B000 Hidden: No Module Name: C:\Windows\System32\Drivers\avgtdix.sys Service Name: AvgTdiX Module Base: 8B63B000 Module End: 8B675000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\netbt.sys Service Name: netbt Module Base: 8B675000 Module End: 8B6A7000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\smb.sys Service Name: Smb Module Base: 8B6A7000 Module End: 8B6BB000 Hidden: No Module Name: C:\Windows\system32\drivers\afd.sys Service Name: AFD Module Base: 8B6BB000 Module End: 8B703000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\pacer.sys Service Name: PSched Module Base: 8B703000 Module End: 8B719000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\netbios.sys Service Name: NetBIOS Module Base: 8B719000 Module End: 8B727000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\wanarp.sys Service Name: Wanarp Module Base: 8B727000 Module End: 8B73A000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rdbss.sys Service Name: rdbss Module Base: 8B73A000 Module End: 8B776000 Hidden: No Module Name: C:\Windows\system32\drivers\nsiproxy.sys Service Name: nsiproxy Module Base: 8B776000 Module End: 8B780000 Hidden: No Module Name: C:\Windows\System32\Drivers\dfsc.sys Service Name: DfsC Module Base: 8B780000 Module End: 8B797000 Hidden: No Module Name: C:\Windows\System32\Drivers\avgmfx86.sys Service Name: AvgMfx86 Module Base: 8B797000 Module End: 8B79D000 Hidden: No Module Name: C:\Windows\System32\Drivers\avgldx86.sys Service Name: AvgLdx86 Module Base: 8B79D000 Module End: 8B7D1000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\hidusb.sys Service Name: HidUsb Module Base: 8B7D1000 Module End: 8B7DA000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\USBD.SYS Service Name: --- Module Base: 8B7DA000 Module End: 8B7DC000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mouhid.sys Service Name: mouhid Module Base: 8B7DC000 Module End: 8B7E4000 Hidden: No Module Name: C:\Windows\System32\Drivers\crashdmp.sys Service Name: --- Module Base: 8B7E4000 Module End: 8B7F1000 Hidden: No Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys Service Name: --- Module Base: 86108000 Module End: 861D0000 Hidden: Yes Module Name: C:\Windows\System32\drivers\Dxapi.sys Service Name: --- Module Base: 8B7F1000 Module End: 8B7FB000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\monitor.sys Service Name: monitor Module Base: A4602000 Module End: A4611000 Hidden: No Module Name: C:\Windows\system32\drivers\luafv.sys Service Name: luafv Module Base: A4611000 Module End: A462C000 Hidden: No Module Name: C:\Windows\system32\drivers\spsys.sys Service Name: --- Module Base: A462C000 Module End: A46DC000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\lltdio.sys Service Name: lltdio Module Base: A46DC000 Module End: A46EC000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\nwifi.sys Service Name: NativeWifiP Module Base: A46EC000 Module End: A4716000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys Service Name: Ndisuio Module Base: A4716000 Module End: A4720000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rspndr.sys Service Name: rspndr Module Base: A4720000 Module End: A4733000 Hidden: No Module Name: C:\Windows\system32\drivers\HTTP.sys Service Name: HTTP Module Base: A4733000 Module End: A47A0000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\srvnet.sys Service Name: srvnet Module Base: A47A0000 Module End: A47BD000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\bowser.sys Service Name: bowser Module Base: A47BD000 Module End: A47D6000 Hidden: No Module Name: C:\Windows\System32\drivers\mpsdrv.sys Service Name: mpsdrv Module Base: A47D6000 Module End: A47EB000 Hidden: No Module Name: C:\Windows\system32\drivers\mrxdav.sys Service Name: MRxDAV Module Base: A8007000 Module End: A8028000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys Service Name: mrxsmb Module Base: A8028000 Module End: A8047000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys Service Name: mrxsmb10 Module Base: A8047000 Module End: A8080000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys Service Name: mrxsmb20 Module Base: A8080000 Module End: A8098000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\srv2.sys Service Name: srv2 Module Base: A8098000 Module End: A80BF000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\srv.sys Service Name: srv Module Base: A80BF000 Module End: A810D000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys Service Name: mdmxsdk Module Base: A810D000 Module End: A8111000 Hidden: No Module Name: C:\Windows\system32\drivers\peauth.sys Service Name: PEAUTH Module Base: A8111000 Module End: A81EF000 Hidden: No Module Name: C:\Windows\System32\Drivers\secdrv.SYS Service Name: secdrv Module Base: A81EF000 Module End: A81F9000 Hidden: No Module Name: C:\Windows\System32\drivers\tcpipreg.sys Service Name: tcpipreg Module Base: A47EB000 Module End: A47F7000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\xaudio.sys Service Name: XAudio Module Base: A47F7000 Module End: A47FF000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\cdfs.sys Service Name: cdfs Module Base: AE405000 Module End: AE41B000 Hidden: No Module Name: C:\Windows\System32\Drivers\Null.SYS Service Name: Null Module Base: 8B3D1000 Module End: 8B3D8000 Hidden: No Module Name: C:\Windows\System32\Drivers\Msfs.SYS Service Name: Msfs Module Base: 8A9EC000 Module End: 8A9F7000 Hidden: No ******************************************************************************** ********** ******************************************************************************** ********** No SSDT Hooks found ******************************************************************************** ********** ******************************************************************************** ********** No Kernel Hooks found ******************************************************************************** ********** ******************************************************************************** ********** No IRP