Jump to content

Budda2

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Everything posted by Budda2

  1. Budda2
    Hello, I am sorry to say that I had to reinstall my OS. After awhile I couldn't connect to the web with any of my installed browsers, FYI Firefox held in the longest. I was able to uninstall and reinstall both Avast and Malwarebytes as well as run a scan but could not update either nor could I run a boot scan in Avast. In the end I was unable to log on at all even in safe mode. Might as well close out the the post. Thanks anyway.
  2. Budda2
    Hello All, A few days ago I noticed that my Avast antivirus could not update. I also couldn't connect to Malwarebytes to update either. I have uninstalled and reinstalled both programs and checked my windows firewall to make sure both programs are allowed and still connect to update. The error that comes up is Program_error_updating 536870914,0, connection refused. Here is my last mbam log. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6705 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 6/19/2011 4:04:12 PM mbam-log-2011-06-19 (16-04-12).txt Scan type: Full scan (C:\|D:\|H:\|) Objects scanned: 447187 Time elapsed: 40 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) and my DDS DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24 Run by Administrator at 19:08:50 on 2011-06-22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1064 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\regsvr32.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/ uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - HP Print Enhancer BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Power2GoExpress] NA uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [RTHDCPL] RTHDCPL.EXE mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [RecGuard] c:\windows\sminst\RecGuard.exe mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301544399421 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62 TCP: Interfaces\{499F6F85-BFD0-4A4D-B8E1-9475EAE3814D} : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62 Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\lbcxei7y.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll . ============= SERVICES / DRIVERS =============== . R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-31 301528] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-31 19544] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-20 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-20 22712] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-31 371544] S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-31 42184] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-31 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-31 136176] . =============== Created Last 30 ================ . 2011-06-21 01:48:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-21 01:47:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-21 01:47:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-20 21:46:18 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-19 22:23:09 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-06-19 22:23:09 -------- d-----w- c:\windows\system32\wbem\Repository 2011-06-18 13:28:40 -------- d-----w- c:\program files\common files\Adobe(2) 2011-06-18 13:28:40 -------- d-----w- c:\program files\Adobe(2) 2011-06-17 21:36:15 105472 ------w- c:\windows\system32\dllcache\mup.sys . ==================== Find3M ==================== . 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet(3)(2).dll 2011-04-25 15:51:58 1168896 ----a-w- c:\windows\system32\urlmon(3)(2).dll 2011-04-25 15:51:58 105984 ----a-w- c:\windows\system32\url(3)(2).dll 2011-04-25 15:51:57 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-04-25 15:51:57 268288 ----a-w- c:\windows\system32\iertutil(2)(2).dll 2011-04-25 15:51:57 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll 2011-04-25 12:01:21 389120 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-10 22:44:34 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-04-10 22:44:33 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-03 03:37:29 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-04-03 03:37:29 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A513AB8] 3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008e[0x8A56A848] 5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-0[0x8A569030] kernel: MBR read successfully _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; } user != kernel MBR !!! . ============= FINISH: 19:09:41.84 =============== ark.zip attach.zip
  3. Budda2
    I added all of the above and still cannot connect. Also as a strange coincidence I was getting a balloon saying that I had no Firewall running when I started up, but my control panel says that my Windows firewall is running. I'm thinking infection!
  4. Budda2
    Hello all, Two days ago I noticed that my Avast Free edtion had stopped auto updating. I tried to manually connect and could not. I then tried to update Malwarebytes and could not do that either. I get this error, Program_error_updating 536870914,0 connection refused. I ran a quick scan with mbam and found this. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6705 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 6/18/2011 6:43:29 PM mbam-log-2011-06-18 (18-43-29).txt Scan type: Quick scan Objects scanned: 289049 Time elapsed: 15 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I still cannot connect either site. Any help would be appreciated. BTW I am running Windows XP. SP3
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.