Jump to content

Josh E

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. MBAM runs and comes up clean...Thanks for everything Blade!
  2. Hello Blade, The log comes back as: -c----w- 11,776 2004-08-04 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\regsvr32.exe -c----w- 11,776 2008-04-14 00:12:32 C:\WINDOWS\ServicePackFiles\i386\regsvr32.exe Entries: 2 (2) Directories: 0 Files: 2 Bytes: 23,552 Blocks: 46
  3. I deleted the noted files and uninstalled/reinstalled MBAM but I'm still getting VB errors . Maybe it just wasn't meant to be
  4. Hello again, Ran everything above and still get VB error when running MBAM. Kaspersky picked up something that AVG has never picked up. I don't know if it cleaned it out either. Attach.zip
  5. Apologies, forgot to hit attach DDS.zip DDS.zip
  6. Attached is the ComboFix log and new DDS/Attach logs Thank you very much for all of your help so far.
  7. All 3 files are attached. I've also noted an issue when starting up. It takes about 10 minutes to act "normal", but something is stalling the startup of my computer. I can start programs from my desktop easily...most easily opened is process explorer and google chrome. if i try and open up programs from the start menu or icons near the clock, it causes the task bar becomes locked up and the programs do not open. also, if google chrome tries to open a popup, it crashes. after 10 minutes or so, i've noted process explorer says that imapi.exe and alg.exe start up, but imapi.exe is closed on its own...after that, the computer runs normally and all the programs i tried to open earlier now popup at the same time Attach.zip
  8. I got some fake antivirus popups. I attempted to just kill it by disabling everything in msconfig and deleting the funny named folder it was pointing to in the application data folder. I tried to install MB and I get a VB 0 and 440 error at installation and attempting to run it. The fixes I've tried are renaming application name, updating VB from microsoft and also the regsvr32 MBAM Fix.bat file (which gives me an error. regsvr32 is not in the system32, but regsvr32.ex_ is in the i386 folder?). I'm pretty sure I killed the original infection incorrectly, if at all. So any help would be appreciated. I ran a command line scan with AVG in safe mode, but it only came up with 69 locked files and no infections. Anyway, here's the HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:47:06 PM, on 5/19/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\fxssvc.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\cmd.exe C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1243366049084 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/...450/mcfscan.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 5641 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.