Hooks found ******************************************************************************** ********** ******************************************************************************** ********** Ports: Local Address: JUDY-PC:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: JUDY-PC:49156 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\System32\services.exe State: LISTENING Local Address: JUDY-PC:49155 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\System32\lsass.exe State: LISTENING Local Address: JUDY-PC:49154 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\System32\svchost.exe State: LISTENING Local Address: JUDY-PC:49153 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\System32\svchost.exe State: LISTENING Local Address: JUDY-PC:49152 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\System32\wininit.exe State: LISTENING Local Address: JUDY-PC:5357 Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: JUDY-PC:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: JUDY-PC:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\System32\svchost.exe State: LISTENING Local Address: JUDY-PC:52687 Remote Address: NA Type: UDP Process: C:\WINDOWS\System32\svchost.exe State: NA Local Address: JUDY-PC:SSDP Remote Address: NA Type: UDP Process: C:\WINDOWS\System32\svchost.exe State: NA Local Address: JUDY-PC:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: JUDY-PC:NETBIOS-NS Remote Address: NA Type: UDP Process: System State: NA Local Address: JUDY-PC:64659 Remote Address: NA Type: UDP Process: C:\WINDOWS\System32\svchost.exe State: NA Local Address: JUDY-PC:52688 Remote Address: NA Type: UDP Process: C:\WINDOWS\System32\svchost.exe State: NA Local Address: JUDY-PC:SSDP Remote Address: NA Type: UDP Process: C:\WINDOWS\System32\svchost.exe State: NA Local Address: JUDY-PC:LLMNR Remote Address: NA Type: UDP Process: C:\WINDOWS\System32\svchost.exe State: NA Local Address: JUDY-PC:IPSEC-MSFT Remote Address: NA Type: UDP Process: C:\WINDOWS\System32\svchost.exe State: NA Local Address: JUDY-PC:500 Remote Address: NA Type: UDP Process: C:\WINDOWS\System32\svchost.exe State: NA Local Address: JUDY-PC:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\System32\svchost.exe State: NA ******************************************************************************** ********** ******************************************************************************** ********** No hidden files/folders found Another question, should I be deleting these programs after using them.. or keeping them on my desktop for future use?
  11. There were no windows open when I ran the scan. It finished very quick, within 5. Not sure how helpful this will be but the GooredFix log that popped up said this: GooredFix by jpshortstuff (08.01.10.1) Log created at 10:39 on 12/04/2010 (Judy) Firefox version [unable to determine] ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ (none) [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [09:16 06/03/2009] "smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [23:16 08/01/2010] -=E.O.F=-
  12. The scan for RootRepeal won't complete. I've attempted to do it 3 times. It goes for a bit over an hour and then just stops and literally disappears. At first I thought it was because of the internet, so I disconnected that. The problem is still the same. Acks! What now?
  13. I've also done nothing with Trend Micro HJT results. I've never used it before so thought i'd be best if I just left it for you to instruct me further on what is "good" or "bad" files...
  14. Alright, after a super long scan, Dr.WebCureIt came up with nothing! Both Express and Complete scans came up empty. My log for CureIt is super super long though so I'm unable to "copy and paste" the entire thing without my browser crashing. I'm posting the last chunk of the log here showing that it detected nothing.. If you require the rest, let me know a better way to copy and paste it on here.. My HJT log and dilemna follows the bit from Dr.WebCureIt log.... Let me know what else I can do. It seems whatever this malware is, is literally "taking over my computer". Scan statistics ----------------------------------------------------------------------------- Scanned: 521904 Infected: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 198 Kb/s Scan time: 04:45:27 ----------------------------------------------------------------------------- ============================================================================= Total session statistics ============================================================================= Scanned: 554700 Infected: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 4 Kb/s Scan time: 05:22:03 ============================================================================= I have Vista and for some odd reason when I right clicked HiJack This on my desktop, it did not give me the option to "run as administrator" therefore when I started the scan, within 5 seconds I did get the notification reading: "For some reason, your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type: Notepad C:\Windows\System32\drivers\etc\hosts And press Enter. Find the line(s) Hijack This reports and delete them. Save this file as
  15. As per instructed, MBAM did not detect anything again just like the last few times. This is the log. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3975 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 10/04/2010 10:17:28 AM mbam-log-2010-04-10 (10-17-28).txt Scan type: Quick scan Objects scanned: 107072 Time elapsed: 6 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) This is giving me a headache. What is going on with my computer? I'm scared eventually this malware will manage to disable my access to the internet completely. Too bad, there's such a big time difference for us. It would be nice to coordinate a time when we could both be online at the same time so this could be resolved faster. Maniac, Thanks for your attempts at helping thus far. Greatly appreciated.
