Jump to content

charliedeanmurray

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I have created a new thread in this section with the attached log files. so there is no need to respond to this one. Sorry for any confusion!
  2. Hi, i posted earlier regarding the XP home security 2012 malware. I now have the log files that i can get so i thought i would post a new thread. I can run any anti virus or anti malware software. It has turned off the real windows firewall and disabled windows virus protection. Everytime i attempt to use firefox or ie it just redirects me back to the xp home security 2012 malware. I have followed "im infected - what do i do now?" as best i can given what the computer will allow me to do. I cant install MBAM, everytime i go to run the installer it either doesnt respond at all, or it brings up the malware program. Hence i cannot get the mbam log to post on here. I have run the defogger program without a problem. Here is the DDS log: DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by My Computer at 22:28:13 on 2011-06-12 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.894.407 [GMT 1:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\STacSV.exe svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Documents and Settings\My Computer\Application Data\dwm.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Documents and Settings\My Computer\Application Data\Microsoft\conhost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\csrss.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\WINDOWS\system32\AESTFltr.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Documents and Settings\My Computer\Local Settings\Application Data\mus.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.stonebridgegroup.co.uk/ uSearch Page = hxxp://www.bing.com uSearch Bar = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766} uInternet Settings,ProxyServer = http=127.0.0.1:64848 mSearchAssistant = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766} uWinlogon: Shell=explorer.exe,c:\documents and settings\my computer\application data\dwm.exe uWindows: load=c:\docume~1\mycomp~1\locals~1\temp\csrss.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [iSUSPM] "c:\documents and settings\all users\application data\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [nwiz] nwiz.exe /installquiet mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [conhost] c:\documents and settings\my computer\application data\microsoft\conhost.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL LSP: %SYSTEMROOT%\system32\nvLsp.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{8CA38FE2-4368-474A-9391-3E6A03B93FB6} : DhcpNameServer = 194.168.4.100 194.168.8.100 Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\my computer\application data\mozilla\firefox\profiles\ccjfbxif.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.stonebridgegroup.co.uk/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 64848 FF - prefs.js: network.proxy.type - 1 FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-11-22 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-11-22 27784] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2010-11-22 297752] R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13 24576] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-11 113664] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-6-26 56992] R3 usbsmi;HP Webcam-50;c:\windows\system32\drivers\SMIksdrv.sys [2010-11-22 173952] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-22 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-22 136176] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rtsustor.sys --> c:\windows\system32\drivers\RtsUStor.sys [?] S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . . ============= FINISH: 22:28:55.01 =============== I have attached the ark (GMER) log and the "attach" log to this thread too in a zip folder. attach-ark.zip Any help would be greatly appreciated as its a friends computer i have borrowed and have to return it in 2 days! kind regards charlie (i will delete/update the other thread so as to not cause confusion!
  3. Hi, the xp home security malware managed to get downloaded onto my computer. It has disabled the actual windows anti virus and firewall and i cant switch them back on. It wont allow me to open the AVG software. It wont allow me to run avg installer either, nor the malwarebytes installer. when i go onto the internet on both internet explorer and firefox it keeps coming up with a page saying there has been a security threat. Whenever i go to go on any website it just comes up with the same page. If i can download the logs and post them up on here would someone be able to help me install malwarebytes and fix my computer?? Best regards Charlie
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.