  16. Step 1: I originally ran Java.Ra and it deleted older version but then no log popped up and I could not find it anywhere. I ran it again as administrator and ths time there was a log but there were no older versions to delete so the Java.Ra log is as follows JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Apr 09 16:25:30 2010 ------------------------------------ Finished reporting. Step 2: Successfully removed ViewPoint Media Player with no problems. The other two were not present. Step 3: I was unable to complete this step possibly because of the malware that is blocking all anti-malware sites.. I got as far as clicking the Yes, I accept the terms of use, clicked on START and then nothing... the window that popped up remained a light blue/grey color with a yellow exclamation mark on the bottom left hand side of my browser. Clicking on that, all it said was something about an EOS error... can't remember the exact words. I tried to re-do step 3 but now I can't even reach the accepting of terms of use screen. (this is all through using NinjaCloak) Without NinjaCloak, the webpage http://www.eset.com/onlinescan/ results in the "Internet Explorer cannot display the webpage" window. Is there a plan B for step 3?
  17. I know how to "zip" up files but for whatever reason, when I'm on this site, I can't find anywhere to put attachments for my posts. In case it matters, I am accessing the forums through ninjacloak. Otherwise, this site is completely blocked off for me (along with all anti-malware/virus sites)
  18. Here is my new generated DDS and Attach txt. DDS DDS (Ver_10-03-17.01) - NTFSx86 Run by Judy at 1:29:05.18 on 09/04/2010 Internet Explorer: 8.0.6001.18882 Microsoft
  19. There was no Qoobox folder created though. Furthermore, I cannot find this "Add or Remove Programs.txt" you are referring to. Am I missing something?
  20. I've run and downloaded Combo-Fix without any problems. However, I was unable to locate the C:\Qoobox\ on my computer. It doesn't seem to have been created by ComboFix? This is my C\Combo-Fix.txt. Let me know if there would be another name for this "Qoobox"... ComboFix 10-04-07.04 - Judy 08/04/2010 17:07:21.1.2 - x86 Microsoft
  21. Thank you so much for responding! After my most recent scan with MBAM, the results were as follows. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3967 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 08/04/2010 2:47:30 AM mbam-log-2010-04-08 (02-47-30).txt Scan type: Quick scan Objects scanned: 105596 Time elapsed: 6 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  22. Hi, it's been over 48 hours now. Can someone PLEASE help me? I still haven't re-enabled DeFogger because there was a warning not to until my comp was fixed and malware free? Any assistance would be greatly appreciated. I simply don't understand how sites can be blocked and Windows isn't updateable anymore. MBAM and AVG both don't detect anything.
  23. I suspected there was a possible virus/malware/spyware problem on my computer when my browser would constantly redirect me to another website (usually something where I see google analytics in the address bar as it is loading). Not only that but I'd be constantly annnoyed by a false request Microsoft warning for an "online protection tool" that my computer needed. The AVG I was using failed to detect anything wrong. It got worse when I realized my Windows Update would simply not update generating an error code. I tried my usual methods but no luck. It's gotten so bad that now my internet won't even allow me to access any antivirus/antimalware sites at all. It's simply blocked. I don't understand. The only way I'm gaining access to sites like this is through ninja cloak (that disguises IP?) I've followed the instructions outlined in another post by a user with a similar problem. My results are as folllows. MBAM did detect 3 traces of trojan.agent the other and successfully removed them from what my logs tell me. The most recent MBAM scan I dd (which I had to redownload and rename in order for it to run/update) came out clean. The log is as folllows: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3947 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 02/04/2010 3:39:14 PM mbam-log-2010-04-02 (15-39-14).txt Scan type: Quick scan Objects scanned: 104762 Time elapsed: 5 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I ran DeFogger without any problems so CD Emulation is currently disabled DDS came out with the following DDS (Ver_10-03-17.01) - NTFSx86 Run by Judy at 3:25:52.36 on 02/04/2010 Internet Explorer: 8.0.6001.18882 Microsoft
